1 / 6

Developing Open Source Encryption Tools for Cloud User Trust and Security

This project aims to create an open-source encryption tool tailored for end users, ensuring security and confidentiality in cloud applications. Recognizing the rapid advancements in technology, we propose a focused development timeline of 6 to 12 months, leveraging limited scope and substantial resources. Collaboration with institutions like JISC, CSC, and SURF will be essential to establish a requirements list that vendors must meet. By promoting compliance and exploring strategies to avoid vendor lock-in, we seek to foster a more secure cloud environment for higher education institutions.

fionn
Download Presentation

Developing Open Source Encryption Tools for Cloud User Trust and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Application and development • Femke, Paul, Matthew, Bas If we do anything … itshouldbeready in 6-12 months, otherwiewe’llbeoverhauledbyreality • ThismeansSmall Scope and/orLarge Resources If we do anything … itshouldbe Open Source

  2. Application and development Develop a tool forencryptiongeared at end users, applicable to any kind of Cloudusage Explore the separation of Storage and Process Combine these and other, smallscalesolutoins, to achieve the biggersolutionregarding trust, security, confidentiality

  3. Application and development Notion: there are alreadysmallofferings of more trustedorreliablecloud services, e.g. the What-Not-Cab-Be-named-DropBoxfacilities Requirements list, a SMART action !!!

  4. Application and development JISC, CSC and SURF are (inter)nationally promoting federations. Theycan do that as wellforCloudrequirements Theyshould set up a Requirements List • Convince vendors to comply to requirements made byinstitutions, otherwiseHEI’snotinterested: • SAML2, (welldeveloped) API’s, O-AUTH

  5. Application and development Set up a requirements list collaboratively (workinggroup of JISC-CSC-SURF plus HEI reps) List vendors thatcomply List institutionsthatcomply Canvas to getotherHEI’son the list ACTION2: explore/findconvincingstrategy to have OVF support required, to avoid vendor lock-in.

  6. Application and development SMART: • Specific, and can start fro the dtchexample • Measurable: indication we wish to have 25 % of the institutions support the list, and in the firstyear a significant # of complying vendors • Acceptable – as long as the requirements are reasonablecompliance is anacceptedpractice • Realistic – it’salreadydone (SURFnet in NL) • Timely – Now is the time of Cloudcontracting, communitypressureon vendors shouldbuild up now.

More Related