Practical Cyber-Security Solutions for the Science DMZ
TimeTuesday, July 306:30pm - 8:30pm
LocationCrystal Foyer and Crystal B
DescriptionThe Science DMZ provides high-bandwidth and high-throughput private connectivity to or among computing resources. However, the performance comes at a cost: there is minimal security on the Science DMZ. This is by design, as conventional enterprise network security controls introduce cost, latency and bottlenecks. Data intensive applications, particularly those using geographically distributed resources, rely on the performance of the Science DMZ. With a particular lens toward multi-institution DMZs such as the OneOklahoma Friction Free Network, this paper analyzes performance and security requirements, introduces a threat model specific to the Science DMZ, and delivers recommendations for controls to mitigate these threats in the context of the identified requirements. In particular, we apply a risk-based view to the tradeoffs between performance and security, considering impacts both to the science goals of the DMZ's multiple research stakeholders and the more conventional enterprise security posture of the facilities it connects.