Mr Samitha Amarapathy1, Mr Rohan Hirimuthugoda1, Dr Steve Quenette1, Mr Swe Win Aung1, Mr Jerico Revote1, Dan Maslin, Ed Messina
1Monash University, Clayton, Australia
The security of research projects running on the Nectar Research Cloud is a partnership between researcher and the node the project is running on. Given ever increasing cybersecurity threats and to strengthen these partnerships, the Research Cloud at Monash and the Monash University Cyber Risk and Resilience Team are pioneering the use of a Vulnerability Disclosure Program (VDP) to aid project Chief Investigators (users) comply with Monash University’s expectations on security best practices.
Vulnerability management is a continual process of identifying, assessing, reporting on, managing and remediating cyber vulnerabilities across endpoints, workloads, and systems. Currently stakeholders of Monash eResearch are using a number of solutions such as Tenable, BugCrowd, CrowdStrike and Guardicore to detect vulnerabilities associated with Research Cloud projects. Our approach to motivating research collaborations to manage and mitigate vulnerabilities at scale focuses on lifting literacy and transparency of the issues, whilst integrating cybersecurity into research practice.
To this end we have developed and will present the Research Cloud Vulnerability Reporting Dashboard within the CRAMS (Cloud Resource Allocation Management System). The dashboard integrates institutional vulnerability scanning information (from various sources) and reports vulnerabilities of Research Cloud projects to researchers in a culturally appropriate way. To a user of the Research Cloud, it provides visibility of your vulnerable software and your cloud infrastructure. It also provides a self-service re-scanning to ease re-assessment. This dashboard aids the node to gain insights into the effectiveness of current vulnerability management efforts, learn about new vulnerabilities and emerging threats and help prioritise remediation plans.
Biography:
Samitha leads the agile driven application development capability at Monash eResearch and manages IT projects of strategic importance to eResearch including CRAMS program of work, MyTardis based implementations in research instrument integration space, projects for research platforms, and national projects such as Australian scalable Drone platform.
Rohan is a Senior Research Software specialist passionate at designing and delivering architecturally sound, robust, fit for purpose software solutions to research community.