2 SG 13 Regional Workshop for Africa on Saving, Security & Virtualization”

2nd SG 13 Regional Workshop for Africa on “Future Networks: Cloud Computing, Energy Saving, Security & Virtualization” (Tunis, Tunisia, 28 April 2014) Cloud Computing Standardization Includes Security Ruan HE, Senior Expert, Orange, ruan.he@orange.com Verdana 24 Tunis, Tunisia, 28 April 2014 Outline 1. Starting Cloud Computing Security in FGCC 2. First Standard X.1601 3. Collaboration ITU-T and ISO/IEC 4. Other On-going Works in ITU-T Tunis, Tunisia, 28 April 2014 2 Starting Cloud Computing Security in FGCC FGCC: Focus Group on Cloud Computing Objective: to collect and document information and concepts that would be helpful for developing ITU-T Recommendations to support cloud computing services/applications from a telecommunication/ICT perspective Period: June 2010 – Dec 2011 Main industrial participants: China Telecom, China Unicom, Cisco, Huawei, KDDI, NTT, Microsoft, Oracle, Orange, ZTE, etc Tunis, Tunisia, 28 April 2014 3 Starting Cloud Computing Security in FGCC Release of a Technical Report on seven parts: 1. 2. 3. 4. 5. 6. 7. Introduction to the cloud ecosystem: definitions, taxonomies, use cases and high-level requirements Functional requirements and reference architecture Requirements and framework architecture of cloud infrastructure Cloud resource management gap analysis Cloud security Overview of SDOs involved in cloud computing Cloud computing benefits from telecommunication and ICT perspectives Tunis, Tunisia, 28 April 2014 4 First Standard X.1601 X.1601: Security framework for cloud computing Period: April 2012 – Jan 2014 Objective: high-level security framework to guide future standardization works on the security of cloud computing Tunis, Tunisia, 28 April 2014 5 First Standard X.1601 Security framework for cloud computing: - Security threats for cloud computing Security challenges for cloud computing Cloud computing security capabilities Framework methodology Mapping of cloud computing security threats and challenges to security capabilities Tunis, Tunisia, 28 April 2014 6 Collaboration ITU-T and ISO/IEC ITU-T X.cc-control | ISO/IEC 27017 common text: the security controls for cloud computing Title: Information security management – Guidelines on information security controls for the use of cloud computing services based on ISO/IEC 27002 Progress: 2nd CD April 2014, DIS 2015 Tunis, Tunisia, 28 April 2014 7 Collaboration ITU-T and ISO/IEC Cloud computing security controls: - cloud sector-specific concepts information security policies organization of information security human resource security asset management access control cryptography physical and environment security operations security communications security system acquisition, development and maintenance supplier relationships information security incident management information security aspects of business continuity management compliance Tunis, Tunisia, 28 April 2014 8 Other On-going Works in ITU-T X.sfcse: Security requirements for SaaS application environments X.goscc: Requirements of operational security for cloud computing X.idmcc: Requirements of IdM in cloud computing Tunis, Tunisia, 28 April 2014 9 Thank You !!! Tunis, Tunisia, 28 April 2014 10 References FGCC Technical Report http://ifa.itu.int/t/fg/cloud/docs/technical_report/ X.1601: Security framework for cloud computing http://www.itu.int/rec/T-REC-X.1601-201401-I/en Tunis, Tunisia, 28 April 2014 11

2 SG 13 Regional Workshop for Africa on Saving, Security & Virtualization”

Related documents

Products

Support

2 SG 13 Regional Workshop for Africa on Saving, Security &amp; Virtualization”

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib

2 SG 13 Regional Workshop for Africa on Saving, Security & Virtualization”