Reliable and Secure Environment
Users in education and research are increasingly reliant on their environments. To be able to successfully collaborate, a reliable and secure online environment is necessary. SURF is building a robust authentication and authorisation infrastructure to provide this, and is helping institutions and users defend themselves against cyber threats.
What are the programme's aims?
More collaboration between users
Students, lecturers, researchers and employees don't only collaborate internally, they also collaborate externally with other institutions and the business community, both nationally and internationally. They are also using cloud services more frequently. These factors enable high level research and education, but users and systems have become more vulnerable in the areas of reliability, security and privacy.
Reliable and secure environment
In order to guarantee reliable collaboration in education and research, a reliable and secure online environment is necessary. The aim of this innovation programme is to create that environment and to continue to refine it. The most important features of this environment are:
- Users can securely access services and content with their own account, anytime, anyplace and on any device.
- Users are able to collaborate as needed in groups including anyone.
- Users and institutions are prepared to deal with security incidents and cyber attacks.
What are we doing in this programme?
Trust & Identity
For the Trust & Identity component, SURF is developing a stable, reliable and efficient authentication and authorisation infrastructure. We are working on the next generation and exploring possibilities that may result in new components for the SURFconext service. For example, we are researching how external authentication systems (such as Idensys, iDIN and eIDAS) can be linked to SURFconext.
Security & Privacy
The Security & Privacy component aims to defend SURF and its affiliated institutions against future security incidents and cyber attacks. To this end, we are developing security services and an awareness campaign, and we are devising standards for secure cloud and other services.
How do institutions benefit from the programme?
Secure online collaboration with reliable cloud and other services
A secure and reliable online environment forms the basis for trouble-free work and collaboration in education and research. When users log in to the services, they know this is done in a secure way. And the collaboration environment also offers more convenience: for example, users can gain access to hundreds of worldwide, online services with the account issued by their institution. This safeguards security and privacy.
Secure against threats from the Internet
Institutions are better protected against threats from the Internet: SURF is developing services such as a service that can limit the damage of DDoS attacks and is also helping to increase awareness of threats from the Internet among users in education and research.
Which projects are part of this programme?
Trust & Identity
- Continued development of the Trust & Identity infrastructure, focusing on
- Supporting student mobility between institutions and sectors
- Simple authentication where possible, extensive authorisation where necessary
- Accessibility of non web-based services
- Facilitating guest use
- Supporting advanced use cases for cross-institutional, international and cross-sector collaboration and research.
Security & Privacy
- Communities and awareness: we coordinate and connect communities in and beyond education and research, so that we can have a larger impact through collaborative efforts. In order to increase awareness of cyber threats among the target group, we are developing campaigns, training strategies and security games.
- Development of services: we are developing security services such as DNSSEC, security operations and a monitoring infrastructure supported by innovative DDoS mitigation and Software Defined Security techniques.
- Standards, guidelines and an open and free Internet: we are expanding the SURF Framework of Legal Standards for (Cloud) Services. SURF is committed to ensuring a secure and reliable Internet service where user privacy is respected.
What have we already achieved through this programme?
Here is a small selection of our achievements:
- In collaboration with institutions, SURF is experimenting with links to the new identity management systems. The necessary infrastructure is being developed, and possible arrangements and costs are being examined. At the same time, we are considering the impact that this will have on users, e.g. with regard to their privacy.
- In 2016, certain large-scale improvements were made to the SURFconext platform which further increased its reliability.
- In October 2016, SURF organised the first national cyber crisis exercise for Dutch education and research institutions. Participants took part in a simulation where hackers had gained access to vital systems such as student data systems.
- Each year, SURF publishes the Cyber Risks Report, which lists the most important cyber threats in education, research and business over the past year. This helps institutions decide what measures they need to take to strengthen their cyber defences.
- Read the 2017 programme plan for this innovation programme (PDF, in Dutch).
Remco PoortingaTeam lead Security