• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
CloudSec , don't forget Security in the Cloud !
 

CloudSec , don't forget Security in the Cloud !

on

  • 3,916 views

My CloudSec Lightning talk at CloudCamp Antwerp

My CloudSec Lightning talk at CloudCamp Antwerp

Statistics

Views

Total Views
3,916
Views on SlideShare
3,663
Embed Views
253

Actions

Likes
1
Downloads
43
Comments
0

3 Embeds 253

http://www.krisbuytaert.be 250
http://www.slideshare.net 2
http://translate.googleusercontent.com 1

Accessibility

Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    CloudSec , don't forget Security in the Cloud ! CloudSec , don't forget Security in the Cloud ! Presentation Transcript

    • CloudSec The real voyage of discovery consists in having new eyes . Marcel Proust
    • Kris Buytaert
      • Senior Linux and Open Source Consultant @inuits.be
      • „ Infrastructure Architect“
      • Building Clouds since 2004
      • Surviving the 10 th floor test
      • Co-Author Virtualization with Xen
      • Guest Editor at Virtualization.com
    • The Cloud ? Cloud computing refers to the use of Internet ("cloud") based computer technology for a variety of services. It is a style of computing in which dynamically scalable and often virtualised resources are provided as a service over the Internet. The concept incorporates software as a service (SaaS), Web 2.0 and other recent, well-known technology trends, in which the common theme is reliance on the Internet for satisfying the computing needs of the users.
    • SAAS <(>) Cloud PAAS <(>) Cloud IAAS > Cloud
    • Cloud and Open Source
      • Xen
      • Enomalism
      • openQRM
      • OpenNebula
      • SnowFlock
      • Eucalyptus
      • ScalR
      • Python (Google AppEng)
      • Puppet
      • Chef
      • Hadoop
      • MemcacheD
    • Cloud and Open Source Imagine having to pay software licenses for machines that have only lived 1 hour. And 10000 of them each month
    • The Cloud in 2005 for host in `seq 1 10000` create_vhost { Create LVM partitions Chroot Rsync Configure }
    • CloudSec
      • Deploying in an untrusted domain
        • This is not your average DMZ
        • You don't even own the Vhost
      • Cloud Datacenters Attrackt Attackers
        • Identical Hypervisors => Only 1 exploit needed
        • Cloud Hijacking
      • Pre and Post Deployment
        • What was there and what stays behind ?
    • What changed with Cloud ?
      • Deployment Methods
      • Scale
        • 1 physical machine => MANY VM's
        • Deploy on demand
      • The Network stack
        • System vs Network vs Virtualization
        • Who's network is this anyhow ?
    • What changed with Cloud ? Involvement of IT, or the lack thereof!
    • Flux and Scale
      • Can Traditional HIDS follow the quick changing state of Hosts ?
      • My HA Clusters, are Active Passive, Active Active, or N+M too. Their state is in constant flux too
      • The role Config Management and Platform Automation grows every second.
    • Static Security was DEAD before Virtualization Cloud
      • High Availability Clusters
      • VM Relocation
      • Live Migration
      • Rapid ReDeployment
      • Multiple Instances of a service
    • Image Sprawl, your update nightmare
      • Image sprawl
        • Copy VM, Deploy VM, Modify VM, Copy VM
      • How do you patch 1 VM ?
      • Did you patch before or after that one was copied ?
      • How do you patch 100 VM's ?
      • What about machines that are offline ?
    • Image Sprawl, your update nightmare The biggest challenges we have in virtualization cloud are operational and organizational rather than technical. Christofer Hoff
    • For better nights
      • Automate Deployment
      • Implement Configuration Management
      • Map Security management to Config Mgmt
      • Prepare to Survive the 10 th floor test !
    • Security Advise
      • Increase security as never before
      • Encrypt all inter Vhost traffic
      • FireWall as Never before
      • Don't store critical data in the cloud
        • Use it for analytics
        • Workload offload
        • Volatile data
      • Build your own Private Cloud
    • Security still isn't a product you can buy It's not even a process It's a lifestyle
    • ` Kris Buytaert < [email_address] > Further Reading http://www.krisbuytaert.be/blog/ http://www.inuits.be/ http://www.virtualization.com/ http://www.oreillygmt.com/ ? !
    • SaaSSec
      • One Vendor
      • Full control over
        • His application
        • His application stack
      • Supposed to manage his platform in Secure Fashion
      • But do you TRUST him ?