Your SlideShare is downloading. ×
0
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Securing Your Data In The Cloud
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Securing Your Data In The Cloud

1,356

Published on

Introduction to data security in the cloud.

Introduction to data security in the cloud.

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • Have you updated this? Nice overview whether you did or not.

    Any insight on fourth Amendment issues w/ government entities accessing your data since you stored it on a 3rd-party's equipment?
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
1,356
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
82
Comments
1
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Securing your Data in the Cloud Omer Trajman Sr. Dir. for Cloud and Virtualization Vertica Systems [email_address]
  • 2. Something old…Something new <ul><li>Before we jump in what do we mean “ Cloud ?” </li></ul><ul><li>Oh….and what do we mean “ securing ?” </li></ul><ul><li>Plus ça change… </li></ul><ul><li>Tools of the trade </li></ul><ul><li>Key takeaways </li></ul>
  • 3. What is….Cloud? <ul><li>What are Cloud Services? </li></ul><ul><li>Other Peoples’ Software </li></ul><ul><li>What are Cloud Platforms? </li></ul><ul><li>Other Peoples’ Frameworks </li></ul><ul><li>What is Cloud Infrastructure? </li></ul><ul><li>Other Peoples’ Hardware </li></ul>
  • 4. Security is a Tradeoff <ul><li>“ Security costs money, but it also costs in time, convenience, capabilities,… ” </li></ul><ul><li>-Bruce Schneier </li></ul><ul><li>Assess how important it is to secure your data </li></ul><ul><li>What are the risks with in-house and cloud? </li></ul><ul><li>Why not keep it under your mattress ? </li></ul>
  • 5. Data Security 101 <ul><li>Confidential and Proprietary </li></ul><ul><li>Secure Communications </li></ul><ul><li>On Disk Encryption </li></ul><ul><li>Private Key Cryptography </li></ul><ul><li>Timeliness of Data </li></ul>
  • 6. History of Keeping Secrets <ul><li>Greeks use coded messages during wartime </li></ul><ul><li>Manuscript for the Deciphering Cryptographic Messages was written circa 800 AD </li></ul><ul><li>Computer Science was nurtured during the World Wars to keep communications secure </li></ul><ul><li>In 1970 IBM invented DES for the NIST to support secure financial transactions </li></ul><ul><li>In 1976 Diffie and Hellman introduced asymmetric key exchange </li></ul>
  • 7. What do we keep Secure Today? <ul><li>Most Security and Military Information </li></ul><ul><li>Some Financial Data </li></ul><ul><li>Some Personal Information </li></ul><ul><li>Some Business Information </li></ul>
  • 8. Tools of the Trade <ul><li>Key Algorithms </li></ul><ul><ul><li>AES, Blowfish, RSA, DH </li></ul></ul><ul><li>Encryption in Place </li></ul><ul><ul><li>PGP, FileVault, Firmware </li></ul></ul><ul><li>Secure Transmission </li></ul><ul><ul><li>SSL, VPN, SSH </li></ul></ul><ul><li>Firewalls </li></ul><ul><ul><li>Comes with your OS </li></ul></ul>
  • 9. Securing the Cloud <ul><li>Create a VPN </li></ul><ul><li>Firewall the host </li></ul><ul><li>Encrypt the disk </li></ul><ul><li>Consider where to keep sensitive data </li></ul>
  • 10. Virtual Private Network <ul><li>Why </li></ul><ul><ul><li>Secure communication between your enterprise and cloud infrastructure </li></ul></ul><ul><li>What </li></ul><ul><ul><li>OpenVPN, Checkpoint, Cisco, CohesiveFT </li></ul></ul>VPN
  • 11. Virtual Private Network <ul><li>How </li></ul><ul><ul><li>VPN Server in your enterprise </li></ul></ul><ul><ul><li>Cloud machine configure to connect over VPN to a server in your enterprise </li></ul></ul><ul><ul><li>Client keys deployed to cloud machines </li></ul></ul><ul><li>Challenges </li></ul><ul><ul><li>Provisioning VPN client software </li></ul></ul><ul><ul><li>Key management for Cloud machines </li></ul></ul><ul><ul><li>Failover if Cloud machines fail </li></ul></ul>
  • 12. <ul><li>Why </li></ul><ul><ul><li>Guard against intrusion, enforce network policies </li></ul></ul><ul><li>What </li></ul><ul><ul><li>IaaS provided, OS Built-in, Checkpoint </li></ul></ul>Firewall VPN
  • 13. Firewall <ul><li>How </li></ul><ul><ul><li>For IaaS there is an API (e.g. Amazon EC2 groups) that controls network access </li></ul></ul><ul><ul><li>Linux Firewall or iptables configuration </li></ul></ul><ul><li>Challenges </li></ul><ul><ul><li>Complex port requirements (e.g. ssh internally and https externally) </li></ul></ul><ul><ul><li>Subtleties in configuration files can lead to a susceptible host </li></ul></ul>
  • 14. Encryption <ul><li>Why </li></ul><ul><ul><li>Prevent malicious or accidental data leaks </li></ul></ul><ul><li>What </li></ul><ul><ul><li>Truecrypt, Encfs, CryptoFS, NTFS Encryption </li></ul></ul>1, Jonathan 2, Susan 3, David 03Wea91ab05841fe1oFVDxa2x99G
  • 15. Encryption <ul><li>How </li></ul><ul><ul><li>DIY – install an encrypted volume on the host </li></ul></ul><ul><ul><li>May come as an IaaS option </li></ul></ul><ul><li>Challenges </li></ul><ul><ul><li>Key management </li></ul></ul><ul><ul><li>Complicates host setup </li></ul></ul><ul><ul><li>Incremental backup/recovery </li></ul></ul>
  • 16. What about Securing Resources? <ul><li>Don’t use passwords (use public/private keys) </li></ul><ul><li>Open minimal ports (use dedicated servers) </li></ul><ul><li>Monitor your system (tripwire, OSSEC) </li></ul><ul><li>Use configuration tools (FireHOL, Bastille) </li></ul><ul><li>Keep Backups (and keep them secure) </li></ul>Client Server Data
  • 17. Future Developments <ul><li>Cloud offerings are constantly changing </li></ul><ul><li>Management as a Service providers will facilitate setup configurations </li></ul><ul><li>Security will become an integrated offering </li></ul><ul><li>Best practices for Cloud security are growing out of enterprise and web security expertise </li></ul>
  • 18. Key Takeaways <ul><li>Security is a trade off </li></ul><ul><li>Use the same tools in the cloud </li></ul><ul><li>VPN, Firewall, Encrypt…Detect and Backup </li></ul><ul><li>Look for solutions from your provider </li></ul><ul><li>Check your service agreement </li></ul>
  • 19. References <ul><li>Twenty Rules for Amazon Cloud Security (George Reese, O’Reilly) </li></ul><ul><li>Three tools to help you configure iptables (Chris Lynch, Linux.com) </li></ul><ul><li>Disk Encryption Tools for Linux </li></ul><ul><li>(Justin Krelc and Ed Tittel, All about Linux) </li></ul><ul><li>VPN labs </li></ul><ul><li>Amazon Security Whitepaper </li></ul><ul><li>thank you – omer@vertica.com </li></ul>

×