On the Security of Data Stored in the Cloud

1. SecureClouud 2012 9-10 May On the Security of Data Stored in the Cloud Dr Srijith Nair Senior Researcher Security Futures Practice BT Innovate & Design Dr Theo Dimitrakos Head of Security Architectures Research Security Futures Practice BT Innovate & Design Contact: {srijith.nair,theo.dimitrakos}@bt.com

2. High-end Cloud Environment Data Centre Virtual Data Centre We are here Market evolution of Cloud computing Cloud Horizontal Federation Cloud Islands Cloud V. Chain Cloud federation layer Cloud service broker Anticipated Cloud Market Evolution

3. Cloud Computing Technology Innovation emphasis on security 2020 2010

4. Main Concerns of Cloud Computing (from way back then) Results of survey conducted by ENISA in 2009 4

6. At the physical disk level • At the virtual volume level

7. Towards a comprehensive solution for cloud data hosting & sharing

8. Offsite /Onsite Key Management Server Cloud Service Provider (VDC) Customer VM 1 Customer VM 2 Customer VM n Agent Internet Hypervisor platform Shared data storage Policies (Rules) Example of virtual volume level encryption Agent

9. Customer experience A A Setup Once A U U VM life time A U U

10. 2 BT patents pending including combination of data shredding and cloud encryption Extensions to the core service

11. Cloud security innovation roadmapat BT Research & Technology Cloud Security Innovation Strategy Market evolution analysis Cloud information assurance metrics In-cloud security cost-benefit analysis Cloud ecosystem security value network Market analysis revision Cloud security value network revision Core activities Technical innovation challenges & solutions Cloud security risk assessment (eGov) Recommendations for High-level Secure Cloud Architecture for Government (IaaS) Recommendations for High-level Secure Cloud Architecture for Government (SaaS) Cloud Federation Fabric v1 Secure Cloud Service Broker Cloud Federation Fabric v2 Cloud Aggregation Environment (v1) Cloud federation Virtual hosing on federated clouds (basic functionality) Virtual hosing on federated clouds (enhanced functionality) Cloud Security services Accountable Entitlement Management (in-cloud) Secure cloud storage service In-Cloud Secure ESB fabric Virtual community management Cloud Security infrastructure Virtual Patching In-cloud malware scanning Cloud information assurance metrics Cloud security analytics Application aware Behavioural Malware detection (in-cloud) Hypervisor level Malware Detection Hypervisor level Intrusion Prevention Hypervisor level Data Leak Prevention Use of trusted hardware in Virtual Data Centres & Cloud Secure Virtualisation Secure Cloud Architecture for Government (IaaS)

12. BT thought-leadership: Innovation Demonstrators Cloud Security Innovation Showcases Over 9 PATENTS (AWARDED OR PENDING) on next generation Virtualisation & Cloud security

13. BT thought-leadership: Overview of external collaborations Co-authors of ENISA expert advisory report on Cloud Security Risk Analysis Contributors to CSA security guidelines and lead of Virtualisation Security work stream Contributors to ENISA expert group on Government use of Cloud computing Leading Cloud Brokerage & Federation use case at OPTIMIS a €15 million collaborative R&D project Led BEinGRID (Chief scientist / technical director) the largest R&D investment (€25 million) on next generation SOA in Europe Invited speakers at events: InfoSec, CloudSecurity, RSA, e-Crime, Intellect, ISF, CSO Summit, etc. 3 books and several technical papers in Cloud & Next Generation SOA Information Assurance Framework Cloud Risk Assessment

14. Thank you for your attention For more information contact {srijith.nair,theo.dimitrakos}@bt.com

16. Backup slides

17. Architectural Diagram of integration in Alpha Cloud platform at BT Research & Technology

18. Towards a Secure Cloud blueprint

19. Towards a Secure Cloud blueprinttechnical security subsystems