Confraria Security 17 June - Cloud Security

1,372 views
1,286 views

Published on

Cloud Computing Security in Confraria Security & IT, 3rd meeting in Lisbon

Published in: Technology
0 Comments
8 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,372
On SlideShare
0
From Embeds
0
Number of Embeds
18
Actions
Shares
0
Downloads
215
Comments
0
Likes
8
Embeds 0
No embeds

No notes for slide

Confraria Security 17 June - Cloud Security

  1. 1. Cloud Computing Security by Vitor Domingos intrepid and professional basher http://vitordomingos.com
  2. 2. * as seen on regular weather channel
  3. 3. Cloud Computing is ? - Network as a “cloud” - Network is the computer (SUN moto) - TCP/IP abstraction (1st cloud) - www data abstraction (2nd cloud) - Virtualization (3rd cloud) Bottom line: - Virtualization done right, with webservices
  4. 4. Cloud Computing is ! - on-demand self-service - ubiquitous network access - location independent resource pooling - rapid elasticity - measured service - pay as you go - abstract resources
  5. 5. CCaaS - Software as a Service - SalesForce - Platform as a Service - Google App Engine - Microsoft Azure - Infrastructure as a Service - Rackspace Mosso - Amazon Web Services
  6. 6. Cloud Computing leverages - Virtualization - Multi-Tenancy - Massive Scale - Autonomic Computing - Distributed Environment - Security Technologies - Service Oriented
  7. 7. Security in the Cloud
  8. 8. Only the paranoid survive! - Key issues trust, trust, multi-tenancy, trust, encryption, compliance - Massive complex systems running on functional units - Certification & Audit - Loss of physical control - Interoperability - Accountability
  9. 9. please, keep in mind that - Shared hell: - Hardware - Memory - Disks - NIC's (Virtual) - Cache Snooping - Hypervisor Attacks - Persistent Root Kits - Password Cracking - Broken or stolen key rings / authorization federation - Never ending logs
  10. 10. Great things do come - Provisioning - Rapid reconstitution of services - Storage fragmented - Security layers (auth, firewall, logging, …) - Network and Security perimeters - Virtual Zoning - Fault tolerance
  11. 11. Challenges - Data dispersal and international privacy laws - Isolation management & Multi-Tenancy - Certification (SAS 70 Type II audits and ISO 27001) - Data ownership - QoS & SLA's garantees - Secure Hypervisors
  12. 12. Challenges - Massive outages - Service bottle necks; DNS as your best friend - Encryption needs cloud resources, applications, storage, services - Disaster recovery and contingency plans - If you have it on Auto mode, you won't see it coming - Honey for hackers
  13. 13. ToDo - Network with VPN and VLAN's - SLA's; read the fine prints - Backup and recover often; Risk assessment - Log (out of there) as if the world ended tomorrow - Plan for failure - YOU secure!!! - Sandbox, Sandbox, Sandbox
  14. 14. You're not alone - Security Groups IBM; SUN; Amazon; ISV - Cloud Security Alliance (awesome guide!!) - OpenCloud Manifesto & Amazon Security Paper - Cloud Computing ML at Google Groups - Legal Cloud's - Vivek Kundra, USA CTO, did it, so as Facebook, New York Times and Nasdaq (on AWS)
  15. 15. Wrap up - Plan - Encrypt - Backup - Secure - Audit - Sandbox (check my last year sapo codebits talk) - http://codebits.sapo.pt/files/aws_23.pdf - Trust
  16. 16. mail: vd@prt.sc ? site: http://vitordomingos.com

×