Confraria Security 17 June - Cloud Security
-
Upload
vitor-domingos -
Category
Technology
-
view
2.427 -
download
0
description
Transcript of Confraria Security 17 June - Cloud Security
![Page 1: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/1.jpg)
Cloud ComputingCloud ComputingSecurity Security
by Vitor Domingosintrepid and professional basher
http://vitordomingos.com
![Page 2: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/2.jpg)
* as seen on regular weather channel
![Page 3: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/3.jpg)
![Page 4: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/4.jpg)
![Page 5: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/5.jpg)
Cloud Computing is ?Cloud Computing is ?- Network as a “cloud”
- Network is the computer (SUN moto)
- TCP/IP abstraction (1st cloud)
- www data abstraction (2nd cloud)
- Virtualization (3rd cloud)
Bottom line:
- Virtualization done right, with webservices
![Page 6: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/6.jpg)
Cloud Computing is !Cloud Computing is !- on-demand self-service
- ubiquitous network access
- location independent resource pooling
- rapid elasticity
- measured service
- pay as you go
- abstract resources
![Page 7: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/7.jpg)
CCaaSCCaaS- Software as a Service
- SalesForce
- Platform as a Service
- Google App Engine- Microsoft Azure
- Infrastructure as a Service
- Rackspace Mosso- Amazon Web Services
![Page 8: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/8.jpg)
Cloud Computing leveragesCloud Computing leverages- Virtualization
- Multi-Tenancy
- Massive Scale
- Autonomic Computing
- Distributed Environment
- Security Technologies
- Service Oriented
![Page 9: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/9.jpg)
Security in the CloudSecurity in the Cloud
![Page 10: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/10.jpg)
Only the paranoid survive!Only the paranoid survive!- Key issues
trust, trust, multi-tenancy, trust, encryption, compliance
- Massive complex systems running on functional units
- Certification & Audit
- Loss of physical control
- Interoperability
- Accountability
![Page 11: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/11.jpg)
please, keep in mind thatplease, keep in mind that- Shared hell:
- Hardware- Memory- Disks- NIC's (Virtual)
- Cache Snooping- Hypervisor Attacks- Persistent Root Kits- Password Cracking
- Broken or stolen key rings / authorization federation
- Never ending logs
![Page 12: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/12.jpg)
![Page 13: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/13.jpg)
Great things do comeGreat things do come- Provisioning
- Rapid reconstitution of services
- Storage fragmented
- Security layers (auth, firewall, logging, …)
- Network and Security perimeters
- Virtual Zoning
- Fault tolerance
![Page 14: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/14.jpg)
ChallengesChallenges- Data dispersal and international privacy laws
- Isolation management & Multi-Tenancy
- Certification (SAS 70 Type II audits and ISO 27001)
- Data ownership
- QoS & SLA's garantees
- Secure Hypervisors
![Page 15: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/15.jpg)
ChallengesChallenges- Massive outages
- Service bottle necks; DNS as your best friend
- Encryption needscloud resources, applications, storage, services
- Disaster recovery and contingency plans
- If you have it on Auto mode, you won't see it coming
- Honey for hackers
![Page 16: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/16.jpg)
![Page 17: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/17.jpg)
ToDoToDo- Network with VPN and VLAN's
- SLA's; read the fine prints
- Backup and recover often; Risk assessment
- Log (out of there) as if the world ended tomorrow
- Plan for failure
- YOU secure!!!
- Sandbox, Sandbox, Sandbox
![Page 18: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/18.jpg)
You're not aloneYou're not alone- Security Groups
IBM; SUN; Amazon; ISV
- Cloud Security Alliance (awesome guide!!)
- OpenCloud Manifesto & Amazon Security Paper
- Cloud Computing ML at Google Groups
- Legal Cloud's
- Vivek Kundra, USA CTO, did it, so as Facebook,New York Times and Nasdaq (on AWS)
![Page 19: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/19.jpg)
![Page 20: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/20.jpg)
Wrap upWrap up- Plan
- Encrypt
- Backup
- Secure
- Audit
- Sandbox (check my last year sapo codebits talk)- http://codebits.sapo.pt/files/aws_23.pdf
- Trust
![Page 21: Confraria Security 17 June - Cloud Security](https://reader033.fdocuments.in/reader033/viewer/2022061220/5487b4f85806b5a32f8b4619/html5/thumbnails/21.jpg)
?mail: mail: [email protected]@prt.scsite: http://vitordomingos.comsite: http://vitordomingos.com