Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014.

Published byEvan Norman Modified over 7 years ago

Similar presentations

Presentation on theme: "Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014."— Presentation transcript:

1 Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014

2 Cloud Security Aim of this session Consider Operational Security –For Distributed, Collaborative, Federated Cloud infrastructures –EGI, GEANT, others There is LOADs of activity on Cloud Security in many projects, organisations –Much of this concentrates on single providers or technology –We should avoid duplication Consider the Challenges and Solutions –But mainly the challenges with ideas how to move forward! Identify those who wish to collaborate 25 Sep 2014Cloud Security, Kelsey2

3 Why Operational Security? Collaborate with local security teams to provide a distributed capability Risk Management Protect assets –Not just services –Also intangibles such as Reputation Maintain Availability, Confidentiality and Integrity An open, collaborative multi-domain environment –we have to build and maintain TRUST We do not have the resources nor mandate for full technical & operational controls –Unlike some commercial Cloud providers 25 Sep 2014Cloud Security, Kelsey3

4 25 Sep 2014Cloud Security, Kelsey4 Microsoft Cybercrime Centre

5 Google security team https://cloud.google.com/files/Google- CommonSecurity-WhitePaper-v1.4.pdfhttps://cloud.google.com/files/Google- CommonSecurity-WhitePaper-v1.4.pdf Google employs a full-time Information Security Team that is composed of over 250 experts in information, application, and network security. 25 Sep 2014Cloud Security, Kelsey5

6 http://www.cnet.com/uk/news/amazon-ec2-cloud-service-hit-by- botnet-outage/http://www.cnet.com/uk/news/amazon-ec2-cloud-service-hit-by- botnet-outage/ 25 Sep 2014Cloud Security, Kelsey6

7 Experience of EGI Security Security Operations (more details next slides) –Prevent Security Incidents –Handle Security Incidents Identity Management (IGTF/EUGridPMA) & AAI, VOMS –Moving to more general use of national federated identities Build TRUST (internal/external) and best practices –Security Policy, Operational Security collaboration Training and dissemination Collaborate with others –Shared threats, incidents and users - but also more efficient –TERENA TI/TF-CSIRT, GRID-SEC, WLCG, OSG, PRACE, EUDAT, GEANT, XSEDE, OGF,… 25 Sep 2014Cloud Security, Kelsey7

8 Security Operations Prevent Security Incidents –Security monitoring –Security intelligence –Assessment of reported vulnerabilities with Software Vulnerability Group (SVG) –Preparation and distribution of advisories and alerts –Perform security drills –Monitor progress of patching for Critical vulnerabilities. E.g. OpenSSL Heartbleed –Training (users, admins, developers, VO managers …) –Application and code security analysis and review (looking for vulnerabilities) –Assessing new technology before deployment 25 Sep 2014Cloud Security, Kelsey8

9 Security Operations (2) Handle Security Incidents Incident handling Incident investigation Audit logs (traceability) Emergency user suspension Communication with sites, services and management Coordination with site/national CSIRTs, law enforcement, non-R&E CSIRTs Forensic analysis Technical support Incident reports 25 Sep 2014Cloud Security, Kelsey9

10 Challenges: new deployments New technologies and infrastructure deployments introduce new threats, risks and trust models Assessment of requirements, risks and security architecture –May require new policies and procedures Developing new techniques for detecting vulnerabilities –Training to avoid introduction of vulnerabilities in new areas 25 Sep 2014Cloud Security, Kelsey10

11 New Trust models TRUST is an important part of our security model To date we had a single Grid trust model (~14 years) –Central Ops, NGIs, Sites, VOs, Users Now moving to more complex trust! –VRCs now run services –Many virtual environments –Heterogeneous technologies –Federated services/providers who are not direct members of the trust domain –Lower levels of assurance in Identity Management We need to develop best practices, policies, procedures and tools that will work in this environment –IaaS under community control –Moving towards support of the Long-tail of Science –Need to address legal requirements from EU Data Protection 25 Sep 2014Cloud Security, Kelsey11

12 Today’s agenda Traceability (David Groep) Vulnerability handling (Linda Cornwall) Security Monitoring (Daniel Kouril) Cloud Resource Providers (Sven Gabriel) Plans and discussion (Ian Collier) 25 Sep 2014Cloud Security, Kelsey12

13 Questions? 25 Sep 2014Cloud Security, Kelsey13

Download ppt "Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014."

Similar presentations

Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
EGI-InSPIRE The EGI Software Vulnerability Group (SVG) What is a Software Vulnerability?SVG membership and interaction with other groups Most people are.

EGI-InSPIRE The EGI Software Vulnerability Group (SVG) What is a Software Vulnerability?SVG membership and interaction with other groups Most people are.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
HIPAA COMPLIANCE WITH DELL

HIPAA COMPLIANCE WITH DELL
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
David Groep Nikhef Amsterdam PDP & Grid Traceability in the face of Clouds EGI-GEANT Symposium – cloud security track With grateful thanks for the input.

David Groep Nikhef Amsterdam PDP & Grid Traceability in the face of Clouds EGI-GEANT Symposium – cloud security track With grateful thanks for the input.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,
Www.egi.euEGI-InSPIRE RI-261323 www.egi.eu EGI-InSPIRE RI-261323 EGI Future activities Peter Solagna – EGI.eu.

RI EGI-InSPIRE RI EGI Future activities Peter Solagna – EGI.eu.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Federated Cloud Security - what is needed Linda Cornwall (STFC) and the.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud Security - what is needed Linda Cornwall (STFC) and the.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.

Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.

A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.

A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.
Reflections “from around the block.” (Security) Ian Neilson GridPP Security Officer STFC RAL.

Reflections “from around the block.” (Security) Ian Neilson GridPP Security Officer STFC RAL.
DTI Mission – 29 June 2004 - 1 LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org An overview of EGEE operations & support procedures Jules Wolfrat SARA.

INFSO-RI Enabling Grids for E-sciencE An overview of EGEE operations & support procedures Jules Wolfrat SARA.

Similar presentations

Ads by Google