Your SlideShare is downloading. ×

Cloud Security: Ten Things

7,065

Published on

If you're in IT, it's important to understand that your users are fully embracing the cloud. Understanding cloud security including how to utilize API calls safely and securely, the importance of …

If you're in IT, it's important to understand that your users are fully embracing the cloud. Understanding cloud security including how to utilize API calls safely and securely, the importance of Firewalls (yes, even in the cloud!) as well as ensuring redundancy and availability needs to be kept in the forefront of all cloud deployments. This presentation will help you to talk about cloud security in a non-confrontational way with your users.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
7,065
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Transcript

    • 1. 10 Things Ive LearnedAbout Cloud Security & Other Stuff Bill Mathews (@billford)
    • 2. Introduction
    • 3. Introduction• Who Am I?
    • 4. Introduction• Who Am I?• Why Am I Here?
    • 5. Introduction• Who Am I?• Why Am I Here?• Why I Care About The Cloud
    • 6. Introduction• Who Am I?• Why Am I Here?• Why I Care About The Cloud• Why You Should Too
    • 7. Top 10 Lists
    • 8. Top 10 Lists • Assumes too much knowledge
    • 9. Top 10 Lists • Assumes too much knowledge • Makes me turn green with rage
    • 10. Top 10 Lists • Assumes too much knowledge • Makes me turn green with rage • However it is an easier way to break things down so this is just 10 things Ive learned
    • 11. Top 10 Lists • Assumes too much knowledge • Makes me turn green with rage • However it is an easier way to break things down so this is just 10 things Ive learned • I wanted to provide a basic framework for discussion
    • 12. Why Cloud? Why? ^^ Very popular question The #1 reason and really the only one you need is that your users are using it. It doesnt matter what you think, what your feelings are, theyre using it and you better get a grip on it.
    • 13. Control Panels –A Tale of Two Techs
    • 14. Control Panels –A Tale of Two Techs • Good / Bad and can be really really ugly
    • 15. Control Panels –A Tale of Two Techs • Good / Bad and can be really really ugly • Really depends on the provider
    • 16. Control Panels –A Tale of Two Techs • Good / Bad and can be really really ugly • Really depends on the provider • Can be very granular
    • 17. Control Panels –A Tale of Two Techs • Good / Bad and can be really really ugly • Really depends on the provider • Can be very granular • Can be very limiting
    • 18. Uptime/Downtime –Ouch That Hurts
    • 19. Uptime/Downtime –Ouch That Hurts • This is NOT a problem limited to the cloud
    • 20. Uptime/Downtime –Ouch That Hurts • This is NOT a problem limited to the cloud • This is a computer problem
    • 21. Uptime/Downtime –Ouch That Hurts • This is NOT a problem limited to the cloud • This is a computer problem • Budgetary Considerations
    • 22. Uptime/Downtime –Ouch That Hurts • This is NOT a problem limited to the cloud • This is a computer problem • Budgetary Considerations • Personal Experiences (Oh Amazon, what have you done?)
    • 23. APIs – The Bars ofThe Cloudy Jail
    • 24. APIs – The Bars ofThe Cloudy Jail • A brief history of API
    • 25. APIs – The Bars ofThe Cloudy Jail • A brief history of API • What can an API do for you?
    • 26. APIs – The Bars ofThe Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them
    • 27. APIs – The Bars ofThe Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them • Why you should hate them
    • 28. APIs – The Bars ofThe Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them • Why you should hate them • Why you should strongly distrust them
    • 29. APIs – The Bars ofThe Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them • Why you should hate them • Why you should strongly distrust them • You should really get to know them though, seriously
    • 30. Firewalls Are Dead...Long Live Firewalls
    • 31. Firewalls Are Dead...Long Live Firewalls• Death of firewalls in the cloud
    • 32. Firewalls Are Dead...Long Live Firewalls• Death of firewalls in the cloud• Rebirth of firewalls in the cloud
    • 33. Firewalls Are Dead...Long Live Firewalls• Death of firewalls in the cloud• Rebirth of firewalls in the cloud• Benefits
    • 34. Firewalls Are Dead...Long Live Firewalls• Death of firewalls in the cloud• Rebirth of firewalls in the cloud• Benefits• Pitfalls
    • 35. Firewalls Are Dead...Long Live Firewalls• Death of firewalls in the cloud• Rebirth of firewalls in the cloud• Benefits• Pitfalls• Cautionary Tales
    • 36. Redundancy –No The Cloud Isnt Magic
    • 37. Redundancy –No The Cloud Isnt Magic • Yes you still have to plan for redundancy and availability, even in the cloud
    • 38. Redundancy –No The Cloud Isnt Magic • Yes you still have to plan for redundancy and availability, even in the cloud • Marketing people lie (are you shocked yet?)
    • 39. Redundancy –No The Cloud Isnt Magic • Yes you still have to plan for redundancy and availability, even in the cloud • Marketing people lie (are you shocked yet?) • Load Balancing across one provider is cool
    • 40. Redundancy –No The Cloud Isnt Magic • Yes you still have to plan for redundancy and availability, even in the cloud • Marketing people lie (are you shocked yet?) • Load Balancing across one provider is cool • Load Balancing across multiple providers would be mega-awesome-cool
    • 41. Encrypt Early /Encrypt Often
    • 42. Encrypt Early /Encrypt Often • Seriously, just encrypt your stuff
    • 43. Encrypt Early /Encrypt Often • Seriously, just encrypt your stuff • Logsup experiences
    • 44. Encrypt Early /Encrypt Often • Seriously, just encrypt your stuff • Logsup experiences • Multi-tenancy is an element of the cloud you cannot control
    • 45. Encrypt Early /Encrypt Often • Seriously, just encrypt your stuff • Logsup experiences • Multi-tenancy is an element of the cloud you cannot control • Same can be said of your VMWare, Xen, whatever infrastructure
    • 46. Cloud is Cheap!
    • 47. Cloud is Cheap! • Infrastructure as a Service (IaaS)
    • 48. Cloud is Cheap! • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS)
    • 49. Cloud is Cheap! • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Software as a Service (Saas)
    • 50. Cloud is Cheap! • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Software as a Service (Saas) • Cost vs Benefit vs Pulling Your Hair Out (like me)
    • 51. Logs in the Cloud –Long May it Rain
    • 52. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too
    • 53. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too•www.loggly.com
    • 54. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too•www.loggly.com•www.splunkstorm.com
    • 55. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too•www.loggly.com•www.splunkstorm.com• Access to your logs
    • 56. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too•www.loggly.com•www.splunkstorm.com• Access to your logs• What to expect
    • 57. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too•www.loggly.com•www.splunkstorm.com• Access to your logs• What to expect• What not to expect
    • 58. SLA or Seriously,Lawyers Again
    • 59. SLA or Seriously,Lawyers Again • Service Level Agreements
    • 60. SLA or Seriously,Lawyers Again • Service Level Agreements • Uptime guarantees
    • 61. SLA or Seriously,Lawyers Again • Service Level Agreements • Uptime guarantees • Compensation for violation
    • 62. SLA or Seriously,Lawyers Again • Service Level Agreements • Uptime guarantees • Compensation for violation • Some examples
    • 63. Random Stuff
    • 64. Random Stuff• Monitoring in/for the Cloud
    • 65. Random Stuff• Monitoring in/for the Cloud• Amazonian Law
    • 66. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine
    • 67. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine• Uses for various cloud tech
    • 68. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine• Uses for various cloud tech • Password Cracking/Brute Force
    • 69. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine• Uses for various cloud tech • Password Cracking/Brute Force • Penetration Testing
    • 70. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine• Uses for various cloud tech • Password Cracking/Brute Force • Penetration Testing • QA Testing
    • 71. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine• Uses for various cloud tech • Password Cracking/Brute Force • Penetration Testing • QA Testing • Auditing
    • 72. Wrap Up / Q&A• Wrap Up• Q&A• Possible Brawl?• This Presentation is Licensed Under Creative Commons

    ×