0
Securing your Data in the Cloud Omer Trajman Sr. Dir. for Cloud and Virtualization Vertica Systems [email_address]
Something old…Something new <ul><li>Before we jump in what do we mean “ Cloud ?” </li></ul><ul><li>Oh….and what do we mean...
What is….Cloud? <ul><li>What are  Cloud Services? </li></ul><ul><li>Other Peoples’  Software </li></ul><ul><li>What are  C...
Security is a Tradeoff <ul><li>“ Security costs money, but it also costs in time, convenience, capabilities,… ” </li></ul>...
Data Security 101 <ul><li>Confidential and Proprietary </li></ul><ul><li>Secure Communications </li></ul><ul><li>On Disk E...
History of Keeping Secrets <ul><li>Greeks  use coded messages during wartime </li></ul><ul><li>Manuscript for the Decipher...
What do we keep Secure Today? <ul><li>Most Security and Military Information </li></ul><ul><li>Some  Financial Data </li><...
Tools of the Trade <ul><li>Key Algorithms </li></ul><ul><ul><li>AES, Blowfish, RSA, DH </li></ul></ul><ul><li>Encryption i...
Securing the Cloud <ul><li>Create a  VPN </li></ul><ul><li>Firewall  the host </li></ul><ul><li>Encrypt  the disk </li></u...
Virtual Private Network <ul><li>Why </li></ul><ul><ul><li>Secure communication between your enterprise and cloud infrastru...
Virtual Private Network <ul><li>How </li></ul><ul><ul><li>VPN Server in your enterprise </li></ul></ul><ul><ul><li>Cloud m...
<ul><li>Why </li></ul><ul><ul><li>Guard against intrusion, enforce network policies </li></ul></ul><ul><li>What </li></ul>...
Firewall <ul><li>How </li></ul><ul><ul><li>For IaaS there is an API (e.g. Amazon EC2 groups) that controls network access ...
Encryption <ul><li>Why </li></ul><ul><ul><li>Prevent malicious or accidental data leaks </li></ul></ul><ul><li>What </li><...
Encryption <ul><li>How </li></ul><ul><ul><li>DIY – install an encrypted volume on the host </li></ul></ul><ul><ul><li>May ...
What about Securing Resources? <ul><li>Don’t use passwords (use public/private keys) </li></ul><ul><li>Open minimal ports ...
Future Developments <ul><li>Cloud offerings are  constantly changing </li></ul><ul><li>Management as a Service  providers ...
Key Takeaways <ul><li>Security is a trade off </li></ul><ul><li>Use the same tools in the cloud </li></ul><ul><li>VPN, Fir...
References <ul><li>Twenty Rules for Amazon Cloud Security (George Reese, O’Reilly) </li></ul><ul><li>Three tools to help y...
Upcoming SlideShare
Loading in...5
×

Securing Your Data In The Cloud

1,362

Published on

Introduction to data security in the cloud.

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • Have you updated this? Nice overview whether you did or not.

    Any insight on fourth Amendment issues w/ government entities accessing your data since you stored it on a 3rd-party's equipment?
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
1,362
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
82
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Securing Your Data In The Cloud"

  1. 1. Securing your Data in the Cloud Omer Trajman Sr. Dir. for Cloud and Virtualization Vertica Systems [email_address]
  2. 2. Something old…Something new <ul><li>Before we jump in what do we mean “ Cloud ?” </li></ul><ul><li>Oh….and what do we mean “ securing ?” </li></ul><ul><li>Plus ça change… </li></ul><ul><li>Tools of the trade </li></ul><ul><li>Key takeaways </li></ul>
  3. 3. What is….Cloud? <ul><li>What are Cloud Services? </li></ul><ul><li>Other Peoples’ Software </li></ul><ul><li>What are Cloud Platforms? </li></ul><ul><li>Other Peoples’ Frameworks </li></ul><ul><li>What is Cloud Infrastructure? </li></ul><ul><li>Other Peoples’ Hardware </li></ul>
  4. 4. Security is a Tradeoff <ul><li>“ Security costs money, but it also costs in time, convenience, capabilities,… ” </li></ul><ul><li>-Bruce Schneier </li></ul><ul><li>Assess how important it is to secure your data </li></ul><ul><li>What are the risks with in-house and cloud? </li></ul><ul><li>Why not keep it under your mattress ? </li></ul>
  5. 5. Data Security 101 <ul><li>Confidential and Proprietary </li></ul><ul><li>Secure Communications </li></ul><ul><li>On Disk Encryption </li></ul><ul><li>Private Key Cryptography </li></ul><ul><li>Timeliness of Data </li></ul>
  6. 6. History of Keeping Secrets <ul><li>Greeks use coded messages during wartime </li></ul><ul><li>Manuscript for the Deciphering Cryptographic Messages was written circa 800 AD </li></ul><ul><li>Computer Science was nurtured during the World Wars to keep communications secure </li></ul><ul><li>In 1970 IBM invented DES for the NIST to support secure financial transactions </li></ul><ul><li>In 1976 Diffie and Hellman introduced asymmetric key exchange </li></ul>
  7. 7. What do we keep Secure Today? <ul><li>Most Security and Military Information </li></ul><ul><li>Some Financial Data </li></ul><ul><li>Some Personal Information </li></ul><ul><li>Some Business Information </li></ul>
  8. 8. Tools of the Trade <ul><li>Key Algorithms </li></ul><ul><ul><li>AES, Blowfish, RSA, DH </li></ul></ul><ul><li>Encryption in Place </li></ul><ul><ul><li>PGP, FileVault, Firmware </li></ul></ul><ul><li>Secure Transmission </li></ul><ul><ul><li>SSL, VPN, SSH </li></ul></ul><ul><li>Firewalls </li></ul><ul><ul><li>Comes with your OS </li></ul></ul>
  9. 9. Securing the Cloud <ul><li>Create a VPN </li></ul><ul><li>Firewall the host </li></ul><ul><li>Encrypt the disk </li></ul><ul><li>Consider where to keep sensitive data </li></ul>
  10. 10. Virtual Private Network <ul><li>Why </li></ul><ul><ul><li>Secure communication between your enterprise and cloud infrastructure </li></ul></ul><ul><li>What </li></ul><ul><ul><li>OpenVPN, Checkpoint, Cisco, CohesiveFT </li></ul></ul>VPN
  11. 11. Virtual Private Network <ul><li>How </li></ul><ul><ul><li>VPN Server in your enterprise </li></ul></ul><ul><ul><li>Cloud machine configure to connect over VPN to a server in your enterprise </li></ul></ul><ul><ul><li>Client keys deployed to cloud machines </li></ul></ul><ul><li>Challenges </li></ul><ul><ul><li>Provisioning VPN client software </li></ul></ul><ul><ul><li>Key management for Cloud machines </li></ul></ul><ul><ul><li>Failover if Cloud machines fail </li></ul></ul>
  12. 12. <ul><li>Why </li></ul><ul><ul><li>Guard against intrusion, enforce network policies </li></ul></ul><ul><li>What </li></ul><ul><ul><li>IaaS provided, OS Built-in, Checkpoint </li></ul></ul>Firewall VPN
  13. 13. Firewall <ul><li>How </li></ul><ul><ul><li>For IaaS there is an API (e.g. Amazon EC2 groups) that controls network access </li></ul></ul><ul><ul><li>Linux Firewall or iptables configuration </li></ul></ul><ul><li>Challenges </li></ul><ul><ul><li>Complex port requirements (e.g. ssh internally and https externally) </li></ul></ul><ul><ul><li>Subtleties in configuration files can lead to a susceptible host </li></ul></ul>
  14. 14. Encryption <ul><li>Why </li></ul><ul><ul><li>Prevent malicious or accidental data leaks </li></ul></ul><ul><li>What </li></ul><ul><ul><li>Truecrypt, Encfs, CryptoFS, NTFS Encryption </li></ul></ul>1, Jonathan 2, Susan 3, David 03Wea91ab05841fe1oFVDxa2x99G
  15. 15. Encryption <ul><li>How </li></ul><ul><ul><li>DIY – install an encrypted volume on the host </li></ul></ul><ul><ul><li>May come as an IaaS option </li></ul></ul><ul><li>Challenges </li></ul><ul><ul><li>Key management </li></ul></ul><ul><ul><li>Complicates host setup </li></ul></ul><ul><ul><li>Incremental backup/recovery </li></ul></ul>
  16. 16. What about Securing Resources? <ul><li>Don’t use passwords (use public/private keys) </li></ul><ul><li>Open minimal ports (use dedicated servers) </li></ul><ul><li>Monitor your system (tripwire, OSSEC) </li></ul><ul><li>Use configuration tools (FireHOL, Bastille) </li></ul><ul><li>Keep Backups (and keep them secure) </li></ul>Client Server Data
  17. 17. Future Developments <ul><li>Cloud offerings are constantly changing </li></ul><ul><li>Management as a Service providers will facilitate setup configurations </li></ul><ul><li>Security will become an integrated offering </li></ul><ul><li>Best practices for Cloud security are growing out of enterprise and web security expertise </li></ul>
  18. 18. Key Takeaways <ul><li>Security is a trade off </li></ul><ul><li>Use the same tools in the cloud </li></ul><ul><li>VPN, Firewall, Encrypt…Detect and Backup </li></ul><ul><li>Look for solutions from your provider </li></ul><ul><li>Check your service agreement </li></ul>
  19. 19. References <ul><li>Twenty Rules for Amazon Cloud Security (George Reese, O’Reilly) </li></ul><ul><li>Three tools to help you configure iptables (Chris Lynch, Linux.com) </li></ul><ul><li>Disk Encryption Tools for Linux </li></ul><ul><li>(Justin Krelc and Ed Tittel, All about Linux) </li></ul><ul><li>VPN labs </li></ul><ul><li>Amazon Security Whitepaper </li></ul><ul><li>thank you – omer@vertica.com </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×