Cloud trust
Upcoming SlideShare
Loading in...5
×
 

Cloud trust

on

  • 421 views

 

Statistics

Views

Total Views
421
Views on SlideShare
421
Embed Views
0

Actions

Likes
0
Downloads
17
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Cloud trust Cloud trust Presentation Transcript

    • InCloud
      WeTrust
      Not so fast!
      “I’m Cloud Confused” series
    • If you’re new to Cloud Computing,
      or just confused…
      Please try
      http://www.slideshare.net/Guppers/im-cloud-confused
    • the biggest Cloud Computing
      concerns are…
      Security
      Privacy
    • Fundamental Question
      Is Cloud Computing
      security weaker
      than
      EnterpriseSecurity?
    • a Typical Reaction
      when asks about security
      SHA256
      X.509
      Salt
      AES
      PKCS
      IV
      DES
    • the street
      Security is….
      Boring
      Heard it on
      Complex
      Hacker stuff
      Kills usability
      Necessary Evil
      Complicates my life
    • Let’s make it simple
      Child Play
    • Let’s pick a simple story
      You worked hard this year,
      you bought a pile of gold bars
    • Where should you storethem?
      House?
      Bank?
      Your House
      Your Bank
    • What does this thief think?

    • Plenty of valuableassets,
      but it may have elaborate
      securityprotection in place
      Bank
    • Some valuableassets,
      security protection may not
      as elaborate
      House
    • What would you do to boost
      your protection?
    • Yes, build layers of defense
    • Put the fenceup
      Put
    • Install additional door locks
    • Let’s also install alarmsystem
      and surveillancecameras
    • Feel Better?
    • Oh, don’t forget about
      adisasterplan
    • Knock, knock
      Who’s there?
    • You control who hasaccessto your house
    • And, pretty sure
      yourinner circle won’t steal from you
    • Let’s translate…
      Corporate Data
      IT Assets(Software, Hardware)
      Employees
    • You feel totally in control
    • Whyin the world
      you would give up control?
    • ..and many eyes aim at big prizes
    • when delegating security to other…
      a few things to consider….
    • It’s all about
      It’s all about Trust
      Trust
    • Do you trust them that they’ll still be in the
      business
      tomorrow?
      Help!
      Ex-Cloud Provider will
      work for Food
    • Didn’t we see this before?
    • Recommendation
      Pick servicesthat are
      backed by major players
    • Data Lost
      It is unlikely.
      Reputable Cloud Providers copy data 3-4 times
    • However, it is normal to store
      highly value-able datain
      two or more different cloud providers
      Data
      Service
      replicated
      replicated
      Cloud Provider 1
      Cloud Provider 2
    • Data Privacy
      Confidentiality
    • Data in Transit
      data
      Internet
      Cloud Provider
      It can be secured using encryption technology, e.g. SSL
      It is used especially for sensitive data
    • Data at Rest
      Cloud Provider
      Biggest prize for attackers!
      More and more cloud providers are developing nativedata encryption
      Even if it is stolen, it will be useless for attackers
    • You can pick whereyour data resides
    • Physical Access
      Cloud Provider
      Data Center
    • Security processes are typically
      in place for physical access
      Background Check
      Two factor authentication
      Intrusion detection system
      Audit
      Video surveillance
    • Multi tenant
      Infrastructure
      Corporate 4
      Corporate 3
      Corporate 2
      Corporate 1
      …infrastructure is shared by many corporations (tenant)
    • Will vulnerabilityin one company
      affect others in the cloud?
    • Cloud Providers use
      isolationtechniques
      Data Isolation
      Virtualization
      Computing Isolation
      a vulnerability in one tenant has little impact on other tenants
    • Identity
    • Unwanted guest
      Employees
      Cloud Computing
      Suppliers
      Customers
    • Potential External Entry Points
      Web SiteHTTP(S)
      Database
      Queue
      Web ServicesHTTP(S)
      Custom
      Blob(Files, Docs)
      Worker VM
      XYZCorp.com
    • Typical access to a web site
      hosted in the Cloud
    • Example of
      astronger authentication process
      for sensitive web site
      A8KP
    • Accessing other Cloud Services
      (Example)
      Address
      https://aservice.mycloudprov.net
      Key2
      Key1
      R3ZhU3xAmLIEAnRRyiMHx…
      xFAlNx4VeRDGQgSQI…
    • Control which networkor machineshave access
      98.237.178.63
      83.231.32.17
    • Let’s look at from
      cloud infrastructure provider’s
      perspectives
    • TypicalSLAs to compete
      around
      99.95
      % uptime
    • It is in their best interest to
      maintain reputation,
      best security practice
      their business depends on it
    • Headlines they try hard to avoid
      Data is stolen from ….
      …. has been down
      since yesterday
      Security breach at data center….
    • Should you migrate all to Cloud?
    • NO
      Cloud Computing
      is still at infancy
    • Trust is Always Earned,
      NeverGiven
      ---R. Williams
    • Migrate
      non-critical business operations,
      departmental level data first
      and Observe!
      Enterprise
    • It’s not as difficultas you think
      simplicity, agility and elasticity
      (another topic for further discussion)
    • Excited about new possibilities in
      cloudspace?
    • Follow discussions and
      presentations on
      facebook
      “I’m Cloud Confused”
      http://www.facebook.com/pages/Im-Cloud-Confused/219897591208?ref=ts
    • You
      Us
      10simple questions,2minutes to completehttp://surveymonkey.com/s.aspx?sm=NrndNTZkoG6j8BWJYejC1g_3d_3d
      Will Publish Results on
      facebook
    • Want to try Cloudfor your business now ?
      Only a few minutes to setup
      http://www.slideshare.net/Guppers/guppers-3-minute-walkthrough
    • For more presentations like this, visit,
      follow, subscribe to:
      Blog: http://www.andyharjanto.com
      Twitter: http://twitter.com/harjanto
      Contact: andy@guppers.com