Cloud Computing
    Security


            by Vitor Domingos
 intrepid and professional basher
         http://vitordoming...
* as seen on regular weather channel
Cloud Computing is ?
- Network as a “cloud”

- Network is the computer (SUN moto)

- TCP/IP abstraction (1st cloud)

- www...
Cloud Computing is !
- on-demand self-service

- ubiquitous network access

- location independent resource pooling

- rap...
CCaaS
- Software as a Service

   - SalesForce

- Platform as a Service

   - Google App Engine
   - Microsoft Azure

- In...
Cloud Computing leverages
- Virtualization

- Multi-Tenancy

- Massive Scale

- Autonomic Computing

- Distributed Environ...
Security in the Cloud
Only the paranoid survive!
- Key issues
   trust, trust, multi-tenancy, trust, encryption,
   compliance

- Massive comple...
please, keep in mind that
- Shared hell:
   - Hardware
   - Memory
   - Disks
   - NIC's (Virtual)

- Cache Snooping
- Hyp...
Great things do come
- Provisioning

- Rapid reconstitution of services

- Storage fragmented

- Security layers (auth, fi...
Challenges
- Data dispersal and international privacy laws

- Isolation management & Multi-Tenancy

- Certification (SAS 7...
Challenges
- Massive outages

- Service bottle necks; DNS as your best friend

- Encryption needs
   cloud resources, appl...
ToDo
- Network with VPN and VLAN's

- SLA's; read the fine prints

- Backup and recover often; Risk assessment

- Log (out...
You're not alone
- Security Groups
   IBM; SUN; Amazon; ISV

- Cloud Security Alliance (awesome guide!!)

- OpenCloud Mani...
Wrap up
- Plan

- Encrypt

- Backup

- Secure

- Audit

- Sandbox (check my last year sapo codebits talk)
   - http://code...
mail: vd@prt.sc
                    ?
site: http://vitordomingos.com
Confraria Security 17 June - Cloud Security
Confraria Security 17 June - Cloud Security
Confraria Security 17 June - Cloud Security
Confraria Security 17 June - Cloud Security
Confraria Security 17 June - Cloud Security
Upcoming SlideShare
Loading in...5
×

Confraria Security 17 June - Cloud Security

1,206

Published on

Cloud Computing Security in Confraria Security & IT, 3rd meeting in Lisbon

Published in: Technology
0 Comments
8 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,206
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
215
Comments
0
Likes
8
Embeds 0
No embeds

No notes for slide

Confraria Security 17 June - Cloud Security

  1. 1. Cloud Computing Security by Vitor Domingos intrepid and professional basher http://vitordomingos.com
  2. 2. * as seen on regular weather channel
  3. 3. Cloud Computing is ? - Network as a “cloud” - Network is the computer (SUN moto) - TCP/IP abstraction (1st cloud) - www data abstraction (2nd cloud) - Virtualization (3rd cloud) Bottom line: - Virtualization done right, with webservices
  4. 4. Cloud Computing is ! - on-demand self-service - ubiquitous network access - location independent resource pooling - rapid elasticity - measured service - pay as you go - abstract resources
  5. 5. CCaaS - Software as a Service - SalesForce - Platform as a Service - Google App Engine - Microsoft Azure - Infrastructure as a Service - Rackspace Mosso - Amazon Web Services
  6. 6. Cloud Computing leverages - Virtualization - Multi-Tenancy - Massive Scale - Autonomic Computing - Distributed Environment - Security Technologies - Service Oriented
  7. 7. Security in the Cloud
  8. 8. Only the paranoid survive! - Key issues trust, trust, multi-tenancy, trust, encryption, compliance - Massive complex systems running on functional units - Certification & Audit - Loss of physical control - Interoperability - Accountability
  9. 9. please, keep in mind that - Shared hell: - Hardware - Memory - Disks - NIC's (Virtual) - Cache Snooping - Hypervisor Attacks - Persistent Root Kits - Password Cracking - Broken or stolen key rings / authorization federation - Never ending logs
  10. 10. Great things do come - Provisioning - Rapid reconstitution of services - Storage fragmented - Security layers (auth, firewall, logging, …) - Network and Security perimeters - Virtual Zoning - Fault tolerance
  11. 11. Challenges - Data dispersal and international privacy laws - Isolation management & Multi-Tenancy - Certification (SAS 70 Type II audits and ISO 27001) - Data ownership - QoS & SLA's garantees - Secure Hypervisors
  12. 12. Challenges - Massive outages - Service bottle necks; DNS as your best friend - Encryption needs cloud resources, applications, storage, services - Disaster recovery and contingency plans - If you have it on Auto mode, you won't see it coming - Honey for hackers
  13. 13. ToDo - Network with VPN and VLAN's - SLA's; read the fine prints - Backup and recover often; Risk assessment - Log (out of there) as if the world ended tomorrow - Plan for failure - YOU secure!!! - Sandbox, Sandbox, Sandbox
  14. 14. You're not alone - Security Groups IBM; SUN; Amazon; ISV - Cloud Security Alliance (awesome guide!!) - OpenCloud Manifesto & Amazon Security Paper - Cloud Computing ML at Google Groups - Legal Cloud's - Vivek Kundra, USA CTO, did it, so as Facebook, New York Times and Nasdaq (on AWS)
  15. 15. Wrap up - Plan - Encrypt - Backup - Secure - Audit - Sandbox (check my last year sapo codebits talk) - http://codebits.sapo.pt/files/aws_23.pdf - Trust
  16. 16. mail: vd@prt.sc ? site: http://vitordomingos.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×