Massonet Philippe Panel - Security in the clouds: An Academic Perspective

Panel - Security in the clouds: An Academic Perspective Massonet Philippe Scientific Coordinator CETIC Research Center, Belgium 13-15 December 2010 ServiceWave 2010

Authors
Massonet Philippe, CETIC
ICSOC-ServiceWave 2009 13-15 December 2010

Panel - Security in the clouds: An Academic Perspective 13-15 December 2010

Improvements in Cloud Security 13-15 December 2010
Cloud providers are offering several predefined levels of security to choose from
E.g. Amazon Virtual Private Cloud : extend your IT with IPsec VPN connection to Amazon, Isolated resources and apply your security policies
Cloud providers are improving trust with certification
E.g. Google obtains FISMA certification and accreditation  Google Apps for goverment agencies
Segregated community cloud for US goverment, Data stored in US only
FISMA
emphasizes “ risk-based policy for cost-effective security”
Categorize data/systems according to risk level

Top Challenges in Cloud Security 13-15 December 2010
Challenges:
Loss of governance
Compliance challenges
Risk from changes of jurisdiction
Manage the risks related to resilience of the cloud
Need more transparency
Accountability
Auditability
Risk management
Portability/interoperability, ...
Several studies related to security (CAMM)

Shift of Responsibilities with e.g. IaaS
SP responsibilities
Defines the deployment with a service manifest, Defines elasticity
Monitors/administers the VM
User Service Provider Virtualisation
IP responsibilities: manages the physical and virtual infrastructure
Placement of VM on physical machines: optimisation such that SLAs are satisfied
Elastcicity: scale up and down
Currently the transfer of responsibility is incomplete : transfert of control, but not accountability/liability Web Server App Server Db Server Infrastructure Provider

Some Research Directions forCloud Security 13-15 December 2010
Improving trust by giving the cloud user more control:
Client side usage control for clouds
Trusted computing in clouds (hardware based security)
Improve trust in cloud provider :
V&V by design and Monitoring of isolation in the virtual infrastructure layer

THANK YOU Questions and Answers www.reservoir-fp7.eu

ICSOC-ServiceWave 2009

Massonet Philippe Panel - Security in the clouds: An Academic Perspective

by ServiceWave 2010 on Dec 30, 2010

Accessibility

Upload Details

Usage Rights

Statistics

Massonet Philippe Panel - Security in the clouds: An Academic Perspective — Presentation Transcript