About the Activity
In the era of agile computing, more organizations move their data centers and development resources to the cloud in order to be able to use resources (networks, infrastructure, and software) as and when required and not have to pay for them when not being used. During 2020, especially because of COVID-19, more organizations transitioned to the cloud, enabling their employees to work from home. Therefore, secured remote access, in particular in a zero-trust environment like the cloud, is challenging now more than ever.
Goals of the Activity
The goals of this activity are to raise awareness of cloud remote access security risks (e.g., by workshops and conferences), recommend best practices and guidelines for cloud remote access, and propose standards and certificates for cloud service providers regarding (context-aware) secured remote access.
To achieve these goals, we will start by framing the problems, identifying the existing approaches and technologies, and examining solutions. In addition, we will perform a gap analysis of the existing cloud standards and certifications and evaluate the need for extending them for secured remote access. Emphasis will be put on defense organizations, which have more restricted security requirements and may require more restricted security on remote access to their data.
Possible subjects of interest that will be examined by this activity:
- Provide a standard framework for authorization decisions based on projected cyber risk and authentication-based trust factors
- Leverage highly-correlated data points as real-time authentication factors for a given authorization scenario
- Define security guardrails around identity, platform, and application-level security in remote access scenarios
- Dynamically alter security and auditing controls based on importance of data, the environment context, and level of risk in authorized activities
Proposed deliverables and outcomes from this Industry Connections activity may include documents (e.g., white papers, reports), proposals for standards, conferences and workshops, etc. The deliverables of this activity will be:
- White paper (framing the problems, current architectures, the need to address secure practices, technical approaches, etc.)
- Standards and certifications gap analysis
- Recommendations for best practices and guidelines for medium-large companies, in particular defense companies
- Proposals for IEEE standards and/or certifications
- Workshops/conferences for awareness on cloud security and best practices
Getting Involved
Who Should Get Involved
We welcome new participants from large and small corporations, academia, industry, and government agencies that are interested in Cybersecurity in Agile Cloud Computing, especially in secured remote access. Members will include but are not limited to:
- Regulators
- Cloud service providers
- Cybersecurity vendors
How to Get Involved
To learn more about the program and how to join the Cybersecurity in Agile Cloud Computing activity, please express your interest by sending an inquiry to the activity chair whose information can be found in the Contacts section.