Published on June 20, 2009
Cloud Computing Security by Vitor Domingos intrepid and professional basher http://vitordomingos.com
* as seen on regular weather channel
Cloud Computing is ? - Network as a “cloud” - Network is the computer (SUN moto) - TCP/IP abstraction (1st cloud) - www data abstraction (2nd cloud) - Virtualization (3rd cloud) Bottom line: - Virtualization done right, with webservices
Cloud Computing is ! - on-demand self-service - ubiquitous network access - location independent resource pooling - rapid elasticity - measured service - pay as you go - abstract resources
CCaaS - Software as a Service - SalesForce - Platform as a Service - Google App Engine - Microsoft Azure - Infrastructure as a Service - Rackspace Mosso - Amazon Web Services
Cloud Computing leverages - Virtualization - Multi-Tenancy - Massive Scale - Autonomic Computing - Distributed Environment - Security Technologies - Service Oriented
Security in the Cloud
Only the paranoid survive! - Key issues trust, trust, multi-tenancy, trust, encryption, compliance - Massive complex systems running on functional units - Certification & Audit - Loss of physical control - Interoperability - Accountability
please, keep in mind that - Shared hell: - Hardware - Memory - Disks - NIC's (Virtual) - Cache Snooping - Hypervisor Attacks - Persistent Root Kits - Password Cracking - Broken or stolen key rings / authorization federation - Never ending logs
Great things do come - Provisioning - Rapid reconstitution of services - Storage fragmented - Security layers (auth, firewall, logging, …) - Network and Security perimeters - Virtual Zoning - Fault tolerance
Challenges - Data dispersal and international privacy laws - Isolation management & Multi-Tenancy - Certification (SAS 70 Type II audits and ISO 27001) - Data ownership - QoS & SLA's garantees - Secure Hypervisors
Challenges - Massive outages - Service bottle necks; DNS as your best friend - Encryption needs cloud resources, applications, storage, services - Disaster recovery and contingency plans - If you have it on Auto mode, you won't see it coming - Honey for hackers
ToDo - Network with VPN and VLAN's - SLA's; read the fine prints - Backup and recover often; Risk assessment - Log (out of there) as if the world ended tomorrow - Plan for failure - YOU secure!!! - Sandbox, Sandbox, Sandbox
You're not alone - Security Groups IBM; SUN; Amazon; ISV - Cloud Security Alliance (awesome guide!!) - OpenCloud Manifesto & Amazon Security Paper - Cloud Computing ML at Google Groups - Legal Cloud's - Vivek Kundra, USA CTO, did it, so as Facebook, New York Times and Nasdaq (on AWS)
Wrap up - Plan - Encrypt - Backup - Secure - Audit - Sandbox (check my last year sapo codebits talk) - http://codebits.sapo.pt/files/aws_23.pdf - Trust
mail: firstname.lastname@example.org ? site: http://vitordomingos.com
IT Security Analyst Managed Cloud Services Reston Virginia USA ... Wednesday, 17 June 2015. Apply . ... Maintains security systems for Routers and switches.
Stream Sophos Security Chet Chat - Episode 111 - June 17, ... Security experts Chester 'Chet' Wisniewski and Paul 'Duck ... Swedish against Google's cloud, ...
Cloud Security Leader 2014, Experton Cloud Vendor Benchmark June 2014. Trend Micro Deep Discovery Receives Top Score in Breach Detection.
The Argyle CIO Leadership Forum in Chicago is ... “Leveraging cloud computing,” “Challenges associated with IT ... 17 June 2015 Time 07:30
The Risk of Leaked Credentials and How Microsoft’s Cloud Helps Protect Your Organization. ... Microsoft Security Newsletter, June 2015 is now available ...
... Trend Micro Offers Advanced Security Solution for VMware vCloud Hybrid ... June 17, 2014 /PRNewswire ... To learn more about Trend Micro's cloud ...
IT Security Analyst Managed Cloud Services Quincy Massachusetts USA (EME1Q) Skip to content You are currently only able to use a limited number of ...