Financial Investment Company Elastically Scaling Storage Using a Public Storage Cloud
drus...@ca.ibm.com
Security in the Cloud (http://groups.google.com/group/cloud-computing-
use-cases ).
Description: A financial investment company is about to internally
announce a new investment products to its agents and affiliates. This
will involve include creation of several videos to explain the
benefits and features new product to its staff and agents, as well as
to train/instruct them on when to recommend these products to their
customers. These videos are quite large and need to be made available
(on-demand) as secure, confidential data to appropriately certified
company agents worldwide. There are federal regulations and industry
obligations that need to be enforced (policy) to assure that this new
product announce and the videos are kept confidential during a
restricted period. The financial company decides to utilize a Public
Storage Cloud to elastically scale to handle the secure hosting
(storage) and streaming for these new videos while using security
features in the cloud to auditable access control to the videos in
accordance with security policies when employees and agents access the
videos.
Of course, we can include encryption/decryption of data using customer
supplied keys. Too much?
Security Standards and Patterns Featured:
Federated Trust (using signed IEEE X.509 Certificates, perhaps keys to
use on videos or drives?)
Security Policy (exchange using XACML, to manage role based access to
videos)
Federated Identity Management (FIM)
Federated Access Management (FAM)
Storage Security (IEEE P1619 for key mgmt to drives, perhaps too low
level?, KMIP for provider/customer specific keys?)
Federated Audit (XDAS again? for access logs to verify to federal
agents that new products was disclosed properly)
+++ Perhaps there may also be an asset management angle here as well,
but it is best to save that for another use case to be posted at a
future date...
Is this too low a level of key management (i.e. drive/storage device
level key mgmt.)?
FYI, this use case is based upon an actual recent customer inquiry;
however, the regulatory details/ specifics were not supplied. Does
anyone have more specifics on regulatory rules for announcing new
financial products (e.g. new stock, etc.) that could add more realism
to the use case?
Matt.
Please post your comments to either this post or the original at
(http://su.pr/9uKSGW ).
drus...@ca.ibm.com
Security in the Cloud (http://groups.google.com/group/cloud-computing-
use-cases ).
Financial Investment Company Elastically Scaling Storage Using a
Public Storage Cloud