Confraria Security 17 June - Cloud Security
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Confraria Security 17 June - Cloud Security

  • 2,418 views
Uploaded on

Cloud Computing Security in Confraria Security & IT, 3rd meeting in Lisbon

Cloud Computing Security in Confraria Security & IT, 3rd meeting in Lisbon

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,418
On Slideshare
2,402
From Embeds
16
Number of Embeds
5

Actions

Shares
Downloads
209
Comments
0
Likes
8

Embeds 16

http://www.linkedin.com 7
http://www.slideshare.net 5
https://www.linkedin.com 2
https://www.mturk.com 1
http://www.lmodules.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Cloud Computing Security by Vitor Domingos intrepid and professional basher http://vitordomingos.com
  • 2. * as seen on regular weather channel
  • 3. Cloud Computing is ? - Network as a “cloud” - Network is the computer (SUN moto) - TCP/IP abstraction (1st cloud) - www data abstraction (2nd cloud) - Virtualization (3rd cloud) Bottom line: - Virtualization done right, with webservices
  • 4. Cloud Computing is ! - on-demand self-service - ubiquitous network access - location independent resource pooling - rapid elasticity - measured service - pay as you go - abstract resources
  • 5. CCaaS - Software as a Service - SalesForce - Platform as a Service - Google App Engine - Microsoft Azure - Infrastructure as a Service - Rackspace Mosso - Amazon Web Services
  • 6. Cloud Computing leverages - Virtualization - Multi-Tenancy - Massive Scale - Autonomic Computing - Distributed Environment - Security Technologies - Service Oriented
  • 7. Security in the Cloud
  • 8. Only the paranoid survive! - Key issues trust, trust, multi-tenancy, trust, encryption, compliance - Massive complex systems running on functional units - Certification & Audit - Loss of physical control - Interoperability - Accountability
  • 9. please, keep in mind that - Shared hell: - Hardware - Memory - Disks - NIC's (Virtual) - Cache Snooping - Hypervisor Attacks - Persistent Root Kits - Password Cracking - Broken or stolen key rings / authorization federation - Never ending logs
  • 10. Great things do come - Provisioning - Rapid reconstitution of services - Storage fragmented - Security layers (auth, firewall, logging, …) - Network and Security perimeters - Virtual Zoning - Fault tolerance
  • 11. Challenges - Data dispersal and international privacy laws - Isolation management & Multi-Tenancy - Certification (SAS 70 Type II audits and ISO 27001) - Data ownership - QoS & SLA's garantees - Secure Hypervisors
  • 12. Challenges - Massive outages - Service bottle necks; DNS as your best friend - Encryption needs cloud resources, applications, storage, services - Disaster recovery and contingency plans - If you have it on Auto mode, you won't see it coming - Honey for hackers
  • 13. ToDo - Network with VPN and VLAN's - SLA's; read the fine prints - Backup and recover often; Risk assessment - Log (out of there) as if the world ended tomorrow - Plan for failure - YOU secure!!! - Sandbox, Sandbox, Sandbox
  • 14. You're not alone - Security Groups IBM; SUN; Amazon; ISV - Cloud Security Alliance (awesome guide!!) - OpenCloud Manifesto & Amazon Security Paper - Cloud Computing ML at Google Groups - Legal Cloud's - Vivek Kundra, USA CTO, did it, so as Facebook, New York Times and Nasdaq (on AWS)
  • 15. Wrap up - Plan - Encrypt - Backup - Secure - Audit - Sandbox (check my last year sapo codebits talk) - http://codebits.sapo.pt/files/aws_23.pdf - Trust
  • 16. mail: vd@prt.sc ? site: http://vitordomingos.com