Presentation is loading. Please wait.

Presentation is loading. Please wait.

Geneva, Switzerland, 15-16 September 2014 Cloud security standardization activities in ITU-T Huirong Tian, China ITU Workshop on “ICT.

Published byAmbrose Harrell Modified over 8 years ago

Similar presentations

Presentation on theme: "Geneva, Switzerland, 15-16 September 2014 Cloud security standardization activities in ITU-T Huirong Tian, China ITU Workshop on “ICT."— Presentation transcript:

1 Geneva, Switzerland, 15-16 September 2014 Cloud security standardization activities in ITU-T Huirong Tian, China tianhuirong@catr.cn ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, 15-16 September 2014)

2 Contents Work of ITU-T FG-CC Standardization activities in SG17 and SG13

3 Work of ITU-T FG-CC Geneva, Switzerland, 15-16 September 2014 3

4 4 ITU-T Focus Group (FG) on Cloud Computing Objective To collect and document information and concepts that would be helpful for developing Recommendations to support cloud computing services/applications from a telecommunication/ICT perspective.

5 Geneva, Switzerland, 15-16 September 2014 5 ITU-T Focus Group (FG) on Cloud Computing Management team Chair: Victor Kutukov (Russia) Vice-Chairman: Jamil Chawki (France) Vice-Chairman: Kangchan Lee (Korea) Vice-Chairman: Mingdong Li (China) Vice-Chairman: Monique Morrow (USA) Vice-Chairman: Koji Nakao (Japan) Vice-Chairman: Olivier Corus (France)

6 ITU-T FG-Cloud deliveries 2010.2 FG Cloud established 2011. 12 FG Cloud concluded FG Cloud Eight meetings,7 deliverables FG Cloud TR1:Introduction to the cloud ecosystem: definitions, taxonomies, use cases and high level requirements FG Cloud TR2:Functional Requirements and Reference Architecture FG Cloud TR3:Requirements and framework architecture of Cloud Infrastructure FG Cloud TR4:Cloud Resource Management Gap Analysis FG Cloud TR5:Cloud security FG Cloud TR6:Overview of SDOs involved in Cloud Computing FG Cloud TR7:Benefits from telecommunication perspectives

7 FG Cloud TR5 : Cloud Security 11 study subjects on cloud security – Security architecture/model and framework – Security management and audit technology – Business continuity planning (BCP) and disaster recovery – Storage security – Data and privacy protection – Account/identity management – Network monitoring and incident response – Network security management – Interoperability and portability security – Virtualization security – Obligatory predicates Follow-up standardiza tion work launched considering these study subjects

8 Standardization activities in SG17 and SG13 Geneva, Switzerland, 15-16 September 2014 8

9 9 Cloud computing security tasks collaboration between SG13 and SG17

10 SG17 cloud security related questions 1.Security architecture/model and framework 2.Security management and audit technology 3.BCP/disaster recovery and storage security 4.Data and privacy protection 5.Account/identity management 6.Network monitoring and incidence response 7.Network security 8.Interoperability security 9.Service portability Q8/17 Q4/17 Q10/17 Q3/17 ManagementCyberSecurity ( Main ) cloud IdM/Bio

11 SG17 cloud security work items X.1601: Security Framework for Cloud Computing X.cc-control: Information technology – Security techniques – Code of practice for information security controls for cloud computing services based on ISO/IEC 27002 X.sfcse: Security functional requirements for SaaS application environment X.goscc: Guideline of operational security for cloud computin X.Idmcc: Requirement of IdM in cloud computing Published in 2014.1 Common text with ISO/IEC

12 X.1601 Security framework for cloud computing Geneva, Switzerland, 15-16 September 2014 12

13 X.1601 Security framework for cloud computing 7. Security threats for cloud computing 8. Security challenges for cloud computing 9. Cloud computing security capabilities 10. Framework methodology

14 X.1601——7. Security threats for cloud computing 7.1 Security threats for cloud service customers (CSCs) 7.1.1 Data loss and leakage 7.1.2 Insecure service access 7.1.3 Insider threats 7.2 Security threats for cloud service providers (CSPs) 7.2.1 Unauthorized administration access 7.2.2 Insider threats

15 X.1601——8. Security challenges for cloud computing 8.1Security challenges for cloud service customers (CSCs) 8.1.1Ambiguity in responsibility 8.1.2Loss of trust 8.1.3Loss of governance 8.1.4Loss of privacy 8.1.5Service unavailability 8.1.6Cloud service provider lock-in 8.1.7Misappropriation of intellectual property 8.1.8Loss of software integrity 8.2Security challenges for cloud service providers (CSPs) 8.2.1Ambiguity in responsibility 8.2.2Shared environment 8.2.3Inconsistency and conflict of protection mechanisms 8.2.4Jurisdictional conflict 8.2.5Evolutionary risks 8.2.6Bad migration and integration 8.2.7Business discontinuity 8.2.8Cloud service partner lock-in 8.2.9Supply chain vulnerability 8.2.10Software dependencies 8.3Security challenges for cloud service partners (CSNs) 8.3.1Ambiguity in responsibility 8.3.2Misappropriation of intellectual property 8.3.3Loss of software integrity

16 X.1601 ——9.Cloud computing security capabilities 9.1Trust model 9.2Identity and access management (IAM), authentication, authorization, and transaction audit 9.3Physical security 9.4Interface security 9.5Computing virtualization security 9.6Network security 9.7Data isolation, protection and privacy protection 9.8Security coordination 9.9Operational security 9.10 Incident management 9.11 Disaster recovery 9.12 Service security assessment and audit 9.13 Interoperability, portability, and reversibility 9.14 Supply chain security

17 X.1601 ——10. Framework methodology Step 1: Use clauses 7 and 8 to identify security threats and security implications of the challenges in the cloud computing service under study. Step 2: Use clause 9 to identify the needed high level security capabilities based on identified threats and challenges which could mitigate security threats and address security challenges. Step 3: Derive security controls, policies and procedures which could provide needed security abilities based on identified security capabilities.

18 X.cc-control Geneva, Switzerland, 15-16 September 2014 18 Scope This International Standard provides guidelines supporting the implementation of Information security controls for cloud service providers and cloud service customers of cloud computing services. Selection of appropriate controls and the application of the implementation guidance provided will depend on a risk assessment as well as any legal, contractual, or regulatory requirements. ISO/IEC 27005 provides information security risk management guidance, including advice on risk assessment, risk treatment, risk acceptance, risk communication, risk monitoring and risk review.

19 X.sfcse Geneva, Switzerland, 15-16 September 2014 19 Scope This Recommendation provides a generic functional description for secure service oriented Software as a Service (SaaS) application environment that is independent of network types, operating system, middleware, vendor specific products or solutions. In addition, this Recommendation is independent of any service or scenarios specific model (e.g., web services, Parlay X or REST), assumptions or solutions. This Recommendation aim to describe a structured approach for defining, designing, and implementing secure and manageable service oriented capabilities in telecommunication cloud computing environment.

20 X.goscc Geneva, Switzerland, 15-16 September 2014 20 Scope This Recommendation provides guideline of operational security for cloud computing, which includes guidance of SLA and daily security maintenance for cloud computing. The target audiences of this recommendation are cloud service providers, such as traditional telecom operators, ISPs and ICPs.

21 X.idmcc Geneva, Switzerland, 15-16 September 2014 21 Scope This Recommendation provides use-case and requirements analysis giving consideration to the existing industry efforts. This Recommendation concentrates on the requirements for providing IdM as a Service (IdMaaS) in cloud computing. The use of non-cloud IdM in cloud computing, while common in industry, is out of scope for this Recommendation.

22 SG17 cloud security Recommendation structure

23 Geneva, Switzerland, 15-16 September 2014 23 SG13 cloud security plans Y.inter-cloud-sec Y.cloudtrustmodels Y.clouduse&req Y.cloudSECasaservice

24 Conclusions and Recommendations Cloud computing will change the ICT industry. The security capabilities will affect how cloud computing could be used. Work item proposals on trust models, security controls, best practices, etc. are solicited. Geneva, Switzerland, 15-16 September 2014 24

25 Thanks for listening! Geneva, Switzerland, 15-16 September 2014 25

Download ppt "Geneva, Switzerland, 15-16 September 2014 Cloud security standardization activities in ITU-T Huirong Tian, China ITU Workshop on “ICT."

Similar presentations

ITU-T Focus Group Cloud Computing

ITU-T Focus Group Cloud Computing
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Cloud computing security related works in ITU-T SG17

Cloud computing security related works in ITU-T SG17
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Recent Standardization Activities on Cloud Computing Kishik Park, Kangchan Lee, Seungyun Lee TTA.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Recent Standardization Activities on Cloud Computing Kishik Park, Kangchan Lee, Seungyun Lee TTA.
<<Date>><<SDLC Phase>>

<<Date>><<SDLC Phase>>
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
WORKSHOP SLA SPECIFICATION BY ETIENNE WERY Lawyer at the Paris & Brussels Bar, Partner ULYS IT OUTSOURCING SUMMIT 27/11/2003.

WORKSHOP SLA SPECIFICATION BY ETIENNE WERY Lawyer at the Paris & Brussels Bar, Partner ULYS IT OUTSOURCING SUMMIT 27/11/2003.
Geneva, Switzerland, 15-16 September 2014 Regional Asia Information Security Exchange (RAISE) Forum Koji Nakao, Information Security Fellow, KDDI Corporation.

Geneva, Switzerland, September 2014 Regional Asia Information Security Exchange (RAISE) Forum Koji Nakao, Information Security Fellow, KDDI Corporation.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All The Internet of Things (IoT) aka Machine 2 Machine (M2M) Bilel Jamoussi Chief, Study Groups Department.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All The Internet of Things (IoT) aka Machine 2 Machine (M2M) Bilel Jamoussi Chief, Study Groups Department.
Security Controls – What Works

Security Controls – What Works
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
Geneva, Switzerland, 14 November 2014 Cloud computing reference architecture Olivier Le Grand, Standardization Senior Manager on Future Networks, Orange.

Geneva, Switzerland, 14 November 2014 Cloud computing reference architecture Olivier Le Grand, Standardization Senior Manager on Future Networks, Orange.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
3 rd SG13 Regional Workshop for Africa on “ITU-T Standardization Challenges for Developing Countries Working for a Connected Africa” (Livingstone, Zambia,

3 rd SG13 Regional Workshop for Africa on “ITU-T Standardization Challenges for Developing Countries Working for a Connected Africa” (Livingstone, Zambia,
Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.

Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.
Geneva, Switzerland, 15-16 September 2014 Critical telecommunication infrastructure protection in Brazil Antonio Guimaraes / Paulo Moura National Telecommunication.

Geneva, Switzerland, September 2014 Critical telecommunication infrastructure protection in Brazil Antonio Guimaraes / Paulo Moura National Telecommunication.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
DOCUMENT #:GSC15-PLEN-64 FOR:Presentation or Information SOURCE:TTA AGENDA ITEM:Plenary 6.14 CONTACT(S):{kipark, chan, Kishik Park, Kangchan.

DOCUMENT #:GSC15-PLEN-64 FOR:Presentation or Information SOURCE:TTA AGENDA ITEM:Plenary 6.14 CONTACT(S):{kipark, chan, Kishik Park, Kangchan.
Geneva, Switzerland, 2 June 2014 SG2: WTSA and PP Resolutions “Recommendation E.157” Sherif Guinena SG2 Chairman ITU Workshop on “Caller ID Spoofing” (Geneva,

Geneva, Switzerland, 2 June 2014 SG2: WTSA and PP Resolutions “Recommendation E.157” Sherif Guinena SG2 Chairman ITU Workshop on “Caller ID Spoofing” (Geneva,

Similar presentations

Ads by Google