Rob Rowlingson, Principal Security Researcher at BT Research and Technology, gave this presentation at the EIT ICT Labs Interactive Cloud Clinic event.
9. Automated Data Protection in the Cloud
IaaS/PaaS edition
9
Via the dashboard/portal, users can:
1. Attach, detach, encrypt or share encrypted data volumes, file-system directories
and data objects (e.g. files) with 3-clicks in <2min.
2. Define context (location/time/ownership/security-level)–based data access
3. Access a personalised secure key-store hosted by BT (on premise variants are
also available on request)
It is fully validated on BT Cloud and partly on 3rd parties (Amazon). Trials show
<10% overhead of encrypted storage operations,
<5% overhead to provisioning time of unprotected VMs
11. Use in R&D, trials and production
• Exposure via a global
cloud service
• 16 platforms across 4
continents
• 45 data centres
• 4 global customer service
centre hubs and 22
satellite centres
• operating 24/7 and serving
businesses in 198
countries.
Incorporated into BT
Cloud Compute
release roadmap as
a value-add feature
• UK:
•London Borough of Camden
•Italy:
•City of Genoa
•Serbia:
•Strati-Grand, Belgrade
•Exposure to 2000 users of
public services
•Enable secure consumption of
public services across European
regions
Baseline technology
for governmental
cloud pilots
•Part of Trusted Cloud
Platform - EIT ICT Labs High
Impact Initiative
•To be exposed to UK SMEs for
as a co-innovation platform
by the ICT Catapult in the UK
•Platform of choice for future
research on cyber-security
attack analysis and
prevention by Imperial
College London – UK Global
Uncertainties programme
Baseline platform
for Trusted Cloud
innovation by SMEs
12. New customer experience
• Make security management integral part of cloud application assemblyFusion
• integrity &security functions become managed parameters
• while the form and coverage of the functions automatically adjust to user
selection.
Uniformity and
Customisation
• “click-to-buy” security services
• “click-to-build” secure applications in less than 5 clicks.
Automation
•automatic generation of recommended security policy
• based on vulnerability analysis of the application stack, cloud
characteristics, user preferences and desired business impact levels;
Versatility
•one cloud-based service securing applications and data on multiple
private and public cloud infrastructures and platformsUniversality
• Automatically generated customisable security dashboard per user
•Unifying view of the security state of user’s applications on any cloud
Visibility
• enables enforcing a common security policy to
•all instances of an application on multiple cloud environments.
Control
Simplified customer experience through a market place, and a service and security
management dashboard. Eliminates costs and risks of deployment, integration and
management of complex security software or appliances.
13. SummaryFusion
Make security
management integral
part of cloud data &
application assembly
Ubiquity
integrity &security
functions become
managed parameters
Automated
“click-to-buy” security services
“click-to-build” secure data &
applications in less than 5
clicks.
Versatile
automatic generation
of recommended
security policy
Universal
one service protecting
applications and data on
multiple clouds
VisibilityUnifying view of the
security state of user’s
applications on any cloud
Control
enables enforcing a common
enterprise security policy
across clouds
Exposure in production via a
global cloud service
(BT Cloud Compute)
Exposure to 2000
users of public services
UK Research & Development
Product Development
Core Service operations
“The benefit has been in convincing the
customer that Security is not just in our
DNA, it's something that they can embed in
their DNA with a single click!” David Cairns,
Principle Solutions Architect, BT Cloud Compute