Cloud Security: Ten Things

7,273
-1

Published on

If you're in IT, it's important to understand that your users are fully embracing the cloud. Understanding cloud security including how to utilize API calls safely and securely, the importance of Firewalls (yes, even in the cloud!) as well as ensuring redundancy and availability needs to be kept in the forefront of all cloud deployments. This presentation will help you to talk about cloud security in a non-confrontational way with your users.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
7,273
On Slideshare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
34
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Cloud Security: Ten Things

    1. 1. 10 Things Ive LearnedAbout Cloud Security & Other Stuff Bill Mathews (@billford)
    2. 2. Introduction
    3. 3. Introduction• Who Am I?
    4. 4. Introduction• Who Am I?• Why Am I Here?
    5. 5. Introduction• Who Am I?• Why Am I Here?• Why I Care About The Cloud
    6. 6. Introduction• Who Am I?• Why Am I Here?• Why I Care About The Cloud• Why You Should Too
    7. 7. Top 10 Lists
    8. 8. Top 10 Lists • Assumes too much knowledge
    9. 9. Top 10 Lists • Assumes too much knowledge • Makes me turn green with rage
    10. 10. Top 10 Lists • Assumes too much knowledge • Makes me turn green with rage • However it is an easier way to break things down so this is just 10 things Ive learned
    11. 11. Top 10 Lists • Assumes too much knowledge • Makes me turn green with rage • However it is an easier way to break things down so this is just 10 things Ive learned • I wanted to provide a basic framework for discussion
    12. 12. Why Cloud? Why? ^^ Very popular question The #1 reason and really the only one you need is that your users are using it. It doesnt matter what you think, what your feelings are, theyre using it and you better get a grip on it.
    13. 13. Control Panels –A Tale of Two Techs
    14. 14. Control Panels –A Tale of Two Techs • Good / Bad and can be really really ugly
    15. 15. Control Panels –A Tale of Two Techs • Good / Bad and can be really really ugly • Really depends on the provider
    16. 16. Control Panels –A Tale of Two Techs • Good / Bad and can be really really ugly • Really depends on the provider • Can be very granular
    17. 17. Control Panels –A Tale of Two Techs • Good / Bad and can be really really ugly • Really depends on the provider • Can be very granular • Can be very limiting
    18. 18. Uptime/Downtime –Ouch That Hurts
    19. 19. Uptime/Downtime –Ouch That Hurts • This is NOT a problem limited to the cloud
    20. 20. Uptime/Downtime –Ouch That Hurts • This is NOT a problem limited to the cloud • This is a computer problem
    21. 21. Uptime/Downtime –Ouch That Hurts • This is NOT a problem limited to the cloud • This is a computer problem • Budgetary Considerations
    22. 22. Uptime/Downtime –Ouch That Hurts • This is NOT a problem limited to the cloud • This is a computer problem • Budgetary Considerations • Personal Experiences (Oh Amazon, what have you done?)
    23. 23. APIs – The Bars ofThe Cloudy Jail
    24. 24. APIs – The Bars ofThe Cloudy Jail • A brief history of API
    25. 25. APIs – The Bars ofThe Cloudy Jail • A brief history of API • What can an API do for you?
    26. 26. APIs – The Bars ofThe Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them
    27. 27. APIs – The Bars ofThe Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them • Why you should hate them
    28. 28. APIs – The Bars ofThe Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them • Why you should hate them • Why you should strongly distrust them
    29. 29. APIs – The Bars ofThe Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them • Why you should hate them • Why you should strongly distrust them • You should really get to know them though, seriously
    30. 30. Firewalls Are Dead...Long Live Firewalls
    31. 31. Firewalls Are Dead...Long Live Firewalls• Death of firewalls in the cloud
    32. 32. Firewalls Are Dead...Long Live Firewalls• Death of firewalls in the cloud• Rebirth of firewalls in the cloud
    33. 33. Firewalls Are Dead...Long Live Firewalls• Death of firewalls in the cloud• Rebirth of firewalls in the cloud• Benefits
    34. 34. Firewalls Are Dead...Long Live Firewalls• Death of firewalls in the cloud• Rebirth of firewalls in the cloud• Benefits• Pitfalls
    35. 35. Firewalls Are Dead...Long Live Firewalls• Death of firewalls in the cloud• Rebirth of firewalls in the cloud• Benefits• Pitfalls• Cautionary Tales
    36. 36. Redundancy –No The Cloud Isnt Magic
    37. 37. Redundancy –No The Cloud Isnt Magic • Yes you still have to plan for redundancy and availability, even in the cloud
    38. 38. Redundancy –No The Cloud Isnt Magic • Yes you still have to plan for redundancy and availability, even in the cloud • Marketing people lie (are you shocked yet?)
    39. 39. Redundancy –No The Cloud Isnt Magic • Yes you still have to plan for redundancy and availability, even in the cloud • Marketing people lie (are you shocked yet?) • Load Balancing across one provider is cool
    40. 40. Redundancy –No The Cloud Isnt Magic • Yes you still have to plan for redundancy and availability, even in the cloud • Marketing people lie (are you shocked yet?) • Load Balancing across one provider is cool • Load Balancing across multiple providers would be mega-awesome-cool
    41. 41. Encrypt Early /Encrypt Often
    42. 42. Encrypt Early /Encrypt Often • Seriously, just encrypt your stuff
    43. 43. Encrypt Early /Encrypt Often • Seriously, just encrypt your stuff • Logsup experiences
    44. 44. Encrypt Early /Encrypt Often • Seriously, just encrypt your stuff • Logsup experiences • Multi-tenancy is an element of the cloud you cannot control
    45. 45. Encrypt Early /Encrypt Often • Seriously, just encrypt your stuff • Logsup experiences • Multi-tenancy is an element of the cloud you cannot control • Same can be said of your VMWare, Xen, whatever infrastructure
    46. 46. Cloud is Cheap!
    47. 47. Cloud is Cheap! • Infrastructure as a Service (IaaS)
    48. 48. Cloud is Cheap! • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS)
    49. 49. Cloud is Cheap! • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Software as a Service (Saas)
    50. 50. Cloud is Cheap! • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Software as a Service (Saas) • Cost vs Benefit vs Pulling Your Hair Out (like me)
    51. 51. Logs in the Cloud –Long May it Rain
    52. 52. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too
    53. 53. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too•www.loggly.com
    54. 54. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too•www.loggly.com•www.splunkstorm.com
    55. 55. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too•www.loggly.com•www.splunkstorm.com• Access to your logs
    56. 56. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too•www.loggly.com•www.splunkstorm.com• Access to your logs• What to expect
    57. 57. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too•www.loggly.com•www.splunkstorm.com• Access to your logs• What to expect• What not to expect
    58. 58. SLA or Seriously,Lawyers Again
    59. 59. SLA or Seriously,Lawyers Again • Service Level Agreements
    60. 60. SLA or Seriously,Lawyers Again • Service Level Agreements • Uptime guarantees
    61. 61. SLA or Seriously,Lawyers Again • Service Level Agreements • Uptime guarantees • Compensation for violation
    62. 62. SLA or Seriously,Lawyers Again • Service Level Agreements • Uptime guarantees • Compensation for violation • Some examples
    63. 63. Random Stuff
    64. 64. Random Stuff• Monitoring in/for the Cloud
    65. 65. Random Stuff• Monitoring in/for the Cloud• Amazonian Law
    66. 66. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine
    67. 67. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine• Uses for various cloud tech
    68. 68. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine• Uses for various cloud tech • Password Cracking/Brute Force
    69. 69. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine• Uses for various cloud tech • Password Cracking/Brute Force • Penetration Testing
    70. 70. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine• Uses for various cloud tech • Password Cracking/Brute Force • Penetration Testing • QA Testing
    71. 71. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine• Uses for various cloud tech • Password Cracking/Brute Force • Penetration Testing • QA Testing • Auditing
    72. 72. Wrap Up / Q&A• Wrap Up• Q&A• Possible Brawl?• This Presentation is Licensed Under Creative Commons
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×