In English
Suomeksi
About Us
Contact
1PLs | Emergency
Cloud Software Program
General brochure
Main Contacts
Cloud Business
Lean Software Enterprise
Cloud Technologies
Sustainable Development
Superior User Experience
Cloud Security
Videos and Webinars
Webinars
Results
Theses and articles
Deliverables and Other Reports
"100 Tales"
Material from Cloud Events
News & Events
Archive news
Archive events
News in Finnish
Cloud Magazine
Cloud Magazine 2013
Cloud Magazine 2012
Cloud Magazine 2011
Partners
Contact
RSS channels
home
>
Cloud Security
Cloud Security
Software quality problems, wide impact vulnerabilities, phishing, botnets and criminal enterprise have proven that software and system security is not just an add-on despite past focus of the security industry. Cloud computing introduces a whole ecosystem of clients, services and infrastructure, where trust boundaries are moved even further into components, where physical location or even ownership is unknown. Add-on security therefore becomes more futile than it ever was. There is no place where these add-on components would reside.
Security, trust, dependability and privacy are issues that have to be considered over the whole life-cycle of the system and software development from gathering requirements to deploying the system and service in practice. Doing this does not only make us safer and secure but improves overall system quality and development efficiency. The Security Development Life-cycle (SDL) has only recently been recognized as the way forward, replacing ineffective point solutions. A benchmark for these efforts, the Building Security In Life-cycle Maturity Model (BSIMM) has just been launched to set standards for security initiatives. Building a mature security initiative is not cheap - the most mature one, Microsoft SDL required spending billions of dollars to implement. Smaller vendors, especially in the SME sector, cannot afford the same luxury of time and money to develop their own security initiatives and may lose their competitive edge.
Many of recent security initiatives have been relatively open and can be leveraged to help the Finnish Industry and to initiate new business. Finland has pioneered research in Security Metrics, Vulnerability, Managing Complexity, Security as a Quality Aspect and Software Robustness areas. This research can therefore be applied directly to be a part of new, improved SDLs. There is a desire to improve software and system development life-cycle efficiency so those efforts can drive security and security can support them.
The main objectives of the Cloud Security Theme are to develop:
A feasible Secure Development Lifecycle methodology supporting agile and lean SW development, and
Vulnerability, complexity and robustness management and risk-driven security metrics methodologies and tools that help developers to achieve adequate security, trust, dependability and privacy goals cloud computing environment.
Juha Röning
Professor
Oulu University Secure Programming Group
Reijo Savola
Senior Research Scientist
VTT