Download presentation
Presentation is loading. Please wait.
Published byHannah Newton Modified over 9 years ago
1
Tunis, Tunisia, 28 April 2014 Cloud Computing Standardization Includes Security Ruan HE, Senior Expert, Orange, ruan.he@orange.com Verdana 24 2 nd SG 13 Regional Workshop for Africa on “Future Networks: Cloud Computing, Energy Saving, Security & Virtualization” (Tunis, Tunisia, 28 April 2014)
2
Tunis, Tunisia, 28 April 2014 2 Outline 1. Starting Cloud Computing Security in FGCC 2. First Standard X.1601 3. Collaboration ITU-T and ISO/IEC 4. Other On-going Works in ITU-T
3
Tunis, Tunisia, 28 April 2014 3 Starting Cloud Computing Security in FGCC FGCC: Focus Group on Cloud Computing Objective: to collect and document information and concepts that would be helpful for developing ITU-T Recommendations to support cloud computing services/applications from a telecommunication/ICT perspective Period: June 2010 – Dec 2011 Main industrial participants: China Telecom, China Unicom, Cisco, Huawei, KDDI, NTT, Microsoft, Oracle, Orange, ZTE, etc
4
Tunis, Tunisia, 28 April 2014 4 Starting Cloud Computing Security in FGCC Release of a Technical Report on seven parts: 1. Introduction to the cloud ecosystem: definitions, taxonomies, use cases and high-level requirements 2. Functional requirements and reference architecture 3. Requirements and framework architecture of cloud infrastructure 4. Cloud resource management gap analysis 5. Cloud security 6. Overview of SDOs involved in cloud computing 7. Cloud computing benefits from telecommunication and ICT perspectives
5
Tunis, Tunisia, 28 April 2014 5 First Standard X.1601 X.1601: Security framework for cloud computing Period: April 2012 – Jan 2014 Objective: high-level security framework to guide future standardization works on the security of cloud computing
6
Tunis, Tunisia, 28 April 2014 6 First Standard X.1601 Security framework for cloud computing: - Security threats for cloud computing - Security challenges for cloud computing - Cloud computing security capabilities - Framework methodology - Mapping of cloud computing security threats and challenges to security capabilities
7
Tunis, Tunisia, 28 April 2014 7 Collaboration ITU-T and ISO/IEC ITU-T X.cc-control | ISO/IEC 27017 common text: the security controls for cloud computing Title: Information security management – Guidelines on information security controls for the use of cloud computing services based on ISO/IEC 27002 Progress: 2 nd CD April 2014, DIS 2015
8
Tunis, Tunisia, 28 April 2014 8 Collaboration ITU-T and ISO/IEC Cloud computing security controls: - cloud sector-specific concepts - information security policies - organization of information security - human resource security - asset management - access control - cryptography - physical and environment security - operations security - communications security - system acquisition, development and maintenance - supplier relationships - information security incident management - information security aspects of business continuity management - compliance
9
Tunis, Tunisia, 28 April 2014 9 Other On-going Works in ITU-T X.sfcse: Security requirements for SaaS application environments X.goscc: Requirements of operational security for cloud computing X.idmcc: Requirements of IdM in cloud computing
10
Tunis, Tunisia, 28 April 2014 10 Thank You !!!
11
Tunis, Tunisia, 28 April 2014 11 References FGCC Technical Report http://ifa.itu.int/t/fg/cloud/docs/technical_report/ X.1601: Security framework for cloud computing http://www.itu.int/rec/T-REC-X.1601-201401-I/en
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.