Security Assurance IN Service OuTSourcing (SAINTS)

Similar documents
CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

Better Practice Guide Financial Considerations for Government use of Cloud Computing

Copernicus & Big Data: A Perspective from the European EO Services Industry. Geoff Sawyer: EARSC Secretary General

The ADVANTAGE of Cloud Based Computing:

AHLA. C. Big Data, Cloud Computing and the New World Order for Health Care Privacy

366 Degrees Gaining Extra Degrees of Success

Build the cloud OpenStack Installation & Configuration Integration with existing tools and processes Cloud Migration

IN-HOUSE OR OUTSOURCED BILLING

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN

G-CLOUD FRAMEWORK SERVICE DEFINITION. Oracle Technology Service for Agile Cloud Projects. Copyright: point6 Ltd

CLOUD COMPUTING: SECURITY THREATS AND MECHANISM

In addition to assisting with the disaster planning process, it is hoped this document will also::

How To Write A Secure Cloud Computing For Critical Infrastructure

AML Internet Manor Court, Manor Farm House, London Road, Derby, Derbyshire, DE72 2GR. Tel: Fax:

ITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days

Critical Success Factors for FedRAMP Assessments A 3PAO Perspective

Towards Novel Certification Models in Cloud Infrastructures (the CUMULUS approach)

Professional Leaders/Specialists

ITIL Foundation Certification Course v3 Information Technology Service Management (MIE-ITIL-FDN, 3 days)

How can security requirements of critical Infrastructure IT shape Cloud Computing research?

Datasheet. PV4E Management Software Features

Change Management Process

POSITION DESCRIPTION. Classification Higher Education Worker, Level 7. Responsible to. I.T Manager. The Position

Delivering Business Value Through IT Cost Transparency Using IT CMF

Presentation: The Demise of SAS 70 - What s Next?

Case Study. Sonata develops. comprehensive BI Application for a leading provider of Animal Nutrition Solutions. Ananthakrishnan

State of Wisconsin. File Server Service Service Offering Definition

Risk Management Policy AGL Energy Limited

Innovate faster with a cloud-enabled enterprise. Dirk Basenach, SAP SE, HANA Cloud Platform November 2 nd, 2015

Data Protection Act Data security breach management

Advanced SaaS Security Measures

TESTING TIMES: HOLISTIC ENVIRONMENT MANAGEMENT IN AN AGILE WORLD

Case Study Law Firm Profit and Growth LBMS Transforms a Major Law Firm s Market Expansion & Increased Profitability Vision into Reality

Oakland County Department of Information Technology Project Scope and Approach

Service Level Agreement in IBM T Clud - ITAP

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite

The actions discussed below in this Appendix assume that the firm has already taken three foundation steps:

Independent Development Trust. 27 June 2016 POSITION: SENIOR SPECIALIST: SUPPLY CHAIN MANAGEMENT JOB LEVEL: 7

Growing Your Cloud Infrastructure: Planning, Design and Operation

OFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager

Information Services Hosting Arrangements

G-CLOUD FRAMEWORK SERVICE DEFINITION. Solution Architecture for Cloud Service. Copyright: point6 Ltd

(DRAFT) WISHIN DIRECT MARKETING PLAN Prepared by Kim Johnston June, 2011

Best Practices on Monitoring Hotel Review Sites By Max Starkov and Mariana Mechoso Safer

Colorado Health Benefit Exchange Board Advisory Group Selection Process, Timeline, Charters and Nominee Form

ISO Management Systems. Guidance on understanding the benefits of an ISO Management System

OPEN INTERNET CODE OF PRACTICE:

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

VCU Payment Card Policy

G-Cloud 5 Pricing. Electronic Invoicing and Supplier Financing Solution

Update on targeted audits of VET FEE-HELP providers

service description Colocation of Equipment Infrastructure as a Service

Job Profile Data & Reporting Analyst (Grant Fund)

Plus500CY Ltd. Statement on Privacy and Cookie Policy

UC4 AUTOMATED VIRTUALIZATION Intelligent Service Automation for Physical and Virtual Environments

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions

QBT - Making business travel simple

Feature Guide. Virto Commerce Platform

How To Deal With A Data Breach In The European Law

Aim The aim of a communication plan states the overall goal of the communication effort.

Leoni s implementation of a travel and expense solution

Network Security Monitoring: Beyond Intrusion Detection. By: rewtninja

How Does Cloud Computing Work?

Solution Brief. Aerohive and Impulse. Powerful Network Security for Education and Enterprise

Health and Safety Training and Supervision

White Paper for Mobile Workforce Management and Monitoring Copyright 2014 by Patrol-IT Inc.

Cloud Services Frequently Asked Questions FAQ

PMBOK GUIDE 4 th Ed. MANANAGEMENT BODY KNOWLEDGE INTRODUCTION PRESENTATION & COMMENTS ON THE. PMBOK 4 th edition

TO: Chief Executive Officers of all National Banks, Department and Division Heads, and all Examining Personnel

Transcription:

Security Assurance IN Service OuTSurcing (SAINTS) Mussa OUEDRAOGO, PhD Service Science and Innvatin, CRP Henri Tudr Cnférence EurClud Luxemburg du 26 Fevrier 2013- Migrer vers le Clud Cmputing: pprtunités et pièges

Data centres and clud services as the new trend fr Businesses Advances have been made in the technlgy, particularly in netwrking and virtualisatin. Outsurcing f cmpetencies nt cre t the business Cnsumers are mre interested in results rather than in the technical details Lesser management and maintenance cst

The Security Challenges f Sustaining the Mmentum Threat 3: Malicius insiders Threat 7: Unknwn Security Prfile Threat 6: Accunt r service hijacking Threat 5:Data lss r leakage Threat 4: Shared technlgy issues Amazn EC2 Amazn Zeus btnet Incident (2012) Sny s netwrk hacking (2011) Threat 2: Insecure interfaces and APIs Threat 1: Abuse and nefarius use f clud cmputing

Frm Security Cncerns t Slutins Summary f the security challenges in clud cmputing Sensitive infrmatin are stred r prcessed by prviders at gegraphically dispersed areas. Security nw lies in the hand f a third party gracefully lsing cntrl while maintaining accuntability (Mell & Grance, 2009) The perspective slutins Threats affecting the wider adptin f the clud Type f security Cncern Related Security Slutins Threat 2 and 6 VM security Use f Trusted Clud Cmputing Platfrm (TCCP), VM mnitring, encryptin, encapsulatin, abstractin Threat 3-5 Data Security Encryptin, Access Cntrl Threat 7 Unknwn security level Security certificatin, Audits, SLA mnitring blind trust between a prvider and a cnsumer? Security Certificatin driven selectin f the CSP? The missing links: Security transparency and mutual auditability (evidence based)

Filling the Gap: The SAINTS Apprach Establishing security transparency and mutual auditability in clud services. Infrmed selectin f a CSP: The C.A.RE apprach Cntinuus prbing f the security Timely reprting f security indicatrs Prir t Service Usage During service usage Enable service prviders (CSPs) t ensure their security is cntinuusly aligned t increasingly strict regulatry requirements and als t cnsumers (CSCs) service security needs.

The C.A.RE Apprach fr Assessing and Ranking CSPs. Infrmed selectin f a CSP: The C.A.RE apprach Cntinuus prbing f the security Timely reprting f security indicatrs Initiative culd be integrated t nging Eurclud effrts r tailred fr setting the fundatin f standardisatin in Luxemburg.x

During the Usage Clud Service: Cntinuus Prbing f Security. Infrmed selectin f a CSP: The C.A.RE apprach Cntinuus prbing f the security Timely reprting f security indicatrs Develp a framewrk fr enabling the appraisal and mnitring f the security assurance and their apprpriate reprting t the prvider and cnsumer Usage f a netwrk f cllabrative sfware sensrs fr anmalies detectin.

During the Usage Service: Timely Reprting f Security Indicatrs. Infrmed selectin f a CSP: The C.A.RE apprach Cntinuus prbing f the security Timely reprting f security indicatrs Reprting f security indicatrs Develp an architecture fr enabling the exchange f security infrmatin Determine relevant type f indicatrs fr a CSC. Priritisatin, crrelatin and aggregatin f alerts. Opinin f SMEs are sught fr further elabrating the set f metrics that culd be made available t the CSC.

Cncluding Remarks. Clud services are being perceived as the ultimate slutin fr cmpanies seeking t achieve bth efficiency and cst cutting in the prvisining f services Clud service as an Old wine in new bttle a relatively gd knwledge f the demns that cme with it. Security transparency and mutual auditability as the truly new security challenges, thugh scantly addressed in the literature and in practice. The SAINTS prject purprts t address such an issue thrugh definitin f techniques and a tl fr: Labeling and ranking CSPs based n their security ffering, t enable an infrmed selectin f a CSP by a CSC prir t embarking nt the clud Allwing CSC t cntinuusly keep an eye n a security matter that is nw devlved t the CSP Opinins frm Actrs in clud services (CSCs and CSPs) are highly sught during the lifetime f the prject.

Thanking yu fr yur time. Fr further infrmatin, please cntact: Prject Investigatr: Mussa OUEDRAOGO Email: mussa.uedrag@tudr.lu Prject Leader: Severine MIGNON Email: severine.mignn@tudr.lu Available fr talk during Cffee Break!!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information