Securing Your Data In The Cloud

Securing your Data in the Cloud Omer Trajman Sr. Dir. for Cloud and Virtualization Vertica Systems [email_address]

Something old…Something new
Before we jump in what do we mean “ Cloud ?”
Oh….and what do we mean “ securing ?”
Plus ça change…
Tools of the trade
Key takeaways

What is….Cloud?
What are Cloud Services?
Other Peoples’ Software
What are Cloud Platforms?
Other Peoples’ Frameworks
What is Cloud Infrastructure?
Other Peoples’ Hardware

Security is a Tradeoff
“ Security costs money, but it also costs in time, convenience, capabilities,… ”
-Bruce Schneier
Assess how important it is to secure your data
What are the risks with in-house and cloud?
Why not keep it under your mattress ?

Data Security 101
Confidential and Proprietary
Secure Communications
On Disk Encryption
Private Key Cryptography
Timeliness of Data

History of Keeping Secrets
Greeks use coded messages during wartime
Manuscript for the Deciphering Cryptographic Messages was written circa 800 AD
Computer Science was nurtured during the World Wars to keep communications secure
In 1970 IBM invented DES for the NIST to support secure financial transactions
In 1976 Diffie and Hellman introduced asymmetric key exchange

What do we keep Secure Today?
Most Security and Military Information
Some Financial Data
Some Personal Information
Some Business Information

Tools of the Trade
Key Algorithms
AES, Blowfish, RSA, DH
Encryption in Place
PGP, FileVault, Firmware
Secure Transmission
SSL, VPN, SSH
Firewalls
Comes with your OS

Securing the Cloud
Create a VPN
Firewall the host
Encrypt the disk
Consider where to keep sensitive data

Virtual Private Network
Why
Secure communication between your enterprise and cloud infrastructure
What
OpenVPN, Checkpoint, Cisco, CohesiveFT
VPN

Virtual Private Network
How
VPN Server in your enterprise
Cloud machine configure to connect over VPN to a server in your enterprise
Client keys deployed to cloud machines
Challenges
Provisioning VPN client software
Key management for Cloud machines
Failover if Cloud machines fail

Why
Guard against intrusion, enforce network policies
What
IaaS provided, OS Built-in, Checkpoint
Firewall VPN

Firewall
How
For IaaS there is an API (e.g. Amazon EC2 groups) that controls network access
Linux Firewall or iptables configuration
Challenges
Complex port requirements (e.g. ssh internally and https externally)
Subtleties in configuration files can lead to a susceptible host

Encryption
Why
Prevent malicious or accidental data leaks
What
Truecrypt, Encfs, CryptoFS, NTFS Encryption
1, Jonathan 2, Susan 3, David 03Wea91ab05841fe1oFVDxa2x99G

Encryption
How
DIY – install an encrypted volume on the host
May come as an IaaS option
Challenges
Key management
Complicates host setup
Incremental backup/recovery

What about Securing Resources?
Don’t use passwords (use public/private keys)
Open minimal ports (use dedicated servers)
Monitor your system (tripwire, OSSEC)
Use configuration tools (FireHOL, Bastille)
Keep Backups (and keep them secure)
Client Server Data

Future Developments
Cloud offerings are constantly changing
Management as a Service providers will facilitate setup configurations
Security will become an integrated offering
Best practices for Cloud security are growing out of enterprise and web security expertise

Key Takeaways
Security is a trade off
Use the same tools in the cloud
VPN, Firewall, Encrypt…Detect and Backup
Look for solutions from your provider
Check your service agreement

References
Twenty Rules for Amazon Cloud Security (George Reese, O’Reilly)
Three tools to help you configure iptables (Chris Lynch, Linux.com)
Disk Encryption Tools for Linux
(Justin Krelc and Ed Tittel, All about Linux)
VPN labs
Amazon Security Whitepaper
thank you – omer@vertica.com

Securing Your Data In The Cloud

by otrajman

Accessibility

Categories

Upload Details

Usage Rights

2 Embeds 12

Statistics

Securing Your Data In The Cloud Presentation Transcript

http://www.slideshare.net	8
http://www.linkedin.com	4