www.rt.ru grid and cloud: alternative security approaches ilya trifalenkov, head of it security for...
TRANSCRIPT
www.rt.ru
GRID and Cloud:alternative security approaches
Ilya Trifalenkov, head of IT security for “Information society” projects
www.rt.ru2
Rostelecom “Information society” projects
Information society project
Electronic government
infrastructure
National Cloud platform “O7”
National identification and authentification
service
Digital and interactive TV
Mobile IT services
National search and indexing
www.rt.ru
National Cloud Platform “O7” – field of occupation
3
IaaS cloudVirtual Datastore
Virtual Datacenter Virtual server
Personal data security services Confidential information Security services
SaaS cloud
E-Goverment Electronic region Management solutions
Social services Medicine Education
Culture applications Energetics
Ecological monitoring
Territorial planningTransportation and logistics
Safe CityHousing management Special solutions
Unified communications
Office solutions
Enterprise management
Source-code managementPaaS cloud
DBMS
Training Business analytics
SOAP
www.rt.ru5
Cloud technologies as result of IT evolution
Single custom solutions
Integration for enterprises and industry branches
IT services as dedicated activity
“Mass production” for IT services
www.rt.ru
GRID and Cloud technologies: who is who
GRID
Technological priorities
SLA for IT-resources
Scientific solutions
Multi-operators model
Varying set of applications
Security as value-add
Clouds
Business priorities
SLA for IT-services
Business and society oriented
Single operator model
Fixed set of applications
Security as critical requirement
6
www.rt.ru8
GRID and Cloud: common threats but different riscs
Traditional threads
Sharing resources threats
Outsourcing threats
Threats from service operator
Threats from sharing of resources between different organizations
www.rt.ru
Cloud security approach: from risks to measures
IT processes Risks Requirements Measures Compilance
9
General Standards: ISO27001
Cloud security standards: NIST SP800-128, NIST SP800-146
• Security guidance for critical areas of focus in cloud computing• Cloud control matrix• Cloud data governance
Best practices: Cloud security alliance recommendations
www.rt.ru10
Why cloud security is attracitve
Data storage and processing from independent operator
Security management and control by requirements
Real-time security incident management
Short (zero) time for data restoring
Honey-Net possibilities
Smart security staff
Information security infrastructure investment
www.rt.ru11
Practical Cloud security in “O7”
Security as a
service
Field-oriented clouds
Separation for application and infrastructure
administration
Special domain for security
infrastructure services
Scaled solution for end-user
Security audit & compliance as very important
mechanisms
Cryptography as a service –
separated part
www.rt.ru
GRID security: view from cloud
Processes not described formally for risks analysis
Requirements not unified and not standartized
Security mechanisms localized within operator
No formal process for compliance
Security “as it is convinient for system admin”
www.rt.ru
GRID access control: phantom menace
Access control
based on sertificates
identification of users
private key unavailability
Strong security requirements for each CA, best – independent CA
Users have long-term rights
www.rt.ru
Conclusion
GRID is not cloud. GRID only can be one case for Cloud
Security in cloud essentially stronger than in GRID
GRID without security have no chances as business GRID and can be source of emergency for IT infrastructure
Cloud security approaches applicable for GRID but not in use