Cloud security standardization activities in ITU-T - PowerPoint PPT Presentation

View by Category
About This Presentation
Title:

Cloud security standardization activities in ITU-T

Description:

Security challenges for cloud computing X.1601 9.Cloud computing security capabilities 9.1 Trust model 9.2 Identity and access management (IAM), ... – PowerPoint PPT presentation

Number of Views:136
Avg rating:3.0/5.0
Slides: 26
Provided by: PRos156
Learn more at: http://www.itu.int
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Cloud security standardization activities in ITU-T


1
Cloud security standardization activities in ITU-T
ITU Workshop on ICT Security Standardizationfor
Developing Countries (Geneva, Switzerland,
15-16 September 2014)
  • Huirong Tian,
  • China
  • tianhuirong_at_catr.cn

2
Contents
3
Work of ITU-T FG-CC
4
ITU-T Focus Group (FG) on Cloud Computing
  • Objective
  • To collect and document information and concepts
    that would be helpful for developing
    Recommendations to support cloud computing
    services/applications from a telecommunication/ICT
    perspective.

5
ITU-T Focus Group (FG) on Cloud Computing
  • Management team
  • Chair Victor Kutukov (Russia) Vice-Chairman
    Jamil Chawki (France) Vice-Chairman Kangchan
    Lee (Korea)Vice-Chairman Mingdong Li
    (China)Vice-Chairman Monique Morrow (USA)
    Vice-Chairman Koji Nakao (Japan)
    Vice-Chairman Olivier Corus (France)

6
ITU-T FG-Cloud deliveries
2010.2
  • FG Cloud
  • Eight meetings,7 deliverables

2011. 12
FG Cloud established
FG Cloud concluded
  • FG Cloud TR1Introduction to the cloud ecosystem
    definitions, taxonomies, use cases and high level
    requirements
  • FG Cloud TR2Functional Requirements and
    Reference Architecture
  • FG Cloud TR3Requirements and framework
    architecture of Cloud Infrastructure
  • FG Cloud TR4Cloud Resource Management Gap
    Analysis
  • FG Cloud TR5Cloud security
  • FG Cloud TR6Overview of SDOs involved in Cloud
    Computing
  • FG Cloud TR7Benefits from telecommunication
    perspectives

7
FG Cloud TR5Cloud Security
  • 11 study subjects on cloud security
  • Security architecture/model and framework
  • Security management and audit technology
  • Business continuity planning (BCP) and disaster
    recovery
  • Storage security
  • Data and privacy protection
  • Account/identity management
  • Network monitoring and incident response
  • Network security management
  • Interoperability and portability security
  • Virtualization security
  • Obligatory predicates

8
Standardization activities in SG17 and SG13
9
Cloud computing security tasks collaboration
between SG13 and SG17
10
SG17 cloud security related questions
1. Security architecture/model and framework
2.Security management and audit
technology 3. BCP/disaster recovery and storage
security 4.Data and privacy protection 5.Account/i
dentity management 6.Network monitoring and
incidence response 7.Network security 8.Interopera
bility security 9.Service portability
Q3/17
Q10/17
Q4/17
Q8/17
Management
CyberSecurity
(Main)cloud
IdM/Bio
11
SG17 cloud security work items
Published in 2014.1
Common text with ISO/IEC
12
X.1601 Security framework for cloud computing
13
X.1601 Security framework for cloud computing
14
X.16017. Security threats for cloud computing
15
X.16018. Security challenges for cloud computing
16
X.1601 9.Cloud computing security capabilities
  • 9.1 Trust model
  • 9.2 Identity and access management (IAM),
    authentication, authorization, and transaction
    audit
  • 9.3 Physical security
  • 9.4 Interface security
  • 9.5 Computing virtualization security
  • 9.6 Network security
  • 9.7 Data isolation, protection and privacy
    protection
  • 9.8 Security coordination
  • 9.9 Operational security
  • 9.10 Incident management
  • 9.11 Disaster recovery
  • 9.12 Service security assessment and audit
  • 9.13 Interoperability, portability, and
    reversibility
  • 9.14 Supply chain security

17
X.1601 10. Framework methodology
18
X.cc-control
  • Scope
  • This International Standard provides guidelines
    supporting the implementation of Information
    security controls for cloud service providers and
    cloud service customers of cloud computing
    services. Selection of appropriate controls and
    the application of the implementation guidance
    provided will depend on a risk assessment as well
    as any legal, contractual, or regulatory
    requirements. ISO/IEC 27005 provides information
    security risk management guidance, including
    advice on risk assessment, risk treatment, risk
    acceptance, risk communication, risk monitoring
    and risk review.

19
X.sfcse
  • Scope
  • This Recommendation provides a generic functional
    description for secure service oriented Software
    as a Service (SaaS) application environment that
    is independent of network types, operating
    system, middleware, vendor specific products or
    solutions. In addition, this Recommendation is
    independent of any service or scenarios specific
    model (e.g., web services, Parlay X or REST),
    assumptions or solutions. This Recommendation aim
    to describe a structured approach for defining,
    designing, and implementing secure and manageable
    service oriented capabilities in
    telecommunication cloud computing environment.

20
X.goscc
  • Scope
  • This Recommendation provides guideline of
    operational security for cloud computing, which
    includes guidance of SLA and daily security
    maintenance for cloud computing. The target
    audiences of this recommendation are cloud
    service providers, such as traditional telecom
    operators, ISPs and ICPs.

21
X.idmcc
  • Scope
  • This Recommendation provides use-case and
    requirements analysis giving consideration to the
    existing industry efforts. This Recommendation
    concentrates on the requirements for providing
    IdM as a Service (IdMaaS) in cloud computing. The
    use of non-cloud IdM in cloud computing, while
    common in industry, is out of scope for this
    Recommendation.

22
SG17 cloud security Recommendation structure


23
SG13 cloud security plans
  • Y.inter-cloud-sec
  • Y.cloudtrustmodels
  • Y.cloudusereq
  • Y.cloudSECasaservice

24
Conclusions and Recommendations
  • Cloud computing will change the ICT industry.
  • The security capabilities will affect how cloud
    computing could be used.
  • Work item proposals on trust models, security
    controls, best practices, etc. are solicited.

25
Thanks for listening!
About PowerShow.com