SECURITY IMPACTS & REQUIREMENTS OF THE APPLICATION EXPERIMENT
The LEXIS platform is aiming at providing high level security for its users and is relying on security assessment along the project with a final security assessment prior being made publicly available. As a matter of fact, this will involve security constraints for all LEXIS users depending on the integration level.
For instance, if the applicants wants to fully connect its own Data center capacity (data storage and computational power), this will only be possible by deploying a LEXIS DDI endpoint in his own infrastructure and respecting LEXIS design principle for any part of its infrastructure connected to LEXIS platform, such as:
- Zero trust model: all access must be authenticated and authorized
- Least privileges principles: all access must be restricted to the miminum required to achieve a task
- Putting in place attack surface minimization, separation of duties and ensuring secure default
The LEXIS consortium may require as well some compliance reports security audit assessment.
For an applicant using the LEXIS platform without integrating any part of its infrastructure, the security constraints will be reduce to the minimum, meaning following common industry security best practices such as:
- Using dedicated account (no shared account)
- Ensuring the use of string password and rotating them regularily
The LEXIS already made publicy available D4.5 describing the security concepts put in place and may provide more detailed information on-demand and under non disclosure agreement.
The LEXIS platform is deployed on ISO certified datacenter and will regularity audit both the component and the overall infrastructure aiming at having continuous monitoring in place before being publicly available. All components of the LEXIS platform will be regularly updated depending of the software compatibility and counter measure will be put in place in case of software incompatibility.
It is worth to mention, that no direct access to Data Layer or HPC resources will be provided and that we ensure secure channel communication between HPC resources and LEXIS platform.