Security radar for 2014

•Download as PPTX, PDF•

1 like•1,459 views

A talk delivered by Ivan Harris at the London G-Cloud meet-up, January 2014. Topics covered: • Government security classifications • PSN connectivity • Hybrid clouds • Application development

Technology

Security Radar for 2014
London G-Cloud Meet-up, January 2014
Ivan Harris, Business Manager – Cloud Services

www.eduserv.org.uk

Agenda

• Government Security Classifications
• PSN Connectivity
• Hybrid Clouds
• Application Development

Government Security Classifications
• Comes into force on 02/04/14

• Classifications: OFFICIAL, SECRET and TOP SECRET
• There is no direct mapping between Security Classifications and BILs
• BIL should still be used as part of the information risk assessment when selecting G-Cloud services
• New G-Cloud service categories:
•

Unassured Clouds: Formerly IL0

•

Assured Public Cloud: Formerly IL2

•

Formally Accredited Public Cloud or Private Cloud: Formerly IL3

• As a rule of thumb:
•

Unassured Clouds: For non-sensitive OFFICIAL information suitable for the public domain

•

Assured Public Cloud: Suitable for general OFFICIAL information that is not particularly sensitive

•

Formally Accredited Public Cloud or Private Cloud: Most OFFICIAL information and aggregated information that‟s not
particularly sensitive in isolation

• Will Assured Public Clouds require PGA? Just ISO 27001 plus additional controls?

Sources:
Government Security Classifications April 2014, Version 1.0, Cabinet Office, October 2013
G-Cloud Information Assurance Requirements and Guidance, HMG, May 2012

PSN Connectivity
• GCF connectivity is retired on 31/03/14

• GCF users must have obtained PSN connectivity, achieved compliance and transitioned
by this date
• IL3 accredited PSN bearer networks will start to appear rather than using CAPS
accredited devices over IL2 bearer networks
• 3 new PSN frameworks due with
•

More SMEs (dozens, not hundreds)

•

Three ordering mechanisms (direct award, short competition, full-fat competitions)

•

4-5 year contract length

•

„Public Sector Telecoms‟ framework (which includes cloud services) due to go live in July

• 2014-16 growth in „Wider Public Sector‟ including local government and health services:
•

PSN Spend to mid-2014: Central Government £2.2Bn, Wider Public Sector: £0.8Bn

•

PSN Spend 2014-2016: Central Government £0.6Bn, Wider Public Sector: £1.6Bn

Sources:
Next-generation PSN Frameworks, Cabinet Office, November 2013

Hybrid Cloud
• Low hanging fruit of point cloud solutions will soon be harvested
• More sophisticated solutions will be needed to support:
• On premise and off premise
• Legacy systems and cloud services
• Public and private cloud
• Multi-impact level information estates
• Integrating to multi-impact level systems

• Impact level hybrid clouds are needed
• Supports the business benefit prioritized cloud journey and optimises
information estates

Application Development
• The „Public Cloud First‟ policy, drives for better citizen experience/engagement
and more sophisticated solutions require digital services, Enterprise Applications
Integration, SaaS and custom web, enterprise mobile applications
• Demand from third-party application developers for IaaS, PaaS, EPaaS and
PSN support on IL2 and IL3 PGA‟d services
• Full software lifecycle support is needed: Spin-up/tear-down of
development, test, staging and production environments
• Needs to align to HMG‟s Agile objectives by supporting continuous integration
and continuous release
• Application developers need help with accrediting their applications on already
PGA‟d services

In Summary

• Government Security Classifications
• PSN Connectivity
• Hybrid Clouds
• Application Development

“In the midst of chaos,
there is also opportunity”
Sun Tzu

Ivan Harris
Business Manager – Cloud Services
Email: ivan.harris@eduserv.org.uk
Phone: 01225 474311
Twitter: @IvanDavidHarris

What's hot

There are four constraints for internet of things to succeed: devices should have connectivity even on a long range, connectivity should be free and secure, devices consume very little power and the form factor is reduced to the size of the battery. LoRa enables this: long range, low power communication over free-to-use frequencies around the world. In this talk, I will introduce the open standard LoRaWAN: the wide area network protocol stack built on top of LoRa, maintained by telecom operators, chipmakers and IoT industry leaders. With a $ 1,200 gateway in our hands, we imagined covering the city of Amsterdam with only ten gateways. Four weeks later, we crowd sourced the gateways and launched the first open LoRa covered city network in the world. The open source, open hardware initiative, The Things Network, spread like wildfire around the world. After a very successful Kickstarter campaign to enable producing affordable gateways, development kits and nodes, we started building the network with the community. LoRaWAN is at the core of this network, and in this talk I'll explain its role in our mission to build an open, decentralized and crowd sourced internet of things data network with global coverage.

EclipseCon NA 2016: The Things Network

Johan Stokking

2016 Network Security Outlook

Western NRG

One year later… Revisiting the GDPR and what it means for the cloud

OVHcloud

Picnic 2011

Arnold Koning

InnovationSummit2015 - iot connectivity

Thibault Cantegrel

Delivering the IoT ecosystem

Telefónica IoT

IoT Security

Peter Waher

What's hot (7)

EclipseCon NA 2016: The Things Network

2016 Network Security Outlook

One year later… Revisiting the GDPR and what it means for the cloud

Picnic 2011

InnovationSummit2015 - iot connectivity

Delivering the IoT ecosystem

IoT Security

Similar to Security radar for 2014

The Pensions Dashboard project is an important and exciting initiative for the UK consumer with an immense social purpose. It has the potential to significantly improve retirement planning, financial inclusion and consumer engagement with the pensions industry. Origo is working with ForgeRock and the wider industry to bring an enabling infrastructure to market. The solution will securely identify the consumer before orchestrating a search of pensions across the industry. Today we will provide a tour of the project to date. We’ll cover the architecture for identity, attribute exchange and resource sharing; bringing this to life with a demonstration.

Identity Live London 2017 | Kenneth May

ForgeRock

Securing Your Business #4 - Role Of The Customer

Datapipe

BT "cloud of clouds" vision

Marco Verzellino

BTGSCloudofCloudsvisionwebcastslides03062015

Jon Flack

Cloud services are critical sources of speed and agility, and have evolved beyond the simple benefits of cost reduction. Cloud helps companies profit from disruption by allowing innovation in both the front and back office. This Digital Realty webinar features Michael Bohlig (@bohlig), KC Mares (@kcmares) and Forrester Principal Analyst Dave Bartoletti (@davebartoletti). For more information visit http://www.digitalrealty.com

State of the Cloud and Data Centers 2014

Digital Realty

Workplace Technology Devices (WTD) Initiative

KBIZEAU

Government innovation through cloud computing arthur riel

E-Government Center Moldova

130424 bitkom ucc_cloud_v06

Michael Burian

Securing Data in the Cloud - GISEC2017

Sohaib Mahmood

Enabling the Cloud for the Masses Governments and Enterprises are entrusted with the responsibility of ensuring that key services reach citizens and consumers in the best possible means. With the launch of the Cloud, within the tech sector Cloud service offerings are now a reality and providers are jumping on the Cloud on an everyday basis. The next logical step is for Public sector organizations to be able to offer Cloud based services to citizen that offer the convenience of “pay for what you use” billing and in compliment offer load or time based billing models for providers. Enabling these services, that include collaboration, Big data analytics and communication, that connect to the infrastructure of providers to the delivery point of consumers is now a reality. Learn from a recent implementation of Cloud services for a leading European Telco, how services are now consumed on the Cloud and how these are made possible by a new revolutionary platform by Solgenia. In this presentation you will learn from a real customer case study and find out about the possibilities of where providers can take the Cloud and applications for Governments, Telcos, and large scale Enterprises.

Solgenia - Powua Cloud Management and Cloud Monetization for Governments and ...

solgenia

Telenity CANVAS API MANAGER Product Presentation 2015

Mustafa Kuğu

Berislav Biočić, HP SEE: “HP Cloud za e-Poslovanje”

goranvranic

F E B R U A R Y 8 , 2 0 1 1 Vivek Kundra U.S. Chief Information Officer F E D E R A L C L O U D C O M P U T I N G S T R AT E G Y i★ ★ TABLE OF CONTENTS Executive Summary 1 I Unleashing the Power of Cloud 5 1 Defining cloud computing 5 2 Cloud is a fundamental shift in IT 6 3 Cloud computing can significantly improve public sector IT 6 II Decision Framework for Cloud Migration 11 1 Selecting services to move to the cloud 11 2 Provisioning cloud services effectively 15 3 Managing services rather than assets 16 III Case Examples to Illustrate Framework 19 1 Tailoring solution to protect security and maximize value 19 2 Provisioning to ensure competitiveness and capture value 20 3 Re-defining IT from an asset to a service 22 IV Catalyzing Cloud Adoption 25 1 Leveraging cloud computing accelerators 25 2 Ensuring a secure, trustworthy environment 26 3 Streamlining procurement processes 28 4 Establishing cloud computing standards 29 5 Recognizing the international dimensions of cloud computing 30 6 Laying a solid governance foundation 31 V Conclusion 33 Appendix 1: Potential Spending o ...

F E B R U A R Y 8 , 2 0 1 1Vivek Kundra U.S. Chief Inf.docx

mydrynan

g-cloud vision

putinvn

Cyber Security Practices and Future Plan: Real Scenario in ISPs In Nepal

ICT Frame Magazine Pvt. Ltd.

Bb Education on Tour | Cloud Services | Glenn Philpott, Director, Education S...

Blackboard APAC

Open Data e Smart Government: tecnologie e trend di mercato Alessio Meloni

Apulian ICT Living Labs

Modelli di interoperabilità in un hybrid cloud environment

CSI Piemonte

The Data Center of the Future: The New IP - Phil O'Reilly

scoopnewsgroup

This webinar covers: - An overview of the GDPR - Breach notification requirements under the GDPR and a showcase of recent data breaches and their costs - Organisations' responsibilities when storing data in the Cloud, and the roles of controller and processor - The outcome of subcontracting on Cloud service providers and notifications on activities in the Cloud - The role and responsibilities of the Cloud adoption team - ISO 27018 and implementing security controls for PII in the Cloud. A recording of this webinar is available here: https://www.youtube.com/watch?v=mcLPEEGqvr4

Privacy and the GDPR: How Cloud computing could be your failing

IT Governance Ltd

Similar to Security radar for 2014 (20)

Identity Live London 2017 | Kenneth May

Securing Your Business #4 - Role Of The Customer

BT "cloud of clouds" vision

BTGSCloudofCloudsvisionwebcastslides03062015

State of the Cloud and Data Centers 2014

Workplace Technology Devices (WTD) Initiative

Government innovation through cloud computing arthur riel

130424 bitkom ucc_cloud_v06

Securing Data in the Cloud - GISEC2017

Solgenia - Powua Cloud Management and Cloud Monetization for Governments and ...

Telenity CANVAS API MANAGER Product Presentation 2015

Berislav Biočić, HP SEE: “HP Cloud za e-Poslovanje”

F E B R U A R Y 8 , 2 0 1 1Vivek Kundra U.S. Chief Inf.docx

g-cloud vision

Cyber Security Practices and Future Plan: Real Scenario in ISPs In Nepal

Bb Education on Tour | Cloud Services | Glenn Philpott, Director, Education S...

Open Data e Smart Government: tecnologie e trend di mercato Alessio Meloni

Modelli di interoperabilità in un hybrid cloud environment

The Data Center of the Future: The New IP - Phil O'Reilly

Privacy and the GDPR: How Cloud computing could be your failing

More from Eduserv

Phase two of OpenAthens SP evolution including OpenID connect option

Eduserv

Partnership Licensing - allowing access to licensed resources

Eduserv

Lightning talk - EBSCO

Eduserv

Lightning talk - Boopsie

Eduserv

Lightning talk - Softlink

Eduserv

Lightning talk - Third Iron BrowZine

Eduserv

Lightning talk - Eduserv Chest Agreements

Eduserv

Phase one of OpenAthens SP evolution

Eduserv

Key considerations when mapping your end user experience

Eduserv

Our product development methodology

Eduserv

How Readers Discover Content

Eduserv

OpenAthens product update

Eduserv

OpenAthens Customer Conference - Welcome address

Eduserv

Generating leads with content marketing

Eduserv

Pre-launch introduction to the new OpenAthens SP dashboard - 13/09/2016

Eduserv

This presentation by Jonathan Watkins of Maplesoft and the University of Birmingham was given to the Eduserv Maths and Stats Software Focus Group in June 2016. Möbius is a comprehensive online courseware environment that focuses on science, technology, engineering, and mathematics (STEM). students can explore important concepts using engaging, interactive applications, visualize problems and solutions, and test their understanding by answering questions that are graded instantly.

Mobius from Maplesoft

Eduserv

QSR NVivo

Eduserv

How Eduserv are helping local government organisations

Eduserv

Nick Wallace, Government Analyst, Public Sector Ovum Momentum for the adoption of cloud services continues to grow in the public sector as services mature and agencies experience in buying and using cloud services grows. As agencies steadily incorporate various cloud components into their environment, it is clear that public sector organisations are starting to realise the benefits of cloud. In fact if one where creating a “greenfield” service, “in the cloud” would be the default approach. However the reality is that most institutions are not in this position. Most have to manage a legacy environment that comprises aging technology, duplicate, inefficient and inconsistent business processes. Developing and implementing a staged migration to cloud will be pivotal when determining whether the “as-a-service” promise facilitates innovation or undermines organisational integrity

Is cloud the right fit for your needs?

Eduserv

Paul Brewer, Director for Digital & Resources at Adur & Worthing Council. How do you assess your organisations readiness to move to the cloud and adopt new platforms drive business change? Paul Brewer from Adur and Worthing Councils will be sharing how they evaluated whether cloud was right for them, the talk will cover how they evaluated the benefits, costs and risks of moving to the cloud, and how they used this assessment to support and build their cloud strategy.

Planning your cloud strategy: Adur and Worthing Councils

Eduserv

More from Eduserv (20)

Phase two of OpenAthens SP evolution including OpenID connect option

Partnership Licensing - allowing access to licensed resources

Lightning talk - EBSCO

Lightning talk - Boopsie

Lightning talk - Softlink

Lightning talk - Third Iron BrowZine

Lightning talk - Eduserv Chest Agreements

Phase one of OpenAthens SP evolution

Key considerations when mapping your end user experience

Our product development methodology

How Readers Discover Content

OpenAthens product update

OpenAthens Customer Conference - Welcome address

Generating leads with content marketing

Pre-launch introduction to the new OpenAthens SP dashboard - 13/09/2016

Mobius from Maplesoft

QSR NVivo

How Eduserv are helping local government organisations

Is cloud the right fit for your needs?

Planning your cloud strategy: Adur and Worthing Councils

Recently uploaded

ScyllaDB has the potential to deliver impressive performance and scalability. The better you understand how it works, the more you can squeeze out of it. But before you squeeze, make sure you know what to monitor! Watch our experienced Postgres developer work through monitoring and performance strategies that help him understand what mistakes he’s made moving to NoSQL. And learn with him as our database performance expert offers friendly guidance on how to use monitoring and performance tuning to get his sample Rust application on the right track. This webinar focuses on using monitoring and performance tuning to discover and correct mistakes that commonly occur when developers move from SQL to NoSQL. For example: - Common issues getting up and running with the monitoring stack - Using the CQL optimizations dashboard - Common issues causing high latency in a node - Common issues causing replica imbalance - What a healthy system looks like in terms of memory - Key metrics to keep an eye on This isn’t “Death-by-Powerpoint.” We’ll walk through problems encountered while migrating a real application from Postgres to ScyllaDB – and try to fix them live as well.

Optimizing NoSQL Performance Through Observability

ScyllaDB

Screen flow is a powerful automation tool that is commonly designed for internal and external users. However, what about the guest users? We will dive into various methods of launching screen flows and understand how to make them publicly accessible, extending their usability to a broader audience. The presentation will also cover the implementation of security layers and highlight best practices for a smooth and protected user experience. Discover the potential of screen flows beyond conventional use and learn how to leverage them effectively.

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

CzechDreamin

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

Already know how to write a basic SOQL query? Great! But what about an *aggregate* SOQL query? You know, the kind that uses aggregate functions like COUNT & MAX along with GROUP BY and HAVING clauses? No? Well, get ready to learn how to slice & dice your org’s data right inside your own dev console. From finding duplicate records to prototyping summary & matrix reports, learn the ins and outs of aggregate queries during this fast-paced but admin-friendly session on advanced SOQL concepts.

SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...

CzechDreamin

What's New in Teams Calling, Meetings and Devices April 2024

Stephanie Beckett

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

This talk focuses on the practical aspects of integrating various telephony systems with Salesforce, drawing on examples from implementations in the Czech scene. It aims to inform attendees about the spectrum of telephony solutions available, from small to large scale, and their compatibility with Salesforce. The presentation will highlight key considerations for selecting a telephony provider that integrates smoothly with Salesforce, including important questions to support the decision-making process. It will also discuss methods for integrating existing telephony systems with Salesforce, aimed at companies contemplating or in the process of adopting this CRM platform. The discussion is designed to provide a straightforward overview of the steps and considerations involved in telephony and Salesforce integration, with an emphasis on functionality, compatibility, and the practical experiences of Czech companies.

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...

CzechDreamin

Explore the core of Salesforce success in 'Salesforce Adoption – Metrics, Methods, and Motivation.' We will discuss essential metrics, effective methods to drive adoption, and the driving force behind user engagement and explore strategies for onboarding, training, and continuous support that empower users to navigate the platform seamlessly. By leveraging these tools, you can effectively measure adoption against your company’s goals and create an environment where users not only adopt Salesforce but actively contribute to its ongoing success.

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

CzechDreamin

I'm excited to share my latest predictions on how AI, robotics, and other technological advancements will reshape industries in the coming years. The slides explore the exponential growth of computational power, the future of AI and robotics, and their profound impact on various sectors. Why this matters: The success of new products and investments hinges on precise timing and foresight into emerging categories. This deck equips founders, VCs, and industry leaders with insights to align future products with upcoming tech developments. These insights enhance the ability to forecast industry trends, improve market timing, and predict competitor actions. Highlights: ▪ Exponential Growth in Compute: How $1000 will soon buy the computational power of a human brain ▪ Scaling of AI Models: The journey towards beyond human-scale models and intelligent edge computing ▪ Transformative Technologies: From advanced robotics and brain interfaces to automated healthcare and beyond ▪ Future of Work: How automation will redefine jobs and economic structures by 2040 With so many predictions presented here, some will inevitably be wrong or mistimed, especially with potential external disruptions. For instance, a conflict in Taiwan could severely impact global semiconductor production, affecting compute costs and related advancements. Nonetheless, these slides are intended to guide intuition on future technological trends.

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Peter Udo Diehl

The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.

Search and Society: Reimagining Information Access for Radical Futures

Bhaskar Mitra

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

The standard Salesforce Approval process can be limiting in many ways, especially in complex scenarios. What if there was a way to implement very flexible approvals where one can use Apex code to make data updates in unrelated records, dynamically generate next steps details, and compute assignees on the fly? And still use UI-based configurations to implement concrete approval processes. In this session, we will share ideas behind such a solution and show a few lines of code to get you started.

Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder

CzechDreamin

WSO2CONMay2024OpenSourceConferenceDebrief.pptx

Jennifer Lim

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

Generative AI architecture, at its core, revolves around the concept of machines being able to generate content autonomously, mimicking human-like creativity and decision-making processes. Unlike traditional AI systems that rely on predefined rules and data inputs, generative AI leverages deep learning techniques to produce new, original outputs based on patterns and examples it has learned from vast datasets. This capability opens up a multitude of possibilities across various domains within an enterprise.

The architecture of Generative AI for enterprises.pdf

alexjohnson7307

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

IoT Analytics Company Presentation May 2024

IoTAnalytics

I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.

"Impact of front-end architecture on development cost", Viktor Turskyi

Fwdays

Bits & Pixels using AI for Good.........

Alison B. Lowndes

Recently uploaded (20)