Embed Size (px)
DESCRIPTION
2 nd SG 13 Regional Workshop for Africa on “Future Networks: Cloud Computing, Energy Saving, Security & Virtualization” (Tunis, Tunisia, 28 April 2014). Cloud Computing Standardization Includes Security. Ruan HE, Senior Expert, Orange, [email protected] Verdana 24. Outline. - PowerPoint PPT Presentation
Citation preview
Tunis, Tunisia, 28 April 2014
Cloud Computing Standardization Includes Security
Ruan HE,Senior Expert, Orange, [email protected]
Verdana 24
2nd SG 13 Regional Workshop for Africa on“Future Networks: Cloud Computing, Energy
Saving, Security & Virtualization”
(Tunis, Tunisia, 28 April 2014)
Tunis, Tunisia, 28 April 2014 2
Outline
1. Starting Cloud Computing Security in FGCC2. First Standard X.16013. Collaboration ITU-T and ISO/IEC4. Other On-going Works in ITU-T
Tunis, Tunisia, 28 April 2014 3
Starting Cloud Computing Security in FGCC
FGCC: Focus Group on Cloud ComputingObjective: to collect and document information and concepts that would be helpful for developing ITU-T Recommendations to support cloud computing services/applications from a telecommunication/ICT perspectivePeriod: June 2010 – Dec 2011Main industrial participants: China Telecom, China Unicom, Cisco, Huawei, KDDI, NTT, Microsoft, Oracle, Orange, ZTE, etc
Tunis, Tunisia, 28 April 2014 4
Starting Cloud Computing Security in FGCC
Release of a Technical Report on seven parts:
1. Introduction to the cloud ecosystem: definitions, taxonomies, use cases and high-level requirements
2. Functional requirements and reference architecture3. Requirements and framework architecture of cloud
infrastructure4. Cloud resource management gap analysis5. Cloud security6. Overview of SDOs involved in cloud computing7. Cloud computing benefits from telecommunication and
ICT perspectives
Tunis, Tunisia, 28 April 2014 5
First Standard X.1601
X.1601: Security framework for cloud computingPeriod: April 2012 – Jan 2014Objective: high-level security framework to guide future standardization works on the security of cloud computing
Tunis, Tunisia, 28 April 2014 6
First Standard X.1601
Security framework for cloud computing: - Security threats for cloud computing- Security challenges for cloud computing- Cloud computing security capabilities- Framework methodology - Mapping of cloud computing security threats and
challenges to security capabilities
Tunis, Tunisia, 28 April 2014 7
Collaboration ITU-T and ISO/IEC
ITU-T X.cc-control | ISO/IEC 27017 common text: the security controls for cloud computingTitle: Information security management – Guidelines on information security controls for the use of cloud computing services based on ISO/IEC 27002Progress: 2nd CD April 2014, DIS 2015
Tunis, Tunisia, 28 April 2014 8
Collaboration ITU-T and ISO/IEC
Cloud computing security controls:- cloud sector-specific concepts- information security policies- organization of information security- human resource security- asset management- access control- cryptography- physical and environment security- operations security- communications security- system acquisition, development and maintenance- supplier relationships- information security incident management- information security aspects of business continuity management- compliance
Tunis, Tunisia, 28 April 2014 9
Other On-going Works in ITU-T
X.sfcse: Security requirements for SaaS application environments
X.goscc: Requirements of operational security for cloud computing
X.idmcc: Requirements of IdM in cloud computing
Tunis, Tunisia, 28 April 2014 10
Thank You !!!
Tunis, Tunisia, 28 April 2014 11
References
FGCC Technical Reporthttp://ifa.itu.int/t/fg/cloud/docs/technical_report/
X.1601: Security framework for cloud computing http://www.itu.int/rec/T-REC-X.1601-201401-I/en
