TREDISEC: hacia unas infraestructuras Cloud más seguras y confiables

Transcripción

1 TREDISEC: hacia unas infraestructuras Cloud más seguras y confiables Beatriz Gallego-Nicasio Crespo Research & Innovation Atos

2 Índice de Contenidos 1. Situación actual a. Adopción de infraestructuras Cloud b. Amenazas y barreras 2. El proyecto TREDISEC a. Visión: requisitos funcionales vs. no-funcionales (seguridad) b. Soluciones propuestas c. Evaluación d. Investigación e innovación 2

3 Tendencias de adopción del Cloud Growth cloud economy 4 million jobs by 2020 in Europe 1 trillion in GDP The aim of EU is to promote free movement of data in the European Union and tackle restrictions to data location and access to encourage innovation. The expected cumulative economic effects of cloud computing between 2010 and 2015 in the five largest European economies alone is around 763 Billion. The economy and society of Europe need to make the most of digital. 47% of EU population is not properly digitally skilled, yet in the near future, 90% of jobs will require some level of digital skills. Due to its exponential growth in recent years, cloud computing is no longer considered as an emerging technology. However, it cannot yet be considered a mature and stable technology either. 3

4 Principales amenazas Organized Crime & Terrorists Internal Actors & Industrial Espionage Malicious Hacktivists Information Leakage Code Injection Identity Theft Data Breaches Worms/Trojans Phishing Denial of Service Exploit Kits Physical Damage/Loss/Theft Botnets Accidental Data Loss Source: CAPITAL project 4

5 Principales barreras: falta de confianza 5

6 Privacidad y cumplimiento regulatorio + = Estado del arte: Mapear nuevos escenarios y casos de uso a una selección de controles de seguridad (basados en standards como CSA CCM o ISO 27017) CSA data governance framework 6

7 Seguridad en Cloud: fragmentación tecnológica y falta de estandarización ISO NIST CSA ISO / EIC Code of practice for data protection controls for public cloud computing services NIST Rev.4 Security Controls NIST Security Reference Architecture Cloud Controls Matrix (CCM) Open Certification Framework (OCF) Cloud Trust Protocol (CTP) CloudAudit Privacy Level Agreement EuroCloud EuroCloud Star Audit (ESCA) Open Data Center Alliance Data Security Framework 7

8 El proyecto 8

9 TREDISEC: Trust-aware, REliable and Distributed Information SEcurity in the Cloud H2020-ICT , ICT Cybersecurity, Trustworthy ICT Research and Innovation action, G.A. no Duración: 36 meses (abril 2015 marzo 2018) Follow us! 9

10 Visión: requisitos funcionales vs. nofuncionales (seguridad) 10

11 Soluciones propuestas: TREDISEC primitives Mecanismos de Seguridad para crear/mejorar entornos Cloud seguros, incluyendo: Deduplication on encrypted and multitenant data Integrity and availability checks of multitenant data in presence of storage efficiency Secure deletion of multi-tenant data in presence of deduplication Storage efficiency in presence of securely outsourced database management systems Secure outsourced analytics/processing in a multi-tenant environment Trustworthy, consistent and conflict-free access control for multi-tenancy settings Distributed enforcement of control policies 11

12 Soluciones propuestas: TREDISEC framework Framework para la configuración y el despliegue semi-automático de mecanismos de seguridad en infraestructuras Cloud existentes 12

13 Evaluación: escenarios y casos de uso 13

14 Investigación e Innovación TREDISEC Key Innovation Points Framework for continuous innovation assessment 14

15 Contacto: Beatriz Gallego-Nicasio Crespo Cybersecurity Lab, Research & Innovation, Atos