Your SlideShare is downloading. ×
WSTA Breakfast Seminar
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

WSTA Breakfast Seminar

901
views

Published on

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
901
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • I have 30 minutes for a 2 hour talk, so I’ll cover this at a high level, and I’ll make myself available for more detailed questions afterwards.
  • Transcript

    • 1. ―If you think technology can solveyour security problems, then youdon’t understand the problems andyou don’t understand thetechnology.‖– Bruce Schneier
    • 2. EVERYTHING OLD IS NEW AGAIN:Risk, Compliance, and ComplexityMe: Joshua McKentyTwitter: @jmckentyEmail: joshua@pistoncloud.comFormer Chief Architect, NASA NebulaFounding Member, OpenStackOpenStack Project Policy BoardCEO, Piston Cloud Computing, Inc.
    • 3. Step 1: Define Cloud―Self-service provisioning of multi-tenant ITinfrastructure and applications via HTTP.‖Step 2: Consider Your Cloud Options Public Cloud Community Cloud Hosted Private Cloud On-premise Private cloud
    • 4. Step 3: Examine the risks Increased Insider Threat Complexity Risk Compliance Challenges Liability and Forensics ―…security and compliance costs continue to grow at a rate three times faster than that of IT budgets.‖ - IBM
    • 5. Five-Actor Model Vendor End-User Operator DevOps Auditor User
    • 6. Off Premise IT: A Matrix of Insiders Physical Host Access Guest Access Application Access AccessYour Employees X XYour Contractors X XManagedServices ? XProviderCloud Service X X XProvidersExternal Auditor X X XOther Cloud ? ?UsersDC Operators X ?
    • 7. Complexity Risk―If we don’t understand the cross-cutting effects andinherent contradictions in all of the stringent standardsnow being written into final form, we risk doing realdamage to the sound, stable and — yes — profitablefinancial industry regulators say they support and theeconomies sorely need.‖ - Karen Petrou, Federal Financial Analytics―Complexity is holding our industry back right now. A lotof what is bought and paid for doesnt get implementedbecause of complexity. Maybe this is the industrysbiggest challenge.‖ - Ray Lane, Kleiner Perkins Caufield & Byers
    • 8. YOUR VENDOR IS THE ENEMYTrivial Solution: Add a root kit Guest Agent == Root Kit SaaS Logging == Root Kit Cloud Orchestration Agent == Root Kit Monitoring Agent == Root KitReal Solution: Attack Complexity Cloud can be evolutionary (not revolutionary) Fight sprawl with strong standards Use automation and standards to reduce the number of privileged users and applications Limit choice – one hypervisor, two base O/S, three application stacks
    • 9. Logging in Depth Network Host Operating System Guest Operating System User and application events Cloud Orchestration Application Layer
    • 10. Audit in Depth, with Standards Audit at all layers Host Environment Cloud Management Guest Environment OrchestrationTrust no one – even in Test and Dev Data-at-rest encryption Data integrity validation Hardened base O/S images
    • 11. The Stack of Concerns Application DevOps Application Server Guest OS Hypervisor Operator Storage Infrastructure Host OS Physical Server
    • 12. Key Takeaways Complexity is the enemy Adding rootkits is the wrong solution Use automation to limit access Simplify services using Pareto’s Law
    • 13. Piston Enterprise OS Secure Cloud Operating System Designed for Enterprise Private Clouds Built on OpenStackPiston Cloud Computing, Inc. Former NASA Researchers Developed first FISMA-certified Cloud Founders of OpenStack
    • 14. Opinionated Software One hypervisor No host OS access One reference architecture
    • 15. Questions?―We can only see a short distanceahead, but we can see plenty there thatneeds to be done.‖ – Alan Turing

    ×