Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Friday, July 1, 2011

Towards A “Social Network” of Monitoring and Incident Management in the Cloud?

I recently read a very interesting article called “Log files – are you reviewing yours?”. Organisations often fail to fully leverage and analyse the audit log information that is collected within their IT and business environment …

Things might get worse when more and more organisational services and IT infrastructure is outsources in the Cloud …

This triggered a few thoughts about how assurance could be provided in the Cloud and how this could be done effectively to handle various degrees of risks.

Interestingly, when outsourcing in the Cloud, part of the organisational control on IT and processes is lost. This might include the ability of logging information at the desired level of granularity and timely acting on it, e.g. in case on incidents …

Which mechanisms should be put in place to enable organisations to get timely information, including logs and incidents, from their Cloud Service Providers?

This has an impact not only on SLAs and contractual agreements but also on technical solutions that needs to be deployed to:

- enable Cloud service providers to flexibly collect log information, at different level of abstractions in the IT stack – for specific customers - and provide it to organisations
- enable organisations to deal with mixed sources of log files, with potentially different level of accuracy and trust, to drive their audit & compliance management activities as well as incident management processes

It is going to be a “recursive” issue, as Cloud Service providers might rely on other providers in the Cloud …

I envisage a situation where enterprises’ business and governance requirements will dictate a wider collaboration between various Service Providers in order to collect, process, sanitise and share “logs information” and incidents.

Are we moving towards Federated Monitoring in the Cloud i.e. a sort of “Social Network” of Monitoring and Incident Management in the Cloud? …


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

HP Labs’ EnCoRe Service Framework for Privacy Management

HP Labs are developing an R&D Service Framework for the management of Consent/Revocation and Privacy, in the context of the EnCoRe project.

This work aims to provide a flexible, general purpose, agile and extensible R&D platform to further support the exploitation of EnCoRe technologies and solutions. We envisage using this Service Framework in the context of the EnCoRe engagement with the Cabinet Office, in their Identity Assurance Programme.

More details about this work are going to be published in the coming EnCoRe Newsletter.


References

[1] EnCoRe Architecture D2.1, http://www.encore-project.info/deliverables_material/D2.1%20EnCoRe%20Architecture%20V1.0.pdf, 2010

[2] EnCoRe Architecture D2.2, http://www.encore-project.info/deliverables_material/D2_2_EnCoRe_Architecture_V1.0.pdf, 2011

[3] UK Cabinet Office’s Identity Assurance Programme, http://www.publications.parliament.uk/pa/cm201011/cmhansrd/cm110518/wmstext/110518m0001.htm#11051863000116, 2011



--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

UK Cabinet Office’s Identity Assurance Programme

The UK Cabinet Office has provided further updates about their Identity Assurance Programme.

This article provides additional information and analysis:

“Government is hard at work with IT industry partners to crack the problem of identity assurance, says Nigel Harrison of the Office of Cyber Security and Information Assurance (OCSIA).
The initiative, being led by the Cabinet Office, is essential to government commitment to delivering services online, he told Computer Weekly.
In May, the Cabinet Office announced government plans to help create a market of private sector identity assurance services.
Nigel Harrison says it is likely the UK will soon see the emergence of multiple providers of identity assurance services specialising in different types or levels of assurance.
This will enable citizens to choose their own identity assurance providers depending on what level of assurance is required. Harrison said no single provider would necessarily have guardianship of all identity information about any individual, he said.”


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

Presentation: Risk Assessment and Decision Support for Enterprise Security Policies

I recently gave a presentation at the IEEE Policy 2011 Symposium, about “Risk Assessment and Decision Support for Enterprise Security Policies”. Good discussions and debates.

My presentation is now available online. The abstract of the related paper follows:

“This paper presents and discusses our work to provide organizations with risk assessment and decision support capabilities when dealing with their strategic security policies. We aim at achieving this by using a rigorous and scientific methodology (and tools) which leverages modeling and simulation techniques. This methodology helps organizations to assess their risk exposure. It factors in policy implementation at the operational level along with relevant threats, processes, interactions and people behaviors. It provides “what-if” analysis by illustrating the consequences of making policy changes and investments. We introduce our methodology and tools and then illustrate how this approach has been successfully used in a real case study with one of our major customers. This case study focused on the organization’s access management processes and related policies: it helped to inform strategic security policies and support changes of current processes. Additional work is planned in this space.”



--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---