Institutions engaging with public cloud service providers need assurance that they can trust that provider with their data. One of the ways to assess the maturity level of the cloud providers in terms of security is to evaluate which standards the provider is accredited to and this information is usually readily available on the Cloud Service provider’s website. This document provides an overview of some of some of the most common security standards relating to cloud security: ISO/IEC 27001 ISO/IEC 27001 is the most commonly used information security standard for organizations. The ISO 27001 (2013 version) addresses the following: Information Security Policies Organization of Information Security Human Resource Security Asset Management...
Latest Articles
The Capacity Challenge Inholland is a university of applied sciences with multiple sites offering bachelor and master degrees in a variety of fields. In 2014, Inholland’s data center was fully utilized after being deployed only six years before. About 650 Virtual Machines (VM) were running at the time. Services were delivered on a “best effort” basis. That meant effective availability was high; but actual service availability was not guaranteed. While after-hours back-up personnel were there for infrastructure faults having to do with the network and servers, there was no after-hours back-up in place for application management. Choosing the Cloud Instead of investing in new hardware, Inholland chose to migrate to the cloud. Because...
A fundamental security principle in Cloud Computing is the concept of the Shared Responsibility model. This concept defines the responsibilities of both cloud service providers and customers (Academic institutions, Researchers, Students, etc.) in the well-established cloud service models listed below. In most service models, the cloud service provider is responsible for the lower infrastructure layers, up to the virtualization layer. For IaaS (Infrastructure as a Service), the customer is responsible for the operating system (of the virtual guest machines), the application layers and the data (permissions, auditing, etc.). For PaaS (Platform as a Service), both the customer and the cloud provider share responsibility over the application...
Despite the heavily armed security detail watching over President Erdoğan’s departure and the blocked roads surrounding the venue, nearly 20 curious participants joined GÉANT Cloud Team members Maria Ristkok, Jiří Navrátil and Darko Paric for the “Clouds and IaaS” Workshop at the EaPEC 2018 conference held on 18th October 2018 in Chisinau, Moldova. Talk about a hard act to follow! The two-hour workshop covered a brief introduction to cloud technology in general, the GÉANT Infrastructure as a Service (IaaS) framework, and the roles of National Research and Education Networks (NRENS), cloud architects and users. The combination of general and technical presentations, alongside real-life examples and use cases led to lively discussions on the...
One of the important tools at our disposal for ensuring that confidentiality of data can be maintained is Encryption. This post discusses encryption and related topics such as Hashing and Tokenization. Encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. Cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Encryption includes the source message (also known as clear-text), the encryption algorithm (see examples below) and an encryption key which when applied to the source message, generate the ciphertext. There are many different encryption algorithms which...
Our next installment in the alphabet soup of internet security is AAA, or Authentication, Authorization & Accounting. AAA is a framework for controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are important for network management and security. Authentication is about Identifying users, usually by asking them to provide credentials. Examples of authentication vulnerabilities are anonymous logins instead of requiring students to supply username/password, using weak passwords (such as 123456789) and the lack of Cryptographic key rotation (for example researchers using AWS access keys and fail to replace them on a regular basis)...
25/10/18 13:00 CET
Join us for this 45-minute webinar on how Dropbox powers and enables those in research and education to unleash their creative energy
Learn how Dropbox serves as the core collaboration platform for students, faculty and researchers – accessible securely anytime, anywhere
Discover how Dropbox integrates seamlessly with your favourite apps like Blackboard, Canvas, and Turnitin saving you time and effort
Hear how Dropbox became the trusted collaboration tool for over 6,000 institutions like the University of Cambridge, IESE Business School and University College London
Click here to register
To find out more about Dropbox visit clouds.geant.org/dropbox
17 October 13:00 CET There are many myths relating to cloud security which can deter using considering the advantages of cloud computing for their operations or research. This webinar will address these concerns and identify the opportunities that cloud services bring. The webinar will be led by Tim Rains, Amazon Web Services’ Regional Leader for Security and Compliance in Europe, Africa. Tim helps federal, regional and local governments understand the security requirements of cloud services. This webinar will cover the following areas. Myth: Attacks are getting more advanced Myth: On-premises IT is more secure than the Cloud Myth: Data Residency Means Better Security Opportunity: The Cloud Offers Higher Levels of Security Assurance...
The SURF offices in Utrecht were abuzz with activity for the parallel Azure and AWS technical workshops that took place on 4-5 September 2018. In attendance were 33 registered participants, five instructors from both vendors, as well as two GÉANT cloud team members, Andres Steijaert and Maria Ristkok. Even the visiting service canine was exhausted by the wealth of material! The feedback rated the content and workshop framework a resounding success –both from the participants’ and the instructors’ perspectives. Instructors expressed their willingness to do more of these workshops and were impressed by the opportunities to help advance participants’ cloud skills as well as other topics, such as workshops for IT directors and CIOs...
Cloud security is a hot topic worldwide due to both regulation and demand from institutions. Migrating workloads to the cloud raises a wide range of potential security threats to the institutions, whether it be the University itself, a researcher or faculty member. These include insufficient identity, credentials and access management, data breaches, data loss, denial of service, and more. This series of posts deals with the some of the underlying concepts of cloud security, and how they address various security challenges in academia. The CIA triad The CIA triad is a model to guide information security policies in an organization. The three elements of the triad are often considered the three most crucial components of information...
