• Share
  • Email
  • Embed
  • Like
  • Private Content
Securing the cloud
 

Securing the cloud

on

  • 240 views

This presentation is my keynote from the Business Meets IT cloud security seminar from 2 years ago, and it is still relevant! What is cloud security, and what is security in the cloud? I also included ...

This presentation is my keynote from the Business Meets IT cloud security seminar from 2 years ago, and it is still relevant! What is cloud security, and what is security in the cloud? I also included some best practices for European companies that are moving to the cloud

Statistics

Views

Total Views
240
Views on SlideShare
235
Embed Views
5

Actions

Likes
0
Downloads
4
Comments
0

2 Embeds 5

http://www.linkedin.com 4
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Securing the cloud Securing the cloud Presentation Transcript

    • SECURING THE CLOUD ERWIN GEIRNAERT CO-FOUNDER ZION SECURITY
    • 693.000.000 SEARCH RESULTS And everybody has to say something about cloud security, including me!
    • 25 YEARS OF CLOUD Domain Name System (DNS)
    • SECURE CLOUD?
    • SECURE CLOUD?
    • WHAT’S IN A NAME SECURE CLOUD CLOUD SECURITY • Secure environment • Security-as-aservice • In an (external) datacenter • Multi-tenant • SLA • Buy online • Mail security • Web security • Web application security • Vulnerability scanning • Anti-virus • Anti-malware
    • WHAT IS NOT CLOUD • Virtual version of hardware appliance • Next Generation Hosting
    • CLOUD SECURITY ALLIANCE Security Control & Compliance
    • SECURE CLOUD REQUIREMENTS • Secure datacenter • Secure network • Secure infrastructure • Secure OS • Secure application • Secure Keep-it-running • Secure employees • Secure logging
    • COMPARING CLOUDS Which one is the best?
    • WHAT WE SEE • Traditional hosting providers still struggle to secure their classical hosting environment • • • Web site security offering = SSL certificates! Shared hosting is bad for security but follow the same approach to setup cloud Hosting providers use other cloud providers services • • Without the client his knowledge • Without any legal binding contract • Without any SLA • In a different country  Belgian Court has a lot of problems with non-Belgian hosting • • Inadequate logging of the cloud provider • Takes a lot of time to get the information with a court order • Most providers don’t give information or too late Insider threat: employees with a company credit card • We found a cheap cloud provider in Russia called SpamEngine
    • WHAT IS NOT THE RIGHT WAY The DIY approach is not leveraging the power of a secure cloud: • Installing & configuring your virtual firewall • Installing & configuring your web application firewall • Install your Operating System • Patching yourself • Monitoring yourself • Do your own software installations & upgrades
    • MALWARE ATTACKS • Most cloud-based applications and cloud administration require only username/password • Malware like ZeuS/SpyEye that attack homebanking also collect credentials • • • • • Twitter/Facebook/… Salesforce.com? Amazon AWS? Credentials are sold on Internet and automatically abused by malware running in the cloud Require from your cloud provider: • • • • Strong authentication SSL VPN for remote management IP blocking Logging + logging + logging + logging
    • SECURE CLOUD INNOVATIONS
    • SOME THOUGHTS • FISA: Foreign Intelligence Surveillance Act • Data stored in the US can be inspected and copied • • Without telling you…. Just think about data encryption • Where are the keys stored? • How are you sure it is really encrypted? • Same for China: • What is stored in China is copied! • A new U.S. intelligence report declares the most active and persistent perpetrator of economic espionage is China • http://www.defensenews.com/story.php?i=8160472&&s=T OP
    • WHAT YOU NEED • Moving to the cloud can be a security catalysator for your existing infrastructure and applications! • Moving is not copying your virtual machines!!!!!!!!!!!!!!! • Stay in the European Union with all your data • Log everything to a different cloud provider or on-premise • Do not trust the logo on the flashy web site, review the audit reports • Monitor the SLA • Classify data and locations
    • ADVANCED CLOUD HACKING CIA Drone landed in IRAN - GPS SPOOFING
    • SECURITY FOR LIFE Music for Life 2011 – We do give a shit!
    • QUESTIONS erwin.geirnaert@zionsecurity.com @ZIONSECURITY www.zionsecurity.com www.zionsecured.com