Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Champion

Open Group Jericho Cloud Cube Model: Selecting Cloud Formations for Secure Collaboration

Hello all,

In my readings on Cloud Computing security, I have stumbled across the Jericho Cloud Cube security model from the Open Group. I've been clouding around a bit recently, yet this was the first I had heard of it.



  • Is this model still in use (v1 April 2009!)?
  • Are there more advanced or granular models (for example from CSA, NIST, ENISA, etc.)?
  • Are you aware of how TOGAF is progressing with security architecture in general and with cloud security architecture and architectural models?
  • I very much like the style of the white paper because it addresses business issues in a focused way and it eschews the cloud gobbledygook that cause many's eyes to glaze over in confusion and frustration. Have any of you used it or have it as a reference in your cloud security initiatives?


1 Reply
Contributor II

CCM uses four dimensions to describe different Cloud formations.


The model is a useful tool for categorizing Cloud services and, more importantly, in my opinion, for highlighting certain features of Cloud Computing models.


For example, a traditional Private Cloud could be viewed as in-sourced, internal, proprietary and perimeterised. However, a Private Cloud could also be outsourced, external, proprietary and perimeterised, if that Cloud service was to be hosted on the Cloud provider’s premises, but still dedicated to a single consumer. In this case, there is very little difference between an outsourced Private Cloud and a traditional outsourcing model.


So this conceptual model helps to understand consumers requirement.


my 2 cents






Chandra Mouli, CISSP, CCSP, CSSLP