Dec 2018: Security Best Practices for Academic Cloud Service Providers

A “cloud resource” provides a hosted, self-service means for users to run virtual machines or containers such that they can have a custom software stack and isolation from other users. Virtual machines or container images can be curated and provided by the cloud resource operator, provided by the user, or provided by third parties.

Operating a cloud resource involves addressing security requirements of multiple stakeholders: those of the resource operator and those of the resource user. These parties may have different incentives related to security as well as different levels of acumen. Operators may at times run images whose trustworthiness is not established and grant users privileged access within their running image that would be uncommon on non-virtualized computing resources. Moreover, users, with their elevated privileges, can misconfigure services, expose sensitive data or choose protocols/solutions that offer less security for the sake of installation or operating costs. These factors can lead to an environment that, by its nature, is difficult to secure.

A community consisting of The Agave Platform, Cornell University Center for Advanced Computing, CyVerse, Jetstream and Trusted CI collaborated in authoring a set of Security Best Practices for developing in, and operating an academic cloud resource.

In this webinar, we will discuss the nine use cases they deemed most important to academic cloud services.

This webinar will be relevant to cloud users, evangelists, and providers. All are encouraged to join and contribute to the conversation.

The full white paper is available online at http://hdl.handle.net/2022/22123.


Speaker Bio:
Rion Dooley is the Director of Platform Services and Solutions at Data Machines Corp. He has 15 years experience integrating emerging tech with HCP environments to build solutions that make it easier to conduct open, digital science. His prior research includes projects in the areas of cloud computing and security. He serves as PI for the Agave Project, and is active in the Open Source community.

Jeannette Dopheide