SlideShare a Scribd company logo

Delivering Secure OpenStack IaaS for SaaS Products

Download as PPTX, PDF
CloudPassage
CloudPassage

Talk given by Andrew Hay at OpenStack Summit 2012

Technology
1 of 36
Delivering Secure OpenStack IaaS for SaaS Products Andrew Hay Chief Evangelist andrew@cloudpassage.com twitter.com/andrewsmhay OpenStack Summit 2012 © 2012 CloudPassage Inc. #cloudsec | #openstack
Who are you? • Andrew Hay, Chief Evangelist, CloudPassage • Former – Industry Analyst @ 451 Research – Information Security Office @ UofL and bank in Bermuda – Product, Program and Engineering Manager @ Q1 Labs – Linux guy at a few ISPs © 2012 CloudPassage Inc.
What does CloudPassage do? Security and compliance automation for public, private and hybrid cloud servers Dynamic Cloud System Integrity Firewall Automation Monitoring & IDS Two-Factor Server Account Authentication Management Server Vulnerability Server Security Scanning Events & Alerting  Eliminates barriers to cloud hosting adoption  Enables cloud hosting & IaaS compliance  Purpose built for cloud from the ground up © 2012 CloudPassage Inc.
Topics for today Overview of OpenStack security OpenStack host security Why the cloud makes security hard How to secure OpenStack images © 2012 CloudPassage Inc.
Core OpenStack Architecture Horizon Quantum Nova Glance Swift Cinder Keystone © 2012 CloudPassage Inc.
OpenStack Security: Quantum • Quantum – Network connectivity as a service – From a flat, shared network to per-tenant routers with private networks – API to let 3rd party vendors „plug in‟ • e.g. Nicera Network Virtualization Platform (NVP) – Supports virtual port isolation, virtual port mirroring, QoS, security profiles and detailed per-port statistics. © 2012 CloudPassage Inc.
OpenStack Security: Keystone • Keystone – Identity service used by OpenStack for authentication (authN) and high-level authorization (authZ) – Currently supports token-based authN and user-service authorization. – Recently re-architected to allow for expansion to support proxying external services and AuthN/AuthZ mechanisms • e.g. oAuth, SAML and openID in future versions. keystone user-create --name=nova --pass=Sekr3tPass --tenant_id=[the uuid of the tenant] --email=nova@nothing.com © 2012 CloudPassage Inc.
OpenStack Security: Nova # This is the code for the python-keystoneclient script • Nova # Using token auth env variables export SERVICE_ENDPOINT=http://127.0.0.1:5000/v2.0/ export SERVICE_TOKEN=secrete_token – Security keystone user-list groups $ nova secgroup-create openpub "Open for public" keystone tenant-create --name=demonova secgroup-add-rule openpub icmp -1 -1 0.0.0.0/0 $ – Firewall (iptables) $ nova secgroup-add-rule openpub tcp 22 22 0.0.0.0/0 # Using token auth flags keystone --token=secrete --endpoint=http://127.0.0.1:5000/v2.0/ user-list keystone --token=secrete --endpoint=http://127.0.0.1:5000/v2.0/ tenant-create -- name=demo # nova-manage network create --num_networks=100 -- – VLAN‟s fixed_range_v4=172.16.100.0/24 # Using user + password + tenant_name env variables export OS_USERNAME=admin export OS_PASSWORD=secrete export OS_TENANT_NAME=admin keystone user-list keystone tenant-create --name=demo # Using user + password + tenant_name flags keystone --username=admin --password=secrete --tenant_name=admin user-list keystone --username=admin --password=secrete --tenant_name=admin tenant-create -- name=demo – Identity Management with Keystone © 2012 CloudPassage Inc.
OpenStack Host Security… © 2012 CloudPassage Inc.
Why Secure the Images? • “We have security groups, infrastructure firewall rules and Keystone for authentication so we don’t need to secure the images.” – OpenStack Admin with a Plan. “Everyone has a plan 'till they get punched in the mouth.” – Mike Tyson © 2012 CloudPassage Inc.
Why Secure the Images? • Network-based security is only so good in multitenant clouds • The ultimate target is the endpoint – So secure it • You wouldn‟t leave your doors unlocked… – Would you? © 2012 CloudPassage Inc.
Why Secure the Images? “Son, we live in a world that has walls, and those walls have to be guarded by men with guns. Who's gonna do it? You? You, Lt. Weinburg?” © 2012 CloudPassage Inc.
No “Natural” Segmentation Auth DB DB DB Server core core Firewal l Load App Load App Balancer Server Balancer Server dmz dmz Firewal l public cloud © 2012 CloudPassage Inc.
Cloud Servers are More Exposed Load Balancer App App Server Server DB Master public cloud © 2012 CloudPassage Inc.
DENY ALL – Helps & Hinders &$#@$*@? Load !?!? Balancer FW App App Server Server FW FW DB Master FW public cloud © 2012 CloudPassage Inc.
What About Complex Deployments? Load Load Balancer Balancer FW FW App App App Server Server Server FW FW FW DB DB Master Slave FW FW public cloud © 2012 CloudPassage Inc.
What About Dynamic Deployments? Load Load Balancer Balancer FW FW App App App Server Server App Server FW FW Server FW IP DB DB Master Slave FW FW public cloud © 2012 CloudPassage Inc.
From De-Provisioned to AHHH!!! Load Load Balancer Balancer FW FW App App Server Server App FW FW Server IP DB DB Master Slave FW FW public cloud © 2012 CloudPassage Inc.
Securing OpenStack Nova Images © 2012 CloudPassage Inc.
Imagine There‟s No Network • It‟s easy if you try… • We should protect our servers as if they are directly connected to the Internet – Because in some cases, they are. © 2012 CloudPassage Inc.
Why secure the OS? • A hardened OS often is the last line of defense in the event of a security compromise. • It is important to note that hardening is not a panacea for security. – It is just another layer in a good security model. • By definition, any machine that is accessible on a network and running services is potentially insecure. – (i.e. pretty much any server) © 2012 CloudPassage Inc.
Top 5 Easy Things to Start Securing Your OpenStack Images 1. Disable unnecessary services 2. Remove unneeded packages 3. Restrict access to sensitive files & directories 4. Remove insecure/default configurations 5. Allow administrative access ONLY from trusted servers/clients © 2012 CloudPassage Inc.
Disable unnecessary services • Only what is needed…is needed • Shutdown and disable unnecessary services – e.g. telnet, r-services, ftpd, etc. © 2012 CloudPassage Inc.
Remove unneeded packages • If it isn‟t being used…why keep it? • If the server doesn‟t need to serve web pages – Remove PHP, Apache/nginx • If it‟s not a database server – Remove MySQL/PostgreSQL © 2012 CloudPassage Inc.
Restrict access to sensitive files & directories • Protect what‟s important from prying/malicious eyes • Ensure file permissions restrict access to sensitive files and directories – E.g. /etc/shadow, /etc/ssh/sshd_config, – E.g. /var/tmp/, /tmp/ © 2012 CloudPassage Inc.
Remove insecure/default configurations • Disable password authentication for SSH – Force public key authentication – Also, disable empty passwords for users • SSH – Ensure only v2 protocol connections are allowed • Apache – Minimize loadable modules – Disable ServerTokens and ServerSignature directives © 2012 CloudPassage Inc.
Allow administrative access ONLY from trusted servers/clients • Leverage the firewall and other tools – Source of corporate network / admin network range – 3rd-party tools like fail2ban • Don‟t allow „server hopping‟ – Most people use keys without passwords to make things easier  • Facilitate on-demand access using two- factor authentication © 2012 CloudPassage Inc.
If only we had more time… • More documentation to review: – NIST SP800-123: Guide to General Server Security • http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf – Halo Configuration Policy Rule Checks • http://support.cloudpassage.com/entries/22033142-configuration-policy-rule- checks – CIS Red Hat Enterprise Linux 6 Benchmark v1.1.0 • http://benchmarks.cisecurity.org/en-us/?route=downloads.show.single.rhel6.110 – NSA Security Configuration Guides • http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operatin g_systems.shtml#linux2 © 2012 CloudPassage Inc.
Number 6 – Employ Tools Designed for Cloud Environments • You‟ve locked down your server based on the Top 5 – And other guides • Now What? • Rely on a tools built for continuous cloud security: Dynamic Cloud Server Vulnerability Server Account Firewall Automation Scanning Management Two-Factor System Integrity Server Security Authentication Monitoring & IDS Events & Alerting © 2012 CloudPassage Inc.
Summary Cloud deployments require a new approach to security Get your house in order before adding tools on top Use tools that work on/with/in cloud environments © 2012 CloudPassage Inc.
Summary++ • Don‟t be in such a rush to get to cloud that you trip yourself up… © 2012 CloudPassage Inc.
What does CloudPassage do? Security and compliance automation for public, private and hybrid cloud servers Dynamic Cloud System Integrity Firewall Automation Monitoring & IDS Two-Factor Server Account Authentication Management Server Vulnerability Server Security Scanning Events & Alerting  Eliminates barriers to cloud hosting adoption  Enables cloud hosting & IaaS compliance  Purpose built for cloud from the ground up © 2012 CloudPassage Inc.
Try Halo FREE - 5 Minute Setup Register at Free Trial! cloudpassage.com Install daemons on cloud servers Configure security policies in Halo web portal © 2012 CloudPassage Inc.
We Work Everywhere! © 2012 CloudPassage Inc.
The End • Ask questions! – Lots more info: community.cloudpassage.com – Small bits of info: @cloudpassage • Tell me what you think! – Email: andrew@cloudpassage.com – Twitter: @andrewsmhay BTW, • We’re hiring! We’re Sales Engineers, cloud/security Hiring! analysts, rails devs and UX devs – Email: jobs@cloudpassage.com © 2012 CloudPassage Inc.
Thank You! Andrew Hay andrew@cloudpassage.com @andrewsmhay @cloudpassage #CloudSec | #OpenStack © 2012 CloudPassage Inc.

Recommended

Automating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeAutomating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeCloudPassage
 
Prodware wa college - marcel meijer
Prodware wa college - marcel meijerProdware wa college - marcel meijer
Prodware wa college - marcel meijerFreelance Consultant / Manager / co-CTO
 
CloudBees PaaS Presentation at Oakland JUG
CloudBees PaaS Presentation at Oakland JUGCloudBees PaaS Presentation at Oakland JUG
CloudBees PaaS Presentation at Oakland JUGCloudBees
 
Building a Hybrid Cloud
Building a Hybrid CloudBuilding a Hybrid Cloud
Building a Hybrid CloudSVForum Cloud SIG
 
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Amazon Web Services
 
Ram chinta hug-20120922-v1
Ram chinta hug-20120922-v1Ram chinta hug-20120922-v1
Ram chinta hug-20120922-v1Ram Chinta
 
Spring, Java Web Apps to the cloud
Spring, Java Web Apps to the cloudSpring, Java Web Apps to the cloud
Spring, Java Web Apps to the cloudCloudBees
 
Windows Azure Overview
Windows Azure OverviewWindows Azure Overview
Windows Azure OverviewStefano Paluello
 

Recommended

Automating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeAutomating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeCloudPassage
 
Prodware wa college - marcel meijer
Prodware wa college - marcel meijerProdware wa college - marcel meijer
Prodware wa college - marcel meijerFreelance Consultant / Manager / co-CTO
 
CloudBees PaaS Presentation at Oakland JUG
CloudBees PaaS Presentation at Oakland JUGCloudBees PaaS Presentation at Oakland JUG
CloudBees PaaS Presentation at Oakland JUGCloudBees
 
Building a Hybrid Cloud
Building a Hybrid CloudBuilding a Hybrid Cloud
Building a Hybrid CloudSVForum Cloud SIG
 
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Amazon Web Services
 
Ram chinta hug-20120922-v1
Ram chinta hug-20120922-v1Ram chinta hug-20120922-v1
Ram chinta hug-20120922-v1Ram Chinta
 
Spring, Java Web Apps to the cloud
Spring, Java Web Apps to the cloudSpring, Java Web Apps to the cloud
Spring, Java Web Apps to the cloudCloudBees
 
Windows Azure Overview
Windows Azure OverviewWindows Azure Overview
Windows Azure OverviewStefano Paluello
 
EMEA OpenStack Day Intro, July 13th 2011 in London
EMEA OpenStack Day Intro, July 13th 2011 in LondonEMEA OpenStack Day Intro, July 13th 2011 in London
EMEA OpenStack Day Intro, July 13th 2011 in LondonMark Collier
 
9 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 29 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 2Digicomp Academy AG
 
NIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudNIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudKristian Nese
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceNovell
 
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayExtending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayAmazon Web Services
 
Eucalyptus 3 Product Overview
Eucalyptus 3 Product OverviewEucalyptus 3 Product Overview
Eucalyptus 3 Product OverviewEucalyptus Systems, Inc.
 
.NetCampus Windows Azure Mobile
.NetCampus Windows Azure Mobile.NetCampus Windows Azure Mobile
.NetCampus Windows Azure Mobileantimo musone
 
Build the foundation for Private Cloud
Build the foundation for Private CloudBuild the foundation for Private Cloud
Build the foundation for Private CloudAppZero
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsEucalyptus Systems, Inc.
 
Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012Andy Parsons
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure PlatformAsmTrash
 
Stacking up with OpenStack: building for High Availability
Stacking up with OpenStack: building for High AvailabilityStacking up with OpenStack: building for High Availability
Stacking up with OpenStack: building for High AvailabilityOpenStack Foundation
 
Angrybirds Magento Cloud Deployment
Angrybirds Magento Cloud DeploymentAngrybirds Magento Cloud Deployment
Angrybirds Magento Cloud DeploymentAOE
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionAmazon Web Services
 
Cloud Foundry Anniversary: Technical Slides
Cloud Foundry Anniversary: Technical Slides Cloud Foundry Anniversary: Technical Slides
Cloud Foundry Anniversary: Technical Slides marklucovsky
 
Eucalyptus 3 Product Overview
Eucalyptus 3 Product OverviewEucalyptus 3 Product Overview
Eucalyptus 3 Product OverviewEucalyptus Systems, Inc.
 
BOI 2011 - Be what's next
BOI 2011 - Be what's nextBOI 2011 - Be what's next
BOI 2011 - Be what's nextTudor Damian
 
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingBayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingCloudPassage
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemhtdvul
 
Providing Proofs of Past Data Possession in Cloud Forensics
Providing Proofs of Past Data Possession in Cloud Forensics Providing Proofs of Past Data Possession in Cloud Forensics
Providing Proofs of Past Data Possession in Cloud Forensics zawoad
 
NGN Japan 2012-2017
NGN Japan 2012-2017NGN Japan 2012-2017
NGN Japan 2012-2017Kabir Ahmad
 
IaaS Security - Back to the Drawing Board
IaaS Security - Back to the Drawing BoardIaaS Security - Back to the Drawing Board
IaaS Security - Back to the Drawing BoardK Logic Future Marketing
 

More Related Content

What's hot

EMEA OpenStack Day Intro, July 13th 2011 in London
EMEA OpenStack Day Intro, July 13th 2011 in LondonEMEA OpenStack Day Intro, July 13th 2011 in London
EMEA OpenStack Day Intro, July 13th 2011 in LondonMark Collier
 
9 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 29 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 2Digicomp Academy AG
 
NIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudNIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudKristian Nese
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceNovell
 
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayExtending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayAmazon Web Services
 
.NetCampus Windows Azure Mobile
.NetCampus Windows Azure Mobile.NetCampus Windows Azure Mobile
.NetCampus Windows Azure Mobileantimo musone
 
Build the foundation for Private Cloud
Build the foundation for Private CloudBuild the foundation for Private Cloud
Build the foundation for Private CloudAppZero
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsEucalyptus Systems, Inc.
 
Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012Andy Parsons
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure PlatformAsmTrash
 
Stacking up with OpenStack: building for High Availability
Stacking up with OpenStack: building for High AvailabilityStacking up with OpenStack: building for High Availability
Stacking up with OpenStack: building for High AvailabilityOpenStack Foundation
 
Angrybirds Magento Cloud Deployment
Angrybirds Magento Cloud DeploymentAngrybirds Magento Cloud Deployment
Angrybirds Magento Cloud DeploymentAOE
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionAmazon Web Services
 
Cloud Foundry Anniversary: Technical Slides
Cloud Foundry Anniversary: Technical Slides Cloud Foundry Anniversary: Technical Slides
Cloud Foundry Anniversary: Technical Slides marklucovsky
 
BOI 2011 - Be what's next
BOI 2011 - Be what's nextBOI 2011 - Be what's next
BOI 2011 - Be what's nextTudor Damian
 
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingBayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingCloudPassage
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemhtdvul
 

What's hot (19)

EMEA OpenStack Day Intro, July 13th 2011 in London
EMEA OpenStack Day Intro, July 13th 2011 in LondonEMEA OpenStack Day Intro, July 13th 2011 in London
EMEA OpenStack Day Intro, July 13th 2011 in London
 
9 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 29 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 2
 
NIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudNIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private Cloud
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security Service
 
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayExtending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation Day
 
Eucalyptus 3 Product Overview
Eucalyptus 3 Product OverviewEucalyptus 3 Product Overview
Eucalyptus 3 Product Overview
 
.NetCampus Windows Azure Mobile
.NetCampus Windows Azure Mobile.NetCampus Windows Azure Mobile
.NetCampus Windows Azure Mobile
 
Build the foundation for Private Cloud
Build the foundation for Private CloudBuild the foundation for Private Cloud
Build the foundation for Private Cloud
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
 
Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure Platform
 
Stacking up with OpenStack: building for High Availability
Stacking up with OpenStack: building for High AvailabilityStacking up with OpenStack: building for High Availability
Stacking up with OpenStack: building for High Availability
 
Angrybirds Magento Cloud Deployment
Angrybirds Magento Cloud DeploymentAngrybirds Magento Cloud Deployment
Angrybirds Magento Cloud Deployment
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced Session
 
Cloud Foundry Anniversary: Technical Slides
Cloud Foundry Anniversary: Technical Slides Cloud Foundry Anniversary: Technical Slides
Cloud Foundry Anniversary: Technical Slides
 
Eucalyptus 3 Product Overview
Eucalyptus 3 Product OverviewEucalyptus 3 Product Overview
Eucalyptus 3 Product Overview
 
BOI 2011 - Be what's next
BOI 2011 - Be what's nextBOI 2011 - Be what's next
BOI 2011 - Be what's next
 
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingBayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes Everything
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystem
 

Viewers also liked

Providing Proofs of Past Data Possession in Cloud Forensics
Providing Proofs of Past Data Possession in Cloud Forensics Providing Proofs of Past Data Possession in Cloud Forensics
Providing Proofs of Past Data Possession in Cloud Forensics zawoad
 
NGN Japan 2012-2017
NGN Japan 2012-2017NGN Japan 2012-2017
NGN Japan 2012-2017Kabir Ahmad
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTautomatskicorporation
 
Big data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security AllianceBig data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security AllianceInformation Security Awareness Group
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015HildebrandTech
 
(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropboxINSIGHT FORENSIC
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsGovind Maheswaran
 
How to design a linear control system
How to design a linear control systemHow to design a linear control system
How to design a linear control systemAlireza Mirzaei
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesBig data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesKapil Mehrotra
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
Privacy, Drones, and IoT
Privacy, Drones, and IoTPrivacy, Drones, and IoT
Privacy, Drones, and IoTLAURA VIVET
 
Cloud Computing - Benefits and Challenges
Cloud Computing - Benefits and ChallengesCloud Computing - Benefits and Challenges
Cloud Computing - Benefits and ChallengesThoughtWorks Studios
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeAPNIC
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...ClicTest
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
IoT and Blockchain Convergence
IoT and Blockchain ConvergenceIoT and Blockchain Convergence
IoT and Blockchain ConvergenceAhmed Banafa
 

Viewers also liked (20)

Providing Proofs of Past Data Possession in Cloud Forensics
Providing Proofs of Past Data Possession in Cloud Forensics Providing Proofs of Past Data Possession in Cloud Forensics
Providing Proofs of Past Data Possession in Cloud Forensics
 
NGN Japan 2012-2017
NGN Japan 2012-2017NGN Japan 2012-2017
NGN Japan 2012-2017
 
IaaS Security - Back to the Drawing Board
IaaS Security - Back to the Drawing BoardIaaS Security - Back to the Drawing Board
IaaS Security - Back to the Drawing Board
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoT
 
Big data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security AllianceBig data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security Alliance
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
 
(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
 
How to design a linear control system
How to design a linear control systemHow to design a linear control system
How to design a linear control system
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
 
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesBig data and cyber security legal risks and challenges
Big data and cyber security legal risks and challenges
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
Privacy, Drones, and IoT
Privacy, Drones, and IoTPrivacy, Drones, and IoT
Privacy, Drones, and IoT
 
Cloud Computing - Benefits and Challenges
Cloud Computing - Benefits and ChallengesCloud Computing - Benefits and Challenges
Cloud Computing - Benefits and Challenges
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
 
IoT and Blockchain Convergence
IoT and Blockchain ConvergenceIoT and Blockchain Convergence
IoT and Blockchain Convergence
 

Similar to Delivering Secure OpenStack IaaS for SaaS Products

Cloud computing NIC 2012
Cloud computing NIC 2012Cloud computing NIC 2012
Cloud computing NIC 2012Kristian Nese
 
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecSecuring Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecCloudPassage
 
Stairway to heaven webinar
Stairway to heaven webinarStairway to heaven webinar
Stairway to heaven webinarCloudBees
 
Microsoft PaaS Cloud Windows Azure Platform
Microsoft PaaS Cloud Windows Azure PlatformMicrosoft PaaS Cloud Windows Azure Platform
Microsoft PaaS Cloud Windows Azure PlatformEsri
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageCloudPassage
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage OverviewCloudPassage
 
彭—Elastic architecture in cloud foundry and deploy with openstack
彭—Elastic architecture in cloud foundry and deploy with openstack彭—Elastic architecture in cloud foundry and deploy with openstack
彭—Elastic architecture in cloud foundry and deploy with openstackOpenCity Community
 
Enterprise Java Virtualization, Sacha Labourey
Enterprise Java Virtualization, Sacha LaboureyEnterprise Java Virtualization, Sacha Labourey
Enterprise Java Virtualization, Sacha LaboureyOpenBlend society
 
Windows Azure Design Patterns
Windows Azure Design PatternsWindows Azure Design Patterns
Windows Azure Design PatternsDavid Pallmann
 
Cloud Foundry Bootcamp
Cloud Foundry BootcampCloud Foundry Bootcamp
Cloud Foundry BootcampAndy Piper
 
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012Eric D. Boyd
 
Cloud Escrow van Escrow Alliance
Cloud Escrow van Escrow AllianceCloud Escrow van Escrow Alliance
Cloud Escrow van Escrow AllianceEscrowDirect.eu
 
Cloud Xero #1 - Intro to Cloud Computing
Cloud Xero #1 - Intro to Cloud ComputingCloud Xero #1 - Intro to Cloud Computing
Cloud Xero #1 - Intro to Cloud ComputingCraig Walker
 
WebLogic 12c Developer Deep Dive at Oracle Develop India 2012
WebLogic 12c Developer Deep Dive at Oracle Develop India 2012WebLogic 12c Developer Deep Dive at Oracle Develop India 2012
WebLogic 12c Developer Deep Dive at Oracle Develop India 2012Arun Gupta
 
How can Liferay Developers, Deployers move to the Cloud
How can Liferay Developers, Deployers move to the CloudHow can Liferay Developers, Deployers move to the Cloud
How can Liferay Developers, Deployers move to the CloudCloudBees
 
Getting Started Developing with Platform as a Service
Getting Started Developing with Platform as a ServiceGetting Started Developing with Platform as a Service
Getting Started Developing with Platform as a ServiceCloudBees
 
Discover Clever Cloud
Discover Clever CloudDiscover Clever Cloud
Discover Clever CloudQuentin Adam
 
Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?Intergen
 
Windows Azure Platform Overview
Windows Azure Platform OverviewWindows Azure Platform Overview
Windows Azure Platform OverviewRobert MacLean
 

Similar to Delivering Secure OpenStack IaaS for SaaS Products (20)

Cloud computing NIC 2012
Cloud computing NIC 2012Cloud computing NIC 2012
Cloud computing NIC 2012
 
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecSecuring Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSec
 
Stairway to heaven webinar
Stairway to heaven webinarStairway to heaven webinar
Stairway to heaven webinar
 
Microsoft PaaS Cloud Windows Azure Platform
Microsoft PaaS Cloud Windows Azure PlatformMicrosoft PaaS Cloud Windows Azure Platform
Microsoft PaaS Cloud Windows Azure Platform
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
 
彭—Elastic architecture in cloud foundry and deploy with openstack
彭—Elastic architecture in cloud foundry and deploy with openstack彭—Elastic architecture in cloud foundry and deploy with openstack
彭—Elastic architecture in cloud foundry and deploy with openstack
 
Enterprise Java Virtualization, Sacha Labourey
Enterprise Java Virtualization, Sacha LaboureyEnterprise Java Virtualization, Sacha Labourey
Enterprise Java Virtualization, Sacha Labourey
 
Windows Azure Design Patterns
Windows Azure Design PatternsWindows Azure Design Patterns
Windows Azure Design Patterns
 
Cloud Foundry Bootcamp
Cloud Foundry BootcampCloud Foundry Bootcamp
Cloud Foundry Bootcamp
 
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012
 
Cloud Escrow van Escrow Alliance
Cloud Escrow van Escrow AllianceCloud Escrow van Escrow Alliance
Cloud Escrow van Escrow Alliance
 
Cloud Xero #1 - Intro to Cloud Computing
Cloud Xero #1 - Intro to Cloud ComputingCloud Xero #1 - Intro to Cloud Computing
Cloud Xero #1 - Intro to Cloud Computing
 
WebLogic 12c Developer Deep Dive at Oracle Develop India 2012
WebLogic 12c Developer Deep Dive at Oracle Develop India 2012WebLogic 12c Developer Deep Dive at Oracle Develop India 2012
WebLogic 12c Developer Deep Dive at Oracle Develop India 2012
 
How can Liferay Developers, Deployers move to the Cloud
How can Liferay Developers, Deployers move to the CloudHow can Liferay Developers, Deployers move to the Cloud
How can Liferay Developers, Deployers move to the Cloud
 
Getting Started Developing with Platform as a Service
Getting Started Developing with Platform as a ServiceGetting Started Developing with Platform as a Service
Getting Started Developing with Platform as a Service
 
Discover Clever Cloud
Discover Clever CloudDiscover Clever Cloud
Discover Clever Cloud
 
Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?
 
Windows Azure Platform Overview
Windows Azure Platform OverviewWindows Azure Platform Overview
Windows Azure Platform Overview
 

More from CloudPassage

Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage CareersCloudPassage
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerCloudPassage
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectCloudPassage
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of ITCloudPassage
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloudPassage
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsCloudPassage
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the CloudCloudPassage
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachCloudPassage
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessCloudPassage
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOpsCloudPassage
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesCloudPassage
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityCloudPassage
 
Halo Installfest Slides
Halo Installfest SlidesHalo Installfest Slides
Halo Installfest SlidesCloudPassage
 
BSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the CloudBSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the CloudCloudPassage
 

More from CloudPassage (18)

Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
 
CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage Careers
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated Approach
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud Security
 
Halo Installfest Slides
Halo Installfest SlidesHalo Installfest Slides
Halo Installfest Slides
 
BSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the CloudBSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the Cloud
 

Recently uploaded

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Recently uploaded (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

Delivering Secure OpenStack IaaS for SaaS Products

  • 1. Delivering Secure OpenStack IaaS for SaaS Products Andrew Hay Chief Evangelist andrew@cloudpassage.com twitter.com/andrewsmhay OpenStack Summit 2012 © 2012 CloudPassage Inc. #cloudsec | #openstack
  • 2. Who are you? • Andrew Hay, Chief Evangelist, CloudPassage • Former – Industry Analyst @ 451 Research – Information Security Office @ UofL and bank in Bermuda – Product, Program and Engineering Manager @ Q1 Labs – Linux guy at a few ISPs © 2012 CloudPassage Inc.
  • 3. What does CloudPassage do? Security and compliance automation for public, private and hybrid cloud servers Dynamic Cloud System Integrity Firewall Automation Monitoring & IDS Two-Factor Server Account Authentication Management Server Vulnerability Server Security Scanning Events & Alerting  Eliminates barriers to cloud hosting adoption  Enables cloud hosting & IaaS compliance  Purpose built for cloud from the ground up © 2012 CloudPassage Inc.
  • 4. Topics for today Overview of OpenStack security OpenStack host security Why the cloud makes security hard How to secure OpenStack images © 2012 CloudPassage Inc.
  • 5. Core OpenStack Architecture Horizon Quantum Nova Glance Swift Cinder Keystone © 2012 CloudPassage Inc.
  • 6. OpenStack Security: Quantum • Quantum – Network connectivity as a service – From a flat, shared network to per-tenant routers with private networks – API to let 3rd party vendors „plug in‟ • e.g. Nicera Network Virtualization Platform (NVP) – Supports virtual port isolation, virtual port mirroring, QoS, security profiles and detailed per-port statistics. © 2012 CloudPassage Inc.
  • 7. OpenStack Security: Keystone • Keystone – Identity service used by OpenStack for authentication (authN) and high-level authorization (authZ) – Currently supports token-based authN and user-service authorization. – Recently re-architected to allow for expansion to support proxying external services and AuthN/AuthZ mechanisms • e.g. oAuth, SAML and openID in future versions. keystone user-create --name=nova --pass=Sekr3tPass --tenant_id=[the uuid of the tenant] --email=nova@nothing.com © 2012 CloudPassage Inc.
  • 8. OpenStack Security: Nova # This is the code for the python-keystoneclient script • Nova # Using token auth env variables export SERVICE_ENDPOINT=http://127.0.0.1:5000/v2.0/ export SERVICE_TOKEN=secrete_token – Security keystone user-list groups $ nova secgroup-create openpub "Open for public" keystone tenant-create --name=demonova secgroup-add-rule openpub icmp -1 -1 0.0.0.0/0 $ – Firewall (iptables) $ nova secgroup-add-rule openpub tcp 22 22 0.0.0.0/0 # Using token auth flags keystone --token=secrete --endpoint=http://127.0.0.1:5000/v2.0/ user-list keystone --token=secrete --endpoint=http://127.0.0.1:5000/v2.0/ tenant-create -- name=demo # nova-manage network create --num_networks=100 -- – VLAN‟s fixed_range_v4=172.16.100.0/24 # Using user + password + tenant_name env variables export OS_USERNAME=admin export OS_PASSWORD=secrete export OS_TENANT_NAME=admin keystone user-list keystone tenant-create --name=demo # Using user + password + tenant_name flags keystone --username=admin --password=secrete --tenant_name=admin user-list keystone --username=admin --password=secrete --tenant_name=admin tenant-create -- name=demo – Identity Management with Keystone © 2012 CloudPassage Inc.
  • 9. OpenStack Host Security… © 2012 CloudPassage Inc.
  • 10. Why Secure the Images? • “We have security groups, infrastructure firewall rules and Keystone for authentication so we don’t need to secure the images.” – OpenStack Admin with a Plan. “Everyone has a plan 'till they get punched in the mouth.” – Mike Tyson © 2012 CloudPassage Inc.
  • 11. Why Secure the Images? • Network-based security is only so good in multitenant clouds • The ultimate target is the endpoint – So secure it • You wouldn‟t leave your doors unlocked… – Would you? © 2012 CloudPassage Inc.
  • 12. Why Secure the Images? “Son, we live in a world that has walls, and those walls have to be guarded by men with guns. Who's gonna do it? You? You, Lt. Weinburg?” © 2012 CloudPassage Inc.
  • 13. No “Natural” Segmentation Auth DB DB DB Server core core Firewal l Load App Load App Balancer Server Balancer Server dmz dmz Firewal l public cloud © 2012 CloudPassage Inc.
  • 14. Cloud Servers are More Exposed Load Balancer App App Server Server DB Master public cloud © 2012 CloudPassage Inc.
  • 15. DENY ALL – Helps & Hinders &$#@$*@? Load !?!? Balancer FW App App Server Server FW FW DB Master FW public cloud © 2012 CloudPassage Inc.
  • 16. What About Complex Deployments? Load Load Balancer Balancer FW FW App App App Server Server Server FW FW FW DB DB Master Slave FW FW public cloud © 2012 CloudPassage Inc.
  • 17. What About Dynamic Deployments? Load Load Balancer Balancer FW FW App App App Server Server App Server FW FW Server FW IP DB DB Master Slave FW FW public cloud © 2012 CloudPassage Inc.
  • 18. From De-Provisioned to AHHH!!! Load Load Balancer Balancer FW FW App App Server Server App FW FW Server IP DB DB Master Slave FW FW public cloud © 2012 CloudPassage Inc.
  • 19. Securing OpenStack Nova Images © 2012 CloudPassage Inc.
  • 20. Imagine There‟s No Network • It‟s easy if you try… • We should protect our servers as if they are directly connected to the Internet – Because in some cases, they are. © 2012 CloudPassage Inc.
  • 21. Why secure the OS? • A hardened OS often is the last line of defense in the event of a security compromise. • It is important to note that hardening is not a panacea for security. – It is just another layer in a good security model. • By definition, any machine that is accessible on a network and running services is potentially insecure. – (i.e. pretty much any server) © 2012 CloudPassage Inc.
  • 22. Top 5 Easy Things to Start Securing Your OpenStack Images 1. Disable unnecessary services 2. Remove unneeded packages 3. Restrict access to sensitive files & directories 4. Remove insecure/default configurations 5. Allow administrative access ONLY from trusted servers/clients © 2012 CloudPassage Inc.
  • 23. Disable unnecessary services • Only what is needed…is needed • Shutdown and disable unnecessary services – e.g. telnet, r-services, ftpd, etc. © 2012 CloudPassage Inc.
  • 24. Remove unneeded packages • If it isn‟t being used…why keep it? • If the server doesn‟t need to serve web pages – Remove PHP, Apache/nginx • If it‟s not a database server – Remove MySQL/PostgreSQL © 2012 CloudPassage Inc.
  • 25. Restrict access to sensitive files & directories • Protect what‟s important from prying/malicious eyes • Ensure file permissions restrict access to sensitive files and directories – E.g. /etc/shadow, /etc/ssh/sshd_config, – E.g. /var/tmp/, /tmp/ © 2012 CloudPassage Inc.
  • 26. Remove insecure/default configurations • Disable password authentication for SSH – Force public key authentication – Also, disable empty passwords for users • SSH – Ensure only v2 protocol connections are allowed • Apache – Minimize loadable modules – Disable ServerTokens and ServerSignature directives © 2012 CloudPassage Inc.
  • 27. Allow administrative access ONLY from trusted servers/clients • Leverage the firewall and other tools – Source of corporate network / admin network range – 3rd-party tools like fail2ban • Don‟t allow „server hopping‟ – Most people use keys without passwords to make things easier  • Facilitate on-demand access using two- factor authentication © 2012 CloudPassage Inc.
  • 28. If only we had more time… • More documentation to review: – NIST SP800-123: Guide to General Server Security • http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf – Halo Configuration Policy Rule Checks • http://support.cloudpassage.com/entries/22033142-configuration-policy-rule- checks – CIS Red Hat Enterprise Linux 6 Benchmark v1.1.0 • http://benchmarks.cisecurity.org/en-us/?route=downloads.show.single.rhel6.110 – NSA Security Configuration Guides • http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operatin g_systems.shtml#linux2 © 2012 CloudPassage Inc.
  • 29. Number 6 – Employ Tools Designed for Cloud Environments • You‟ve locked down your server based on the Top 5 – And other guides • Now What? • Rely on a tools built for continuous cloud security: Dynamic Cloud Server Vulnerability Server Account Firewall Automation Scanning Management Two-Factor System Integrity Server Security Authentication Monitoring & IDS Events & Alerting © 2012 CloudPassage Inc.
  • 30. Summary Cloud deployments require a new approach to security Get your house in order before adding tools on top Use tools that work on/with/in cloud environments © 2012 CloudPassage Inc.
  • 31. Summary++ • Don‟t be in such a rush to get to cloud that you trip yourself up… © 2012 CloudPassage Inc.
  • 32. What does CloudPassage do? Security and compliance automation for public, private and hybrid cloud servers Dynamic Cloud System Integrity Firewall Automation Monitoring & IDS Two-Factor Server Account Authentication Management Server Vulnerability Server Security Scanning Events & Alerting  Eliminates barriers to cloud hosting adoption  Enables cloud hosting & IaaS compliance  Purpose built for cloud from the ground up © 2012 CloudPassage Inc.
  • 33. Try Halo FREE - 5 Minute Setup Register at Free Trial! cloudpassage.com Install daemons on cloud servers Configure security policies in Halo web portal © 2012 CloudPassage Inc.
  • 34. We Work Everywhere! © 2012 CloudPassage Inc.
  • 35. The End • Ask questions! – Lots more info: community.cloudpassage.com – Small bits of info: @cloudpassage • Tell me what you think! – Email: andrew@cloudpassage.com – Twitter: @andrewsmhay BTW, • We’re hiring! We’re Sales Engineers, cloud/security Hiring! analysts, rails devs and UX devs – Email: jobs@cloudpassage.com © 2012 CloudPassage Inc.
  • 36. Thank You! Andrew Hay andrew@cloudpassage.com @andrewsmhay @cloudpassage #CloudSec | #OpenStack © 2012 CloudPassage Inc.