Cloud Computing
Security
by Vitor Domingos
intrepid and professional basher
http://vitordomingos.com

* as seen on regular weather channel

Cloud Computing is ?
- Network as a “cloud”
- Network is the computer (SUN moto)
- TCP/IP abstraction (1st cloud)
- www data abstraction (2nd cloud)
- Virtualization (3rd cloud)
Bottom line:
- Virtualization done right, with webservices

Cloud Computing is !
- on-demand self-service
- ubiquitous network access
- location independent resource pooling
- rapid elasticity
- measured service
- pay as you go
- abstract resources

CCaaS
- Software as a Service
- SalesForce
- Platform as a Service
- Google App Engine
- Microsoft Azure
- Infrastructure as a Service
- Rackspace Mosso
- Amazon Web Services

Cloud Computing leverages
- Virtualization
- Multi-Tenancy
- Massive Scale
- Autonomic Computing
- Distributed Environment
- Security Technologies
- Service Oriented

Security in the Cloud

Only the paranoid survive!
- Key issues
trust, trust, multi-tenancy, trust, encryption,
compliance
- Massive complex systems running on functional
units
- Certification & Audit
- Loss of physical control
- Interoperability
- Accountability

please, keep in mind that
- Shared hell:
- Hardware
- Memory
- Disks
- NIC's (Virtual)
- Cache Snooping
- Hypervisor Attacks
- Persistent Root Kits
- Password Cracking
- Broken or stolen key rings / authorization federation
- Never ending logs

Great things do come
- Provisioning
- Rapid reconstitution of services
- Storage fragmented
- Security layers (auth, firewall, logging, …)
- Network and Security perimeters
- Virtual Zoning
- Fault tolerance

Challenges
- Data dispersal and international privacy laws
- Isolation management & Multi-Tenancy
- Certification (SAS 70 Type II audits and ISO 27001)
- Data ownership
- QoS & SLA's garantees
- Secure Hypervisors

Challenges
- Massive outages
- Service bottle necks; DNS as your best friend
- Encryption needs
cloud resources, applications, storage, services
- Disaster recovery and contingency plans
- If you have it on Auto mode, you won't see it coming
- Honey for hackers

ToDo
- Network with VPN and VLAN's
- SLA's; read the fine prints
- Backup and recover often; Risk assessment
- Log (out of there) as if the world ended tomorrow
- Plan for failure
- YOU secure!!!
- Sandbox, Sandbox, Sandbox

You're not alone
- Security Groups
IBM; SUN; Amazon; ISV
- Cloud Security Alliance (awesome guide!!)
- OpenCloud Manifesto & Amazon Security Paper
- Cloud Computing ML at Google Groups
- Legal Cloud's
- Vivek Kundra, USA CTO, did it, so as Facebook,
New York Times and Nasdaq (on AWS)

Wrap up
- Plan
- Encrypt
- Backup
- Secure
- Audit
- Sandbox (check my last year sapo codebits talk)
- http://codebits.sapo.pt/files/aws_23.pdf
- Trust

mail: vd@prt.sc
?
site: http://vitordomingos.com