When you have a team of Nuclear geeks getting together to discuss and collaborate on "how to start a nuclear reactor", you need a really secure cloud solution to keep their thoughts safe.
We were approached by a group of nuclear physicists who wanted to keep their nuclear "know-how" within the Czech republic, yet be able to communicate with each other digitally. Starting up a nuclear power plant requires more than just the understanding of formulas and there are not that many guys with this kind of knowledge knocking about. However, if you just create a Facebook group “How to start a nuclear reactor” you'll probably be approached by a man in a trench cloak pretty quickly ;-)
So the problem we were set was, how to create a really secure online collaboration space where users could write and share texts and not have to face extra obstacles doing so?
NuclearHub - a consortium of legal bodies, universities and research institutions which support research and education in the field of nuclear energy.
An independent audit of the models and calculations necessary for a new type of nuclear fuel required by a regulatory body.
Create a secure online knowledge sharing platform that provides a space for users to collaborate on large-scale nuclear research projects.
The persona of a physicist
We actually worked with a very simple model regarding user demands: “I want to keep working as I have worked up to now and don't want to have any barriers preventing this, because of online sharing or security”.
We put on our paranoid hats and started to access what threads are out there.
Every software has holes
The internet is full of ‘bots’ which continuously ping servers and scan for known vulnerabilities. The average time between two such “visits” is about 20 minutes. So, first of all we have to cover our bases with everyday patches of SW and a geographical backup. (For more details see What you need to know about cloud security).
The lost case
The statistics about lost data are really surprising - the most common case is the notebook forgotten at the airport (e.g. there 1200 notebooks lost at LAX weekly!). So it's not just your server that needs protection, but also your end-point devices - in this case, an encryption vault for all documents stored offline.
Email is off limits
We have found no way to secure email communication without a significant hassle for end users. The only user friendly safe mail is NO mail. Users of the community can share links to documents, upload them securely to an online storage system, but are forbidden to sent them by email. :-(
Users are not aware of how much trouble they're in when browsing around especially when browsing porn or torrent sites. Also one cannot rely on regular updates of operating systems or anti-virus databases. Actually one of the guys had Win98 in the lab!!! In such an environment one cannot rely on passwords, because a simple key-logger would render them useless. We needed a multi-factor authentication method - something you know, something you have. We went for a combination of personal certificate & a one time password generator.
Fire in the house
Being sufficiently paranoid you come to the conclusion that your infrastructure is already hacked before you even start to install. Thus, every layer of the solution needs to be separated and encrypted with dedicated keys and accounts (e.g. disks, backups, …)
The final configuration looks like this:
After this experience, we incorporated some of the security features into our own default configuration and have become committed to providing highly secure turnkey solutions to all of our customers, no matter how rigorous their demands are.
“Information security is a paramount concern for everybody working in the nuclear industry. We were looking for a solution which was secure and did not interfere with our research workflows.
Semanta is the perfect fit. It allows me to stay in touch with my colleagues’ outputs whether I’m in Austin, Oxford or at a conference in Peking.“