2nd SG 13 Regional Workshop for Africa on
“Future Networks: Cloud Computing, Energy
Saving, Security & Virtualization”
(Tunis, Tunisia, 28 April 2014)
Cloud Computing Standardization
Includes Security
Ruan HE,
Senior Expert, Orange,
ruan.he@orange.com
Verdana 24
Tunis, Tunisia, 28 April 2014
Outline
1. Starting Cloud Computing Security
in FGCC
2. First Standard X.1601
3. Collaboration ITU-T and ISO/IEC
4. Other On-going Works in ITU-T
Tunis, Tunisia, 28 April 2014
2
Starting Cloud Computing Security in
FGCC
FGCC: Focus Group on Cloud Computing
Objective: to collect and document information
and concepts that would be helpful for developing
ITU-T Recommendations to support cloud
computing services/applications from a
telecommunication/ICT perspective
Period: June 2010 – Dec 2011
Main industrial participants: China Telecom,
China Unicom, Cisco, Huawei, KDDI, NTT,
Microsoft, Oracle, Orange, ZTE, etc
Tunis, Tunisia, 28 April 2014
3
Starting Cloud Computing Security in
FGCC
Release of a Technical Report on
seven parts:
1.
2.
3.
4.
5.
6.
7.
Introduction to the cloud ecosystem: definitions,
taxonomies, use cases and high-level requirements
Functional requirements and reference architecture
Requirements and framework architecture of cloud
infrastructure
Cloud resource management gap analysis
Cloud security
Overview of SDOs involved in cloud computing
Cloud computing benefits from telecommunication and
ICT perspectives
Tunis, Tunisia, 28 April 2014
4
First Standard X.1601
X.1601: Security framework for
cloud computing
Period: April 2012 – Jan 2014
Objective: high-level security
framework to guide future
standardization works on the security
of cloud computing
Tunis, Tunisia, 28 April 2014
5
First Standard X.1601
Security framework for cloud
computing:
-
Security threats for cloud computing
Security challenges for cloud computing
Cloud computing security capabilities
Framework methodology
Mapping of cloud computing security threats and
challenges to security capabilities
Tunis, Tunisia, 28 April 2014
6
Collaboration ITU-T and ISO/IEC
ITU-T X.cc-control | ISO/IEC 27017
common text: the security controls for
cloud computing
Title: Information security management –
Guidelines on information security controls
for the use of cloud computing services
based on ISO/IEC 27002
Progress: 2nd CD April 2014, DIS 2015
Tunis, Tunisia, 28 April 2014
7
Collaboration ITU-T and ISO/IEC
Cloud computing security controls:
-
cloud sector-specific concepts
information security policies
organization of information security
human resource security
asset management
access control
cryptography
physical and environment security
operations security
communications security
system acquisition, development and maintenance
supplier relationships
information security incident management
information security aspects of business continuity management
compliance
Tunis, Tunisia, 28 April 2014
8
Other On-going Works in ITU-T
X.sfcse:
Security requirements for SaaS application
environments
X.goscc:
Requirements of operational security for cloud
computing
X.idmcc:
Requirements of IdM in cloud computing
Tunis, Tunisia, 28 April 2014
9
Thank You !!!
Tunis, Tunisia, 28 April 2014
10
References
FGCC Technical Report
http://ifa.itu.int/t/fg/cloud/docs/technical_report/
X.1601: Security framework for
cloud computing
http://www.itu.int/rec/T-REC-X.1601-201401-I/en
Tunis, Tunisia, 28 April 2014
11