Security Assurance IN Service OuTSourcing

SCHEME: CORE

CALL: 2012

DOMAIN: IS - Information Security and Trust Management

FIRST NAME: Moussa

LAST NAME: Ouedraogo

INDUSTRY PARTNERSHIP / PPP: Yes

INDUSTRY / PPP PARTNER: Luxembourg e-Archiving s.a.

HOST INSTITUTION: LIST

KEYWORDS: Security assurance, service outsourcing, datacentres, cloud services, metrics

START: 2013-01-01

END: 2014-12-31

WEBSITE: https://www.list.lu/

Submitted Abstract

Currently, the relationship between Service providers and their customers, as far as security is concerned, is profoundly based on trust. Although it is commonly agreed that having recourse to outsourcing helps in cutting corners, the consumers also surrender, at least partly, the management of their service’s security to the providers. The key expectation is that, the latter will deploy the necessary safeguarding measures to ensure their business continuity. Given the criticality of most of the Luxembourgish businesses and the scepticism of most of them to fully embark in the cloud (PwC, 2010), more transparency, at least with respect to security, is needed to enable service outsourcing, cloud services in particular to become widely adopted. The SAINTS project’s contribution goes along this line as it aims the development of a framework, supported by a prototype, for appraising and monitoring Security Assurance (SA) in the context of service outsourcing. Furthermore, SAINTS will examine ways in which such SA information may be reported to the consumers depending on their contractual agreement with the provider. The SAINTS project will build upon results achieved during the Project Investigator’s PhD thesis, which dealt with SA for runtime systems and, on the latest advances on achieving a trusted cloud computing environment. In particular, SAINTS will seek to: i)define SA metrics that could be used as meaningful indicators of the security situation for both the service provider and consumers; ii)investigate the usage of patterns and logic based language in the specification of the SA requirements. This latter aspect is expected to help achieve a framework for SA evaluation and monitoring that enables the flexible adaptation of the SA information in the face of the evolving threats and vulnerabilities landscape. The results of SAINTS will help foster a better control of security failures from a provider perspective through monitoring of key security indicators while helping to increase the consumers’ confidence in using those services. For the sake of achieving results that are both technically sound and practical, the project makes leverage of a number of strategic collaborations involving partners within academia and the industry. On the one hand, Plymouth University, through the expertise of Prof. Steve Furnell will provide guidance on the technical direction of the project. On the other hand, the involvement of such a SaaS service provider as the Luxembourg e-Archiving s.a. (Learch), and the interactions through the organisation of focus group workshop involving others key actors in the datacentres and cloud services in Luxembourg such eBRC and Luxcloud, will help to achieve a comprehensive understanding of the peculiarities of SA in the context of service outsourcing and for the validation of the results.

This site uses cookies. By continuing to use this site, you agree to the use of cookies for analytics purposes. Find out more in our Privacy Statement