Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Wednesday, January 9, 2013

More on Safe Information Sharing in the Cloud

With the adoption of services in the Cloud, organisations inevitably lose control on their IT and might lack the critical information required to assess a variety of (business, performance and security) risks.


Traditional approaches based on SLAs and contractual agreements only partially address the above issues, as they provide only a “predefined” and static “view” of the situation which does not cope well against fully dynamic, ever changing IT operations and threat landscapes.

In this context, enabling more dynamic, controlled information sharing in the Cloud is key to improve situational awareness and address the above issues. This involves dealing with tension points between information sharers and sharees (about what to share, why to share, how to control information flows, etc.) along with trust and assurance issues.
More R&D is required in this area, in particular on how to provide safe information sharing and the relevant controls on the information flows.
At HP Labs, Cloud and Security Lab (CSL), we work in this space: we aim at shaping the vision and providing concrete solutions to be used in the market.
In previous blogs of mine, I provided an overview of our vision and related demonstrators we developed to convey it, in the space of Situational Awareness and Information Sharing in the Cloud, in particular in the context of Disaggregated IT.

I also briefly discussed the R&D work we do to provide better predictive analytics based on collected and shared data, in particular in the area of strategic security risk assessment (see our work on SILAS - Security Intelligence-as-a-Service).

I am looking for additional, concrete examples and case studies illustrating how current cloud adopters cope with situational awareness and assessment of the involved IT operation and business risks – including pros and cons or current approaches. Your input in terms of requirements, scenarios and feedback is welcome.

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

On Policy Decision Support for Big Data

When dealing with big data (inclusive of hybrid and unstructured one), it is very hard to understand the implications and impact of defining (security, business, sharing, privacy, etc.) policies on this data.
Which data is actually affected by the policies? Are these policies comprehensive? Are there corner cases that are not covered? Further complexity is introduced by the fact that analytics can be performed on big data, whose outcomes and implications are unknown at priori, as well.
Decision support tools are required to help policy makers to explore the implications of defining policies on big data and related analytics. In my view, these tools must provide synthetic visualization of big data as well as real-time feedback on the implications of defining specific policies and related constraints.
I am looking for:

- Tools providing synthetic, visualization of big data as well as potential analytics

- Public documentation, approaches, case studies, solutions, etc. describing how businesses currently cope with the consequences of defining (security, business, privacy, sharing, etc.) policies on big data



--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---