1. Security in cloud computingD26/11/2010 Thales & Cloud Daniel PAYS - daniel.pays@thalesgroup.comdaniel.pays@thalesgroup.com Advanced Studies director System C4I Security and Defense Plenary Cloud Computing Session FIA - Budapest - 19/5/2011

2. 2 Thales: Cloud challenges & positioning SECURITY CHALLENGES  Application security Content-based security Roles & rights management Identity management & interoperability Persistent data security  Infrastructure security Trusted isolation Trusted network management  Platform security Trusted application server Secure programming framework Source code evaluation framework  Security assurance and Cyber-security Thales Communications S.A. Demand Delivery Supply Resources (Physical, Storage, Network) Service Offering Catalog Portal Services : provisioning, management and control Portal Services : provisioning, management and control Users Admin Power users Cloud Service Manager : availability, performance Supervisor : command and control Service Management : configuration, change, billing Local resource managers and hypervisors Operators SLA : services, security, elasticity Network automation Server automation Storage automation Middleware : usage mediation, placement, optimization, federation Security Management : role and identity, audit, isolation, data protection DIFFERENCIATORS  Security assurance and Cyber-security  Self-provisioning & automatic deployment according to functional and non functional requirements  Multi-sites federation with encryption  Supervision of the physical infrastructure and applicative Key Performance Indicators  Role Based Access Control

3. 3 THALES and FI-PPP CONCORD (CSA) INFINITY (CSA) INSTANT MOBILITY (IP) FI-WARE (IP) ENVIROFI (IP) SMARTAGRIFOOD (IP) OUTSMART(IP) FINEST(IP) SAFE CITY (IP) FI-CONTENT (IP) http://www.fi-ppp.eu/ FINSENY (IP) INSTANT MOBILITY (IP)

4. 4 FI-PPP Security – Targeted Results Generate Trust and confidence by developing and providing security services for the Future Internet Open specifications, Reference Implementation, KPI,...  Core security generic enablers demanded by FI Pillars and Usage Areas i ncluding: Identity and Access Management Authorization and Usage Control Policies Privacy and Trust Auditing  Complemented by optional generic enablers which might be used for specific needs requested by FI Smart applications at hands (e.g. data anonymization, data protection, filtering,...) FI-WARE

5. 5 FI-PPP Exemplification - Security usability  In the cloud computing, FI-PPP put up:  End-to-end trust and data security  Isolation Across Virtual domains  Risk analysis and vulnerabilities mitigation  Secure administration, alerting and reporting  Smart decision support in case of cyber-attacks  Week signal detection and response  A permanent Life Cycle management of Security User-centric intuitive security mechanisms A pluri-disciplinary approach with Human Sciences (Ethic, Legal, Sociology, Psychology,…)

6. 6 FI-PPP Exemplification Identity & Trust  Federation between heterogeneous domains:  One account versus unlimited number of account  Simplified password management  Ease collaboration environments for Enterprises  minimizes security overhead through sharing resources and information Trusted federations increase efficiency eID card is a gateway to personal information.

7. Security in cloud computingD26/11/2010 « Andromède » Trusted digital agency « Design, Build and Run a trusted and secured « digital factory» infrastructure, to sustain economic competitiveness (France and Europe) « Grand Emprunt » 2011 May the 15th

8. 8 Andromede security by Thal es Andromede security requirements formalisation  Tools for application & services development, test, deployement and run in a trusted way  A resilient and secured infrastructure architecture (flows isolation, hardening, Zones management, localisation, cyphering,…) Solutions & services provided byThales  Supply & integration of security solutions & equipments  Security operator Targets to be defined  A separate security operator providing global security services:  Target ISO27001 and Andromède Certification (ANSSI)  Optional added value services: Identity federation, intrusion detection/prevention) DRP as a service, scan application tests, vulnerability assessment, intrusion testing,  Different : telecom transporter, hosters, outsourcers

9. 9 designerEnd useroperatorintegratordevelopper Développement Validation Transition Production Trusted cloud life cycle: follow-up help & constrain on development IDE/SDK Deployed Service Store Functionalities Manageability Security … Common tools Portfolio, Program, Configuration, deployment Application support, Middleware Cloud Operating tool Feedback : lessons learnt bugs, logs  Life cycle  Gouvernance  Co-design