Case study - A Secure Semanta Cloud for Nuclear Guys

When you have a team of Nuclear geeks getting together to discuss and collaborate on "how to start a nuclear reactor", you need a really secure cloud solution to keep their thoughts safe.

 

We were approached by a group of nuclear physicists who wanted to keep their nuclear "know-how" within the Czech republic, yet be able to communicate with each other digitally. Starting up a nuclear power plant requires more than just the understanding of formulas and there are not that many guys with this kind of knowledge knocking about. However, if you just create a Facebook group “How to start a nuclear reactor” you'll probably be approached by a man in a trench cloak pretty quickly ;-)

So the problem we were set was, how to create a really secure online collaboration space where users could write and share texts and not have to face extra obstacles doing so?


Customer

NuclearHub - a consortium of legal bodies, universities and research institutions which support research and education in the field of nuclear energy.

Project

An independent audit of the models and calculations necessary for a new type of nuclear fuel required by a regulatory body.

Challenge

Create a secure online knowledge sharing platform that provides a space for users to collaborate on large-scale nuclear research projects.

 

The persona of a physicist

We actually worked with a very simple model regarding user demands: “I want to keep working as I have worked up to now and don't want to have any barriers preventing this, because of online sharing or security”.

 

Thread scenarios

We put on our paranoid hats and started to access what threads are out there.

 

Every software has holes

The internet is full of ‘bots’ which continuously ping servers and scan for known vulnerabilities. The average time between two such “visits” is about 20 minutes. So, first of all we have to cover our bases with everyday patches of SW and a geographical backup. (For more details see What you need to know about cloud security).

The lost case

The statistics about lost data are really surprising - the most common case is the notebook forgotten at the airport (e.g. there 1200 notebooks lost at LAX weekly!). So it's not just your server that needs protection, but also your end-point devices - in this case, an encryption vault for all documents stored offline.

Email is off limits

We have found no way to secure email communication without a significant hassle for end users. The only user friendly safe mail is NO mail. Users of the community can share links to documents, upload them securely to an online storage system, but are forbidden to sent them by email. :-(

Peeping Tom

Users are not aware of how much trouble they're in when browsing around especially when browsing porn or torrent sites. Also one cannot rely on regular updates of operating systems or anti-virus databases. Actually one of the guys had Win98 in the lab!!! In such an environment one cannot rely on passwords, because a simple key-logger would render them useless. We needed a multi-factor authentication method - something you know, something you have. We went for a combination of personal certificate & a one time password generator.

Fire in the house

Being sufficiently paranoid you come to the conclusion that your infrastructure is already hacked before you even start to install. Thus, every layer of the solution needs to be separated and encrypted with dedicated keys and accounts (e.g. disks, backups, …)

 

The configuration

The final configuration looks like this:


Conclusion

After this experience, we incorporated some of the security features into our own default configuration and have become committed to providing highly secure turnkey solutions to all of our customers, no matter how rigorous their demands are.

Radek Skoda

“Information security is a paramount concern for everybody working in the nuclear industry. We were looking for a solution which was secure and did not interfere with our research workflows.
Semanta is the perfect fit. It allows me to stay in touch with my colleagues’ outputs whether I’m in Austin, Oxford or at a conference in Peking.“