Submit Search
Upload
Delivering Secure OpenStack IaaS for SaaS Products
•
Download as PPTX, PDF
•
0 likes
•
1,495 views
CloudPassage
Follow
Talk given by Andrew Hay at OpenStack Summit 2012
Read less
Read more
Technology
Report
Share
Report
Share
1 of 36
Download now
Recommended
Automating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it Safe
CloudPassage
Prodware wa college - marcel meijer
Prodware wa college - marcel meijer
Freelance Consultant / Manager / co-CTO
CloudBees PaaS Presentation at Oakland JUG
CloudBees PaaS Presentation at Oakland JUG
CloudBees
Building a Hybrid Cloud
Building a Hybrid Cloud
SVForum Cloud SIG
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012
Amazon Web Services
Ram chinta hug-20120922-v1
Ram chinta hug-20120922-v1
Ram Chinta
Spring, Java Web Apps to the cloud
Spring, Java Web Apps to the cloud
CloudBees
Windows Azure Overview
Windows Azure Overview
Stefano Paluello
Recommended
Automating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it Safe
CloudPassage
Prodware wa college - marcel meijer
Prodware wa college - marcel meijer
Freelance Consultant / Manager / co-CTO
CloudBees PaaS Presentation at Oakland JUG
CloudBees PaaS Presentation at Oakland JUG
CloudBees
Building a Hybrid Cloud
Building a Hybrid Cloud
SVForum Cloud SIG
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012
Amazon Web Services
Ram chinta hug-20120922-v1
Ram chinta hug-20120922-v1
Ram Chinta
Spring, Java Web Apps to the cloud
Spring, Java Web Apps to the cloud
CloudBees
Windows Azure Overview
Windows Azure Overview
Stefano Paluello
EMEA OpenStack Day Intro, July 13th 2011 in London
EMEA OpenStack Day Intro, July 13th 2011 in London
Mark Collier
9 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 2
Digicomp Academy AG
NIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private Cloud
Kristian Nese
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security Service
Novell
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Amazon Web Services
Eucalyptus 3 Product Overview
Eucalyptus 3 Product Overview
Eucalyptus Systems, Inc.
.NetCampus Windows Azure Mobile
.NetCampus Windows Azure Mobile
antimo musone
Build the foundation for Private Cloud
Build the foundation for Private Cloud
AppZero
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Eucalyptus Systems, Inc.
Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012
Andy Parsons
Windows Azure Platform
Windows Azure Platform
AsmTrash
Stacking up with OpenStack: building for High Availability
Stacking up with OpenStack: building for High Availability
OpenStack Foundation
Angrybirds Magento Cloud Deployment
Angrybirds Magento Cloud Deployment
AOE
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced Session
Amazon Web Services
Cloud Foundry Anniversary: Technical Slides
Cloud Foundry Anniversary: Technical Slides
marklucovsky
Eucalyptus 3 Product Overview
Eucalyptus 3 Product Overview
Eucalyptus Systems, Inc.
BOI 2011 - Be what's next
BOI 2011 - Be what's next
Tudor Damian
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes Everything
CloudPassage
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystem
htdvul
Providing Proofs of Past Data Possession in Cloud Forensics
Providing Proofs of Past Data Possession in Cloud Forensics
zawoad
NGN Japan 2012-2017
NGN Japan 2012-2017
Kabir Ahmad
IaaS Security - Back to the Drawing Board
IaaS Security - Back to the Drawing Board
K Logic Future Marketing
More Related Content
What's hot
EMEA OpenStack Day Intro, July 13th 2011 in London
EMEA OpenStack Day Intro, July 13th 2011 in London
Mark Collier
9 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 2
Digicomp Academy AG
NIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private Cloud
Kristian Nese
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security Service
Novell
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Amazon Web Services
Eucalyptus 3 Product Overview
Eucalyptus 3 Product Overview
Eucalyptus Systems, Inc.
.NetCampus Windows Azure Mobile
.NetCampus Windows Azure Mobile
antimo musone
Build the foundation for Private Cloud
Build the foundation for Private Cloud
AppZero
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Eucalyptus Systems, Inc.
Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012
Andy Parsons
Windows Azure Platform
Windows Azure Platform
AsmTrash
Stacking up with OpenStack: building for High Availability
Stacking up with OpenStack: building for High Availability
OpenStack Foundation
Angrybirds Magento Cloud Deployment
Angrybirds Magento Cloud Deployment
AOE
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced Session
Amazon Web Services
Cloud Foundry Anniversary: Technical Slides
Cloud Foundry Anniversary: Technical Slides
marklucovsky
Eucalyptus 3 Product Overview
Eucalyptus 3 Product Overview
Eucalyptus Systems, Inc.
BOI 2011 - Be what's next
BOI 2011 - Be what's next
Tudor Damian
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes Everything
CloudPassage
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystem
htdvul
What's hot
(19)
EMEA OpenStack Day Intro, July 13th 2011 in London
EMEA OpenStack Day Intro, July 13th 2011 in London
9 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 2
NIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private Cloud
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security Service
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Eucalyptus 3 Product Overview
Eucalyptus 3 Product Overview
.NetCampus Windows Azure Mobile
.NetCampus Windows Azure Mobile
Build the foundation for Private Cloud
Build the foundation for Private Cloud
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012
Windows Azure Platform
Windows Azure Platform
Stacking up with OpenStack: building for High Availability
Stacking up with OpenStack: building for High Availability
Angrybirds Magento Cloud Deployment
Angrybirds Magento Cloud Deployment
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced Session
Cloud Foundry Anniversary: Technical Slides
Cloud Foundry Anniversary: Technical Slides
Eucalyptus 3 Product Overview
Eucalyptus 3 Product Overview
BOI 2011 - Be what's next
BOI 2011 - Be what's next
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes Everything
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystem
Viewers also liked
Providing Proofs of Past Data Possession in Cloud Forensics
Providing Proofs of Past Data Possession in Cloud Forensics
zawoad
NGN Japan 2012-2017
NGN Japan 2012-2017
Kabir Ahmad
IaaS Security - Back to the Drawing Board
IaaS Security - Back to the Drawing Board
K Logic Future Marketing
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoT
automatskicorporation
Big data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security Alliance
Information Security Awareness Group
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
HildebrandTech
(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox
INSIGHT FORENSIC
Cloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
Govind Maheswaran
How to design a linear control system
How to design a linear control system
Alireza Mirzaei
Cloud-forensics
Cloud-forensics
anupriti
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challenges
Kapil Mehrotra
IoT Security and Privacy Considerations
IoT Security and Privacy Considerations
Kenny Huang Ph.D.
Privacy, Drones, and IoT
Privacy, Drones, and IoT
LAURA VIVET
Cloud Computing - Benefits and Challenges
Cloud Computing - Benefits and Challenges
ThoughtWorks Studios
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
APNIC
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
ClicTest
The 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
Overview of IoT and Security issues
Overview of IoT and Security issues
Anastasios Economides
IoT security (Internet of Things)
IoT security (Internet of Things)
Sanjay Kumar (Seeking options outside India)
IoT and Blockchain Convergence
IoT and Blockchain Convergence
Ahmed Banafa
Viewers also liked
(20)
Providing Proofs of Past Data Possession in Cloud Forensics
Providing Proofs of Past Data Possession in Cloud Forensics
NGN Japan 2012-2017
NGN Japan 2012-2017
IaaS Security - Back to the Drawing Board
IaaS Security - Back to the Drawing Board
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoT
Big data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security Alliance
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox
Cloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
How to design a linear control system
How to design a linear control system
Cloud-forensics
Cloud-forensics
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challenges
IoT Security and Privacy Considerations
IoT Security and Privacy Considerations
Privacy, Drones, and IoT
Privacy, Drones, and IoT
Cloud Computing - Benefits and Challenges
Cloud Computing - Benefits and Challenges
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
The 5 elements of IoT security
The 5 elements of IoT security
Overview of IoT and Security issues
Overview of IoT and Security issues
IoT security (Internet of Things)
IoT security (Internet of Things)
IoT and Blockchain Convergence
IoT and Blockchain Convergence
Similar to Delivering Secure OpenStack IaaS for SaaS Products
Cloud computing NIC 2012
Cloud computing NIC 2012
Kristian Nese
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSec
CloudPassage
Stairway to heaven webinar
Stairway to heaven webinar
CloudBees
Microsoft PaaS Cloud Windows Azure Platform
Microsoft PaaS Cloud Windows Azure Platform
Esri
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
CloudPassage
CloudPassage Overview
CloudPassage Overview
CloudPassage
PCI and the Cloud
PCI and the Cloud
CloudPassage
彭—Elastic architecture in cloud foundry and deploy with openstack
彭—Elastic architecture in cloud foundry and deploy with openstack
OpenCity Community
Enterprise Java Virtualization, Sacha Labourey
Enterprise Java Virtualization, Sacha Labourey
OpenBlend society
Windows Azure Design Patterns
Windows Azure Design Patterns
David Pallmann
Cloud Foundry Bootcamp
Cloud Foundry Bootcamp
Andy Piper
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012
Eric D. Boyd
Cloud Escrow van Escrow Alliance
Cloud Escrow van Escrow Alliance
EscrowDirect.eu
Cloud Xero #1 - Intro to Cloud Computing
Cloud Xero #1 - Intro to Cloud Computing
Craig Walker
WebLogic 12c Developer Deep Dive at Oracle Develop India 2012
WebLogic 12c Developer Deep Dive at Oracle Develop India 2012
Arun Gupta
How can Liferay Developers, Deployers move to the Cloud
How can Liferay Developers, Deployers move to the Cloud
CloudBees
Getting Started Developing with Platform as a Service
Getting Started Developing with Platform as a Service
CloudBees
Discover Clever Cloud
Discover Clever Cloud
Quentin Adam
Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?
Intergen
Windows Azure Platform Overview
Windows Azure Platform Overview
Robert MacLean
Similar to Delivering Secure OpenStack IaaS for SaaS Products
(20)
Cloud computing NIC 2012
Cloud computing NIC 2012
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSec
Stairway to heaven webinar
Stairway to heaven webinar
Microsoft PaaS Cloud Windows Azure Platform
Microsoft PaaS Cloud Windows Azure Platform
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
CloudPassage Overview
CloudPassage Overview
PCI and the Cloud
PCI and the Cloud
彭—Elastic architecture in cloud foundry and deploy with openstack
彭—Elastic architecture in cloud foundry and deploy with openstack
Enterprise Java Virtualization, Sacha Labourey
Enterprise Java Virtualization, Sacha Labourey
Windows Azure Design Patterns
Windows Azure Design Patterns
Cloud Foundry Bootcamp
Cloud Foundry Bootcamp
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012
Cloud Escrow van Escrow Alliance
Cloud Escrow van Escrow Alliance
Cloud Xero #1 - Intro to Cloud Computing
Cloud Xero #1 - Intro to Cloud Computing
WebLogic 12c Developer Deep Dive at Oracle Develop India 2012
WebLogic 12c Developer Deep Dive at Oracle Develop India 2012
How can Liferay Developers, Deployers move to the Cloud
How can Liferay Developers, Deployers move to the Cloud
Getting Started Developing with Platform as a Service
Getting Started Developing with Platform as a Service
Discover Clever Cloud
Discover Clever Cloud
Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?
Windows Azure Platform Overview
Windows Azure Platform Overview
More from CloudPassage
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
CloudPassage
CloudPassage Careers
CloudPassage Careers
CloudPassage
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
CloudPassage
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
CloudPassage
Webinar compiled powerpoint
Webinar compiled powerpoint
CloudPassage
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
CloudPassage
SecDevOps: The New Black of IT
SecDevOps: The New Black of IT
CloudPassage
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
CloudPassage
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
CloudPassage
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
CloudPassage
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
CloudPassage
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated Approach
CloudPassage
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
CloudPassage
Integrating Security into DevOps
Integrating Security into DevOps
CloudPassage
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
CloudPassage
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud Security
CloudPassage
Halo Installfest Slides
Halo Installfest Slides
CloudPassage
BSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the Cloud
CloudPassage
More from CloudPassage
(18)
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
CloudPassage Careers
CloudPassage Careers
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
Webinar compiled powerpoint
Webinar compiled powerpoint
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
SecDevOps: The New Black of IT
SecDevOps: The New Black of IT
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated Approach
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
Integrating Security into DevOps
Integrating Security into DevOps
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud Security
Halo Installfest Slides
Halo Installfest Slides
BSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the Cloud
Recently uploaded
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
LoriGlavin3
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Pixlogix Infotech
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
LoriGlavin3
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
LoriGlavin3
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Alan Dix
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
mohitsingh558521
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
LoriGlavin3
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
LoriGlavin3
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
LoriGlavin3
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
Recently uploaded
(20)
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Delivering Secure OpenStack IaaS for SaaS Products
1.
Delivering Secure
OpenStack IaaS for SaaS Products Andrew Hay Chief Evangelist andrew@cloudpassage.com twitter.com/andrewsmhay OpenStack Summit 2012 © 2012 CloudPassage Inc. #cloudsec | #openstack
2.
Who are you? •
Andrew Hay, Chief Evangelist, CloudPassage • Former – Industry Analyst @ 451 Research – Information Security Office @ UofL and bank in Bermuda – Product, Program and Engineering Manager @ Q1 Labs – Linux guy at a few ISPs © 2012 CloudPassage Inc.
3.
What does CloudPassage
do? Security and compliance automation for public, private and hybrid cloud servers Dynamic Cloud System Integrity Firewall Automation Monitoring & IDS Two-Factor Server Account Authentication Management Server Vulnerability Server Security Scanning Events & Alerting Eliminates barriers to cloud hosting adoption Enables cloud hosting & IaaS compliance Purpose built for cloud from the ground up © 2012 CloudPassage Inc.
4.
Topics for today
Overview of OpenStack security OpenStack host security Why the cloud makes security hard How to secure OpenStack images © 2012 CloudPassage Inc.
5.
Core OpenStack Architecture
Horizon Quantum Nova Glance Swift Cinder Keystone © 2012 CloudPassage Inc.
6.
OpenStack Security: Quantum •
Quantum – Network connectivity as a service – From a flat, shared network to per-tenant routers with private networks – API to let 3rd party vendors „plug in‟ • e.g. Nicera Network Virtualization Platform (NVP) – Supports virtual port isolation, virtual port mirroring, QoS, security profiles and detailed per-port statistics. © 2012 CloudPassage Inc.
7.
OpenStack Security: Keystone •
Keystone – Identity service used by OpenStack for authentication (authN) and high-level authorization (authZ) – Currently supports token-based authN and user-service authorization. – Recently re-architected to allow for expansion to support proxying external services and AuthN/AuthZ mechanisms • e.g. oAuth, SAML and openID in future versions. keystone user-create --name=nova --pass=Sekr3tPass --tenant_id=[the uuid of the tenant] --email=nova@nothing.com © 2012 CloudPassage Inc.
8.
OpenStack Security: Nova #
This is the code for the python-keystoneclient script • Nova # Using token auth env variables export SERVICE_ENDPOINT=http://127.0.0.1:5000/v2.0/ export SERVICE_TOKEN=secrete_token – Security keystone user-list groups $ nova secgroup-create openpub "Open for public" keystone tenant-create --name=demonova secgroup-add-rule openpub icmp -1 -1 0.0.0.0/0 $ – Firewall (iptables) $ nova secgroup-add-rule openpub tcp 22 22 0.0.0.0/0 # Using token auth flags keystone --token=secrete --endpoint=http://127.0.0.1:5000/v2.0/ user-list keystone --token=secrete --endpoint=http://127.0.0.1:5000/v2.0/ tenant-create -- name=demo # nova-manage network create --num_networks=100 -- – VLAN‟s fixed_range_v4=172.16.100.0/24 # Using user + password + tenant_name env variables export OS_USERNAME=admin export OS_PASSWORD=secrete export OS_TENANT_NAME=admin keystone user-list keystone tenant-create --name=demo # Using user + password + tenant_name flags keystone --username=admin --password=secrete --tenant_name=admin user-list keystone --username=admin --password=secrete --tenant_name=admin tenant-create -- name=demo – Identity Management with Keystone © 2012 CloudPassage Inc.
9.
OpenStack Host Security… ©
2012 CloudPassage Inc.
10.
Why Secure the
Images? • “We have security groups, infrastructure firewall rules and Keystone for authentication so we don’t need to secure the images.” – OpenStack Admin with a Plan. “Everyone has a plan 'till they get punched in the mouth.” – Mike Tyson © 2012 CloudPassage Inc.
11.
Why Secure the
Images? • Network-based security is only so good in multitenant clouds • The ultimate target is the endpoint – So secure it • You wouldn‟t leave your doors unlocked… – Would you? © 2012 CloudPassage Inc.
12.
Why Secure the
Images? “Son, we live in a world that has walls, and those walls have to be guarded by men with guns. Who's gonna do it? You? You, Lt. Weinburg?” © 2012 CloudPassage Inc.
13.
No “Natural” Segmentation
Auth DB DB DB Server core core Firewal l Load App Load App Balancer Server Balancer Server dmz dmz Firewal l public cloud © 2012 CloudPassage Inc.
14.
Cloud Servers are
More Exposed Load Balancer App App Server Server DB Master public cloud © 2012 CloudPassage Inc.
15.
DENY ALL –
Helps & Hinders &$#@$*@? Load !?!? Balancer FW App App Server Server FW FW DB Master FW public cloud © 2012 CloudPassage Inc.
16.
What About Complex
Deployments? Load Load Balancer Balancer FW FW App App App Server Server Server FW FW FW DB DB Master Slave FW FW public cloud © 2012 CloudPassage Inc.
17.
What About Dynamic
Deployments? Load Load Balancer Balancer FW FW App App App Server Server App Server FW FW Server FW IP DB DB Master Slave FW FW public cloud © 2012 CloudPassage Inc.
18.
From De-Provisioned to
AHHH!!! Load Load Balancer Balancer FW FW App App Server Server App FW FW Server IP DB DB Master Slave FW FW public cloud © 2012 CloudPassage Inc.
19.
Securing OpenStack Nova
Images © 2012 CloudPassage Inc.
20.
Imagine There‟s No
Network • It‟s easy if you try… • We should protect our servers as if they are directly connected to the Internet – Because in some cases, they are. © 2012 CloudPassage Inc.
21.
Why secure the
OS? • A hardened OS often is the last line of defense in the event of a security compromise. • It is important to note that hardening is not a panacea for security. – It is just another layer in a good security model. • By definition, any machine that is accessible on a network and running services is potentially insecure. – (i.e. pretty much any server) © 2012 CloudPassage Inc.
22.
Top 5 Easy
Things to Start Securing Your OpenStack Images 1. Disable unnecessary services 2. Remove unneeded packages 3. Restrict access to sensitive files & directories 4. Remove insecure/default configurations 5. Allow administrative access ONLY from trusted servers/clients © 2012 CloudPassage Inc.
23.
Disable unnecessary services •
Only what is needed…is needed • Shutdown and disable unnecessary services – e.g. telnet, r-services, ftpd, etc. © 2012 CloudPassage Inc.
24.
Remove unneeded packages •
If it isn‟t being used…why keep it? • If the server doesn‟t need to serve web pages – Remove PHP, Apache/nginx • If it‟s not a database server – Remove MySQL/PostgreSQL © 2012 CloudPassage Inc.
25.
Restrict access to
sensitive files & directories • Protect what‟s important from prying/malicious eyes • Ensure file permissions restrict access to sensitive files and directories – E.g. /etc/shadow, /etc/ssh/sshd_config, – E.g. /var/tmp/, /tmp/ © 2012 CloudPassage Inc.
26.
Remove insecure/default configurations •
Disable password authentication for SSH – Force public key authentication – Also, disable empty passwords for users • SSH – Ensure only v2 protocol connections are allowed • Apache – Minimize loadable modules – Disable ServerTokens and ServerSignature directives © 2012 CloudPassage Inc.
27.
Allow administrative access
ONLY from trusted servers/clients • Leverage the firewall and other tools – Source of corporate network / admin network range – 3rd-party tools like fail2ban • Don‟t allow „server hopping‟ – Most people use keys without passwords to make things easier • Facilitate on-demand access using two- factor authentication © 2012 CloudPassage Inc.
28.
If only we
had more time… • More documentation to review: – NIST SP800-123: Guide to General Server Security • http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf – Halo Configuration Policy Rule Checks • http://support.cloudpassage.com/entries/22033142-configuration-policy-rule- checks – CIS Red Hat Enterprise Linux 6 Benchmark v1.1.0 • http://benchmarks.cisecurity.org/en-us/?route=downloads.show.single.rhel6.110 – NSA Security Configuration Guides • http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operatin g_systems.shtml#linux2 © 2012 CloudPassage Inc.
29.
Number 6 –
Employ Tools Designed for Cloud Environments • You‟ve locked down your server based on the Top 5 – And other guides • Now What? • Rely on a tools built for continuous cloud security: Dynamic Cloud Server Vulnerability Server Account Firewall Automation Scanning Management Two-Factor System Integrity Server Security Authentication Monitoring & IDS Events & Alerting © 2012 CloudPassage Inc.
30.
Summary
Cloud deployments require a new approach to security Get your house in order before adding tools on top Use tools that work on/with/in cloud environments © 2012 CloudPassage Inc.
31.
Summary++ • Don‟t be
in such a rush to get to cloud that you trip yourself up… © 2012 CloudPassage Inc.
32.
What does CloudPassage
do? Security and compliance automation for public, private and hybrid cloud servers Dynamic Cloud System Integrity Firewall Automation Monitoring & IDS Two-Factor Server Account Authentication Management Server Vulnerability Server Security Scanning Events & Alerting Eliminates barriers to cloud hosting adoption Enables cloud hosting & IaaS compliance Purpose built for cloud from the ground up © 2012 CloudPassage Inc.
33.
Try Halo FREE
- 5 Minute Setup Register at Free Trial! cloudpassage.com Install daemons on cloud servers Configure security policies in Halo web portal © 2012 CloudPassage Inc.
34.
We Work Everywhere! ©
2012 CloudPassage Inc.
35.
The End
• Ask questions! – Lots more info: community.cloudpassage.com – Small bits of info: @cloudpassage • Tell me what you think! – Email: andrew@cloudpassage.com – Twitter: @andrewsmhay BTW, • We’re hiring! We’re Sales Engineers, cloud/security Hiring! analysts, rails devs and UX devs – Email: jobs@cloudpassage.com © 2012 CloudPassage Inc.
36.
Thank You!
Andrew Hay andrew@cloudpassage.com @andrewsmhay @cloudpassage #CloudSec | #OpenStack © 2012 CloudPassage Inc.
Download now