In a time when cybersecurity is ever more important, strong and secure digital solutions are needed to keep our data safe. SDU is at the forefront of digital cloud and HPC technology to promote research and innovation.
High Performance and Cloud Computing need more security
The eScience Center has significantly increased the number of services for High Performance Computing (HPC), cloud compute and cloud storage offered to SDU researchers. Thanks to UCloud, an innovative software platform developed by the eScience Center, many of the eScience center services are accessible via easy-to-use web based interfaces.
UCloud is a digital research and analysis environment which improves the usability of traditional High Performance Computing (HPC) environments and simplifies the access to applications and software, regardless of the users’ location and device. UCloud also acts as a cloud storage service where users can store large amounts of research data. Access to SDU’s HPC system was previously only available via command line – but now a web-based user interface is provided thanks to UCloud:
“We dedicate a great deal of effort in making all the features on the UCloud platform work well together and provide an easy-to-use graphical user-interface, which researchers can access via the web,” says Claudio Pica, Professor and Director of the SDU eScience Center.
Offering more services available through the web creates on the one hand exciting new opportunities for researchers, companies and government agencies, but raises on the other hand several security concerns. It is therefore of crucial importance and quite exceptional that the SDU eScience Center has obtained a formal ISO 27001 certification, which is the internationally recognized golden standard for Information Security Management:
“Having obtained the certification opens the possibility for handling large amounts of sensitive data such as health or financial data, enabling a broad collaboration with a wide range of companies and public authorities that are required to use solutions with an ISO 27001 certification. It is a powerful quality stamp we have acquired, and we are obviously very proud of it,” says Martin Svensson, Head of the Department of Mathematics and Computer Science (IMADA), where the SDU eScience Center is based.
ISO 27001 – an all-round security standard
ISO 27001 is an international information security management standard. The standard provides a framework of policies and procedures that helps organizations and businesses to manage the handling of valuable information – including personal data – in a secure and trustworthy way. Among other things, ISO 27001 enforces requirements for risk management, documentation of processes, as well as the distribution of roles and responsibilities for information security. (Source: Danish Standard).
The eScience Center obtained the ISO 27001 certification in February 2020, following a formal evaluation by an accredited external auditor, DNV GL. This not only means that the software and hardware infrastructures used at the eScience Center are secure, but also that the actual workflows around these services meet the required quality standards.
“The uniqueness of our ISO Certification is that it is very operational – in the sense that the eScience Center staff has to relate to it on a continuous basis, thereby taking ownership of the product and responsibility for the security. For example, a developer cannot just create an amazing code without also creating the corresponding documentation that comes with it. In this way, our entire production line is continuously aligned with the guidelines that accompany the certification,” explains Bjørn Høj Jakobsen, Compliance and Security officer at SDU eScience Center and Lead Implementer for the certification process.
SDU and the eScience Center is the first public institution in Denmark to obtain the ISO 27001 certification.
“We take data security very seriously. All our platforms are designed with security and privacy in mind. A formal ISO 27001 certification is the guarantee, given by an external independent authority that our organization handles data security in the correct way. Having an ISO 27001 certification is quite exceptional, as most, if not all, organizations in Denmark only claim compliance with the standard,” says Claudio Pica.
Being ISO compliant means than an organization claims to adhere to the requirements of the standard but without an external certification body having performed a series of audits to verify the claim:
“Being compliant with the ISO 27001 standard means that an organization tries its best to follow the principles of the standard. There is no rule nor prescription to what being compliant means in practice. This is quite different from having an ISO 27001 certification. Being certified means not only that the organization has a formal structure and written procedures that implement the processes required by the ISO27001 standard to guarantee secure handling of information at all levels; but more importantly, that such structure has been scrutinized by an accredited external auditor,” says Claudio Pica.
The scope of the eScience Center certification covers all the services provided by the center, from cloud services such as UCloud to the traditional HPC facilities.
A secure digital future
Over the past 20 years, due to a lack of information security the risk of cyber-attacks and IT related crime have increased considerably. This is due to our increased use of the internet, as a means of both doing business and providing access to large amounts of information. The increasing reliance on the internet for business-critical operations and data-access has in recent years led to a higher risk of information being compromised in recent years. When information is lost, destroyed, stolen, or becomes inaccessible, it may jeopardize the company’s credibility and customer confidence.
Head of Department Martin Svensson believes that there are many companies and authorities, for which it can be an impossible task to meet the business demands by using multiple cloud technology solutions, while at the same time maintaining the necessary level of security. This applies nationally as well as internationally, which is why it is so important to develop products such as UCloud:
“With UCloud and the ISO 27001 Certification, SDU helps to ensure that Denmark is at the forefront in creating a secure digital future,” explains Martin Svensson.
It is also anticipated that UCloud will be released as an open-source software, so that UCloud becomes easily available for many users to build on:
“Our vision is to build a large community of users and developers who will help us expand the UCloud platform even more. In the short term, we are offering UCloud as a national solution in Denmark, and we are in contact with national providers of research services in several other countries,” concludes Claudio Pica, Professor and Director of the SDU eScience Center.