Bringing Cloud operational benefits to the world of security and privacy<br />Gilad Parann-Nissany<br />http://www.portico...
12/19/2010<br />www.porticor.com           © PORTICOR 2009, 2010<br />2<br />
Goals<br />Focus: public cloud<br />Because its in some ways more challenging than private cloud<br />Focus: IaaS/PaaS<br ...
Shared Technology Vulnerabilities <br />Data Loss/Data Leakage<br />Malicious Insiders <br />Account Service or Hijacking ...
Some known concepts translate to cloud with a twist<br />APIs<br />SaaS security<br />Usage of IaaS<br />And of course, th...
12/19/2010<br />Copyright 2009, 2010 ©Porticor<br />Translating known concepts to cloud<br />Examples<br />…and more<br />
Cloud<br />Data<br />Demo 1<br />12/19/2010<br />Confidential ©Porticor<br />Internet<br />Business<br />Compute<br />
Secure distributed data storage<br />Keys management<br />Hypervisors and virtual machines<br />Role of encryption changes...
Cloud<br />Demo 2<br />12/19/2010<br />Confidential ©Porticor<br />Internet<br />Business<br />Mgmt Site<br />Compute<br /...
Package complex privacy and security technology <br />Get the operations and economics right<br />Pay as you go<br />Priva...
12/19/2010<br />Confidential ©Porticor<br />Thank You!<br />Questions<br />?<br />
Upcoming SlideShare
Loading in …5
×

Cloud Security

1,008 views
928 views

Published on

This presentation was given by Gilad Parann from Porticor on cloud security, as part of a cloud seminar, held on December 2010 by the Israeli software development managers forum - SD forum

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,008
On SlideShare
0
From Embeds
0
Number of Embeds
23
Actions
Shares
0
Downloads
28
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Cloud Security

  1. 1. Bringing Cloud operational benefits to the world of security and privacy<br />Gilad Parann-Nissany<br />http://www.porticor.comcontact@porticor.com<br />SD Forum, December 20th, 2010<br />12/19/2010<br />www.porticor.com © PORTICOR 2009, 2010<br />
  2. 2. 12/19/2010<br />www.porticor.com © PORTICOR 2009, 2010<br />2<br />
  3. 3. Goals<br />Focus: public cloud<br />Because its in some ways more challenging than private cloud<br />Focus: IaaS/PaaS<br />SaaS controlled by vendor<br />Agenda<br />Baseline assumptions<br />Threat analysis<br />What’s really new? What’s not?<br />Cloud-deployed security tools<br />Demo: WAF in the cloud<br />Cloud-specific security considerations<br />Demo: securing the data layer<br />Summary: flexibility in the cloud<br />12/19/2010<br />www.porticor.com © PORTICOR 2009, 2010<br />3<br />“Cloudy” Security<br />
  4. 4. Shared Technology Vulnerabilities <br />Data Loss/Data Leakage<br />Malicious Insiders <br />Account Service or Hijacking of Traffic<br />Insecure APIs <br />Nefarious Use of Service <br />Unknown Risk Profile<br />12/19/2010<br />www.porticor.com © PORTICOR 2009, 2010<br />4<br />Threat Analysis: I/PaaS<br />PaaS<br />Platform as a Service<br />IaaS<br />Infrastructure as a Service<br />(*) courtesy “Cloud Security Alliance: Assuring the future of Cloud Computing”: S. Loureiro, 2010<br />
  5. 5. Some known concepts translate to cloud with a twist<br />APIs<br />SaaS security<br />Usage of IaaS<br />And of course, there is some pretty new stuff<br />More about this later…<br />12/19/2010<br />Copyright 2009, 2010 ©Porticor<br />What’s new? What carries over?<br />
  6. 6. 12/19/2010<br />Copyright 2009, 2010 ©Porticor<br />Translating known concepts to cloud<br />Examples<br />…and more<br />
  7. 7. Cloud<br />Data<br />Demo 1<br />12/19/2010<br />Confidential ©Porticor<br />Internet<br />Business<br />Compute<br />
  8. 8. Secure distributed data storage<br />Keys management<br />Hypervisors and virtual machines<br />Role of encryption changes<br />New data protection measures emerge (i.e. fragmentation)<br />Physical security of cloud environments<br />12/19/2010<br />www.porticor.com © PORTICOR 2009, 2010<br />8<br />Some new considerations<br />
  9. 9. Cloud<br />Demo 2<br />12/19/2010<br />Confidential ©Porticor<br />Internet<br />Business<br />Mgmt Site<br />Compute<br />Data<br />
  10. 10. Package complex privacy and security technology <br />Get the operations and economics right<br />Pay as you go<br />Privacy and security solutions can be brought up in a reasonable time – not months<br />Privacy and security have proper service level guarantees<br />Backed by proper SLA and/or Warranty<br />12/19/2010<br />www.porticor.com © PORTICOR 2009, 2010<br />10<br />Elasticity, Flexibility, Management<br />
  11. 11. 12/19/2010<br />Confidential ©Porticor<br />Thank You!<br />Questions<br />?<br />

×