2019 Technology Exchange

close
Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Security Operations Plan: Duke University’s Approach to Cloud Security

Time 12/10/19 02:40PM-03:30PM

Room Grand Chenier (5th)

Session Abstract

Duke University School of Nursing (DUSON) recently developed an application that we hosted at Duke in our data center. Other peer institutions found out about our work and asked if we would be willing to host an instance of the application for them. We agreed and decided that Amazon Web Services (AWS) would be the ideal hosting platform. Over the next year, we moved our development environment to AWS and began a long process of developing the necessary security controls in the AWS shared security model, culminating in the creation of a full Security Operations Plan.

In this interactive session, I will detail the steps we took and the decision-making process used (in collaboration with the Duke University and Duke Health System Information Security Offices) to build our plan. On the flip side, I’ll demonstrate how we work with the security offices of our customer peer institutions, including a review of our HECVAT. The session allows for audience response (through cell-phone polling), where attendees will predict key milestone activities to see if we “got it right”. Finally, all attendees upon request will receive a copy of our most recent DUSONCloud Security Operations Plan and our completed HECVAT.

I have attached a session outline so that you can get a better idea of what I'm proposing and what I feel is important to attendees.

Speakers

Speaker Glenn Setliff Duke University

Primary track Cloud Architecture

Secondary tracks Information Security

gold Sponsors

bronze Sponsors