The workshop on security was arranged in Oslo in the week 30 May-3 June 2016. The participants were: Students Sven Braun and Lena Mara Pfaffl (Stuttgart Media University), students Mert Buyuksagnak, Nesil Ariyurek and lecturer Sarper Durmus (Istanbul Bilgi University), student Mereijn Kramer and lecturer Clyde Moerlie (Amsterdam School of Applied Sciences), students Karin Frolander, Margret Stray-Pedersen, Tuva Kristiansen Wærdahl and lecturer Dr. Robert W.Vaagan (HiOA). The program included a welcome by Vice Rector of HiOA Dr. Morten Irgens, who is also chairman of The Centre for Cyber and Internet Security at NTNU University, and a lecture on the public sector UNINETT campus security system by researcher Tommy Tranvik, University of Oslo, Faculty of Law, Institute of Private Law. We also visited The Confederation of Norwegian Enterprise for a private sector update where we had a meeting with Senior adviser Arne R.Simonsen, The Norwegian Business and Industry Security Council.
During the week, the participants developed practical and realistic security guidelines for EMCC, focussing mostly on technical aspects. Many legal and ethical issues will need to be dealt with later in other workshops. Much will also depend on the SLA (service-level agreement) that needs to be agreed with the cloud service provider when the EMCC is launched (Fig.1). A detailed overview of the security guidelines will shortly be given in the appropriate Dropbox folder.
As discussed in Rinsdorf, Kirklar, Nina, Christensen & Vaagan (2016), the use of cloud computing platforms and applications is increasing rapidly. More than 50% of large enterprises will have cloud deployments by end-2017. But cloud-based platforms are vulnerable. From a security perspective, the EMCC needs to prioritize safety and a reliable production environment, the protection of valuable business information e.g. in an innovation process, and the protection of personal data of stakeholders embedded in our campus communication. In many countries, public institutions and private sector institutions are registering an increasing amount of cyberattacks ranging from simple pranks and malware to sophisticated forms of espionage, sabotage and cyberwarfare. Cloud security is becoming increasingly important, and depends on service models (SaaS, PaaS, IaaS) and deployment models (private, public, hybrid and community).
Typical threats embrace both threat agents (anonymous attackers, malicious server agents, trusted attackers, malicious insiders) and cloud security threats (traffic eavesdropping, malicious intermediaries, denial of service, insufficient authorization, virtualization attacks, overlapping trust boundaries). Measures designed to thwart such threats include encryption, hashing, digital signatures, public key infrastructures (PKIs), identity and access management (IAM) systems, single sign-on (SSO), cloud-based security groups, and hardened virtual server images (Erl, Zaigham & Puttini, 2014).
Most of these topics were discussed during the workshop presentations and also during the visit to The Norwegian Business and Internet Security Council (Fig.2). EMCC security guidelines have been designed as a reasonable and practical choice among these many elements.
Erl, Thomas; Zaigham, Mahmood & Puttini, Ricardo (2014). Cloud computing. concepts, technology & architecture. The Prentice Hall Service Technology Series from Thomas Erl. Upper Saddle River, NJ: Prentice Hall. Retrieved 23.4.2016 from ePub/Kindle Books.
Rinsdorf, Lars; Kirklar, Alper; Nina, Nusta, Christensen, Nikolaj & Vaagan, Robert W. (2016). “The European Media Cloud Campus project”. Intercultural Communication Studies, 2016 (25) 1.