Operational Security in scientific distributed IT-Infrastructures such as EGI is challenging. Exist-
ing computation frameworks are continually being extended, and new technologies implemented,
thereby expanding the potential attack surface and exposing new risks.
In this rapidly evolving environment new security policies have to be developed, and existing
policies and procedures have to be constantly updated to meet new requirements.
To efficiently enforce these new policies, the security monitoring infrastructure has to be fur-
ther developed to cover all elements of the evolving infrastructure. Finally the incident response
(IR) tool set has to be extended to be able to efficiently handle security incidents affecting new
In this paper we discuss EGI-CSIRTs strategy for expanding its portfolio to provide all aspects
of operational security in a Cloud environment, whilst maintaining its current capabilities. The
paper describes the developments associated with a Virtual Machine Endorsement Policy and
related technical aspects to allow a provision of a trustworthy set of Virtual Machine Images
(VMI) to the user community by means of an Application-DataBase.
VMIs with vulnerable configurations have already involved in incidents handled by EGI-CSIRTs
Incident Response Task Force (IRTF). In dealing with these incidents it became apparent that the
existing procedures and tools, which were otherwise successfully applied to IR in EGI, exposed
deficiencies when applied to the EGI Federated Cloud (EGI-FedCloud) services. This understand-
ing triggered the development of central User- and Virtual Machine-Management frameworks de-
ployed in EGI-FedCloud. The status of these tools and the integration with the existing IR tools
In EGI, security policies and procedures are tested in Security Service Challenges (SSCs) which
are designed to verify that they do, in practice, help with security operations to prevent and re-
spond to incidents. An SSC addressing EGI-FedCloud services and IR procedures will is de-