Securing Your Data In The Cloud

  • 1,276 views
Uploaded on

Introduction to data security in the cloud.

Introduction to data security in the cloud.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • Have you updated this? Nice overview whether you did or not.

    Any insight on fourth Amendment issues w/ government entities accessing your data since you stored it on a 3rd-party's equipment?
    Are you sure you want to
    Your message goes here
    Be the first to like this
No Downloads

Views

Total Views
1,276
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
80
Comments
1
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Securing your Data in the Cloud Omer Trajman Sr. Dir. for Cloud and Virtualization Vertica Systems [email_address]
  • 2. Something old…Something new
    • Before we jump in what do we mean “ Cloud ?”
    • Oh….and what do we mean “ securing ?”
    • Plus ça change…
    • Tools of the trade
    • Key takeaways
  • 3. What is….Cloud?
    • What are Cloud Services?
    • Other Peoples’ Software
    • What are Cloud Platforms?
    • Other Peoples’ Frameworks
    • What is Cloud Infrastructure?
    • Other Peoples’ Hardware
  • 4. Security is a Tradeoff
    • “ Security costs money, but it also costs in time, convenience, capabilities,… ”
    • -Bruce Schneier
    • Assess how important it is to secure your data
    • What are the risks with in-house and cloud?
    • Why not keep it under your mattress ?
  • 5. Data Security 101
    • Confidential and Proprietary
    • Secure Communications
    • On Disk Encryption
    • Private Key Cryptography
    • Timeliness of Data
  • 6. History of Keeping Secrets
    • Greeks use coded messages during wartime
    • Manuscript for the Deciphering Cryptographic Messages was written circa 800 AD
    • Computer Science was nurtured during the World Wars to keep communications secure
    • In 1970 IBM invented DES for the NIST to support secure financial transactions
    • In 1976 Diffie and Hellman introduced asymmetric key exchange
  • 7. What do we keep Secure Today?
    • Most Security and Military Information
    • Some Financial Data
    • Some Personal Information
    • Some Business Information
  • 8. Tools of the Trade
    • Key Algorithms
      • AES, Blowfish, RSA, DH
    • Encryption in Place
      • PGP, FileVault, Firmware
    • Secure Transmission
      • SSL, VPN, SSH
    • Firewalls
      • Comes with your OS
  • 9. Securing the Cloud
    • Create a VPN
    • Firewall the host
    • Encrypt the disk
    • Consider where to keep sensitive data
  • 10. Virtual Private Network
    • Why
      • Secure communication between your enterprise and cloud infrastructure
    • What
      • OpenVPN, Checkpoint, Cisco, CohesiveFT
    VPN
  • 11. Virtual Private Network
    • How
      • VPN Server in your enterprise
      • Cloud machine configure to connect over VPN to a server in your enterprise
      • Client keys deployed to cloud machines
    • Challenges
      • Provisioning VPN client software
      • Key management for Cloud machines
      • Failover if Cloud machines fail
  • 12.
    • Why
      • Guard against intrusion, enforce network policies
    • What
      • IaaS provided, OS Built-in, Checkpoint
    Firewall VPN
  • 13. Firewall
    • How
      • For IaaS there is an API (e.g. Amazon EC2 groups) that controls network access
      • Linux Firewall or iptables configuration
    • Challenges
      • Complex port requirements (e.g. ssh internally and https externally)
      • Subtleties in configuration files can lead to a susceptible host
  • 14. Encryption
    • Why
      • Prevent malicious or accidental data leaks
    • What
      • Truecrypt, Encfs, CryptoFS, NTFS Encryption
    1, Jonathan 2, Susan 3, David 03Wea91ab05841fe1oFVDxa2x99G
  • 15. Encryption
    • How
      • DIY – install an encrypted volume on the host
      • May come as an IaaS option
    • Challenges
      • Key management
      • Complicates host setup
      • Incremental backup/recovery
  • 16. What about Securing Resources?
    • Don’t use passwords (use public/private keys)
    • Open minimal ports (use dedicated servers)
    • Monitor your system (tripwire, OSSEC)
    • Use configuration tools (FireHOL, Bastille)
    • Keep Backups (and keep them secure)
    Client Server Data
  • 17. Future Developments
    • Cloud offerings are constantly changing
    • Management as a Service providers will facilitate setup configurations
    • Security will become an integrated offering
    • Best practices for Cloud security are growing out of enterprise and web security expertise
  • 18. Key Takeaways
    • Security is a trade off
    • Use the same tools in the cloud
    • VPN, Firewall, Encrypt…Detect and Backup
    • Look for solutions from your provider
    • Check your service agreement
  • 19. References
    • Twenty Rules for Amazon Cloud Security (George Reese, O’Reilly)
    • Three tools to help you configure iptables (Chris Lynch, Linux.com)
    • Disk Encryption Tools for Linux
    • (Justin Krelc and Ed Tittel, All about Linux)
    • VPN labs
    • Amazon Security Whitepaper
    • thank you – omer@vertica.com