1 Helix Nebula: Secure Brokering of Cloud Resources for escience Dr. Jesus Luna Garcia
2 Outline Background The Blue-Box architecture Security Goals and Requirements
3 Let s imagine
5 Why a Public-Private Partnership for escience? The scale and complexity of services needed to satisfy Europe s IT-intense scientific research & space organizations are beyond what can be provided by any single company. European escience requires the collaboration of a variety of service providers and SMEs!
6 Helix Nebula: big science teams up with big business Strategic Plan Establish a federated multi-tenant, multiprovider cloud infrastructure To support the computing capacity needs for the ATLAS experiment Setting up a new service to simplify analysis of large genomes, for a deeper insight into evolution and biodiversity To create an Earth Observation platform, focusing on earthquake and volcano research Identify and adopt policies for trust, security and privacy Create governance structure Define funding schemes Adopters
7 Long Term Goal To create a multi-tenant Open Market Place for Science, where data, scientists, funding bodies, SMEs and downstream industry meet to work towards common interests An ecosystem to transform data into valuable information
8 Timeline Endorse the Common Strategy Agree on the Partnership Select flagships use cases Define governance model Pilot Phase Deploy flagships, Analysis of functionality, performance & financial model Towards an open market for Science
9 Broker-based architecture: the Blue Box Each customer and supplier have a single connection to the Blue Box resulting in M + N relationships
10 What is a Cloud Broker? According to Gartner, Cloud Brokers may be classified 3 different categories as intermediaries between Cloud Providers and Cloud Consumers: 1) Cloud Service Intermediation: The broker provides added value to a cloud service, enhancing some capabilities or guaranties offered by the underlying cloud provider to cloud consumers. 2) Aggregation: The broker acts as an integrator, combining several Cloud Provider services into one, ensuring security and governance of data circulating between the composing services. 3) Cloud Service Arbitrage: The broker continuously attempts to select the best cloud provider based on price/feature considerations, potentially changing and migrating data between providers frequently.
11 Blue Box: Security Goals Baseline security policy across the HN federation. Secure data transfer between providers. Well-defined security service levels. Security assurance/transparency for cloud services. Centralized (continuous) security monitoring and incident response.
12 Security Service Levels "If you can not measure it, you can not improve it. Lord Kelvin ( ) It is uncommon for cloud providers to specify the security level associated with their products and services. This limits informed customer decisions on security offerings: Despite the belief that my cloud provider seems secure, is it actually secure enough for my needs? Is my (confidential) data in the cloud more secure than in my data center? How do I compare different cloud offers with regards to security and price? If it s so important, then why is cloud security not measured?
13 Security Service Levels What makes it hard to measure cloud security? All the possible threats are not known. Quantitative vs. Qualitative vs. Uncertainty Technology-specificity: measuring security in cloud computing has several challenges e.g., IaaS-PaaS-SaaS supply chains. How to reason about measured cloud security? Security aggregation: drawing (useful) conclusions based on 100+ security controls. Security negotiation and adaptation (e.g., automated incident response). Specifying/standardizing security parameters in Cloud SLA s.
14 Security Assurance/Transparency The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers.
15 CSA STAR: Security, Trust & Assurance Registry Launched in 2011, the CSA STAR is the first step in improving transparency and assurance in the cloud. The STAR is a publicly accessible registry that documents the security controls provided by cloud computing offerings Helps users to assess the security of cloud providers Searchable registry to allow cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences. It is based on a multilayered structure defined by Open Certification Framework Working Group
17 Blue Box: Security requirements (at a glance) Authentication, Authorization and Accountability Role Based Access Control e.g. for remote management interface. Accountability security-related logging, signed timestamping, WORM functionality. Data lifecycle Secure de-provisioning/deletion/decommissioning (degauss etc ) Specific data export/portability requirements (formats, time limits) Cryptography Key management Crypto hardware/acceleration Entropy/randomness sources. Incident and vulnerability management Incident response services and service levels Testing requirements (e.g. external pen-testing) Third party security services used, interfaces required. Legal/Policy/Compliance Certifications Sector-specific laws applicable (e.g. for healthcare data). Processing of personal data Location/jurisdiction-limitations Third parties/subcontractors Breach notification requirements Maximum, minimum data retention Purpose limitation.
18 The road ahead Solving the security challenges associated with cloud brokers. Legacy security services. Don t forget high performance!
19 Thank you! All Helix Nebula public documents are held in an open access repository: https://cds.cern.ch/search?cc=helix+nebula&ln=en&jrec=1
Cloud Service Level Agreement Standardisation Guidelines Brussels 24/06/2014 1 Table of Contents Preamble... 4 1. Principles for the development of Service Level Agreement Standards for Cloud Computing...
Private Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Cloud computing has completely transformed the way business organizations
1 October 2013 Cloud Security Whitepaper A Briefing on Cloud Security Challenges and Opportunities SINTEF ICT Software Engineering, Safety and Security Martin Gilje Jaatun, Per Håkon Meland, Karin Bernsmed
The Supply Chain Cloud YOUR GUIDE TO ContracTs Standards Solutions www.thesupplychaincloud.com 1 Contents European Commission page Unleashing the Potential of Cloud Computing 4 TRADE TECH Cloud Solutions
February 9, 2015 February 9, 2015 Page i Table of Contents General Characteristics... 1 Career Path... 3 Typical Common Responsibilities for the ure Role... 4 Typical Responsibilities for Enterprise ure...
BIG DATA WITHIN THE LARGE ENTERPRISE 9/19/2013 Navigating Implementation and Governance Purpose of Today s Talk John Adler - Data Management Group Madina Kassengaliyeva - Think Big Analytics Growing data
CALL FOR EVIDENCE ON PROPOSED EU DIRECTIVE ON NETWORK AND INFORMATION SECURITY Summary of Responses SEPTEMBER 2013 About this consultation To: All interested parties Duration: From 22/05/13 to 21/06/13
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
Meeting the Need for a Global Identity Management System in the Life Sciences Industry White Paper Authored by: June 2005 TABLE OF CONTENTS 1. INTRODUCTION... 3 2. EXECUTIVE SUMMARY... 4 3. WHY A GLOBAL
FRAUNHOFER RESEARCH INSTITUTION AISEC CLOUD COMPUTING SECURITY PROTECTION GOALS.TAXONOMY.MARKET REVIEW. DR. WERNER STREITBERGER, ANGELIKA RUPPEL 02/2010 Parkring 4 D-85748 Garching b. München Tel.: +49
Approach to Information Security Architecture Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera About TeliaSonera TeliaSonera provides network access and telecommunication services that help
A Guide to Implementing Cloud Services Better Practice Guide SEPTEMBER 2012 AGIMO is part of the Department of Finance and Deregulation Disclaimer This document has been prepared by AGIMO in consultation
Customer Cloud Architecture for Big Data and Analytics Executive Overview Using analytics reveals patterns, trends and associations in data that help an organization understand the behavior of the people
IBM Software Top tips for securing big data environments Why big data doesn t have to mean big security challenges 2 Top Comprehensive tips for securing data big protection data environments for physical,
The Indra Cloud proposal indracompany.com OUR PROPOSAL Innovative Driving force in the adoption of new technologies, such as social, mobile and analytics Functional Application-focused with migration tools
ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information
Public Consultation on Cloud Computing Public Consultation on Cloud Computing Creation date 30-08-2011 Last update date User name null Case Number 776993758361424211 Invitation Ref. Status N Language en
ITIL V3 Application Support Volume 1 Service Management For Application Support ITIL is a Registered Trade Mark and Community Trademark of the Office of Government and Commerce. This document may contain
Report of the Council of Experts on the Usage of Cloud Computing by Financial Institutions November 2014 The Center for Financial Industry Information Systems Contents Introduction... 1 I. Characteristics
Semester: Title: Cloud computing - impact on business Project Period: September 2014- January 2015 Aalborg University Copenhagen A.C. Meyers Vænge 15 2450 København SV Semester Coordinator: Henning Olesen
Business intelligence (BI) How to build successful BI strategy Summary This paper focuses on building a BI strategy that aligns with the enterprise goals, improves knowledge management, advances business
ericsson White paper Uen 307 23-3230 February 2014 Guiding principles for security in a networked society The technological evolution that makes the Networked Society possible brings positive change in
econstor www.econstor.eu Der Open-Access-Publikationsserver der ZBW Leibniz-Informationszentrum Wirtschaft The Open Access Publication Server of the ZBW Leibniz Information Centre for Economics Van Ooteghem,
UCD IT Services Security Assurance review for Microsoft Cloud Service adoption at UCD CONTENTS Introduction... 4 Summary, Key findings and Recommendations... 4 Basis of assessment... 6 Background- Security
Market Data + Services Advanced outsourcing solutions IT Hosting and Managed Services Table of Contents 3 Table of Contents Introduction Market Data + Services powers the financial community with a range