SlideShare a Scribd company logo

Building Secure Services in the Cloud

Sumo Logic
Sumo Logic

Learn how employing a combination of automation, integration, and thoughtful system design can allow you to achieve a level of security with cloud-based services that is higher than most legacy in-house services currently provide. Many security professionals are skeptical about cloud-based services and infrastructure. But it's a skepticism we've seen before, when a new computing paradigm encounters a suspicious--if not downright hostile--mindset (data-center-centric) and installed base. In this paper, we will discuss some of the general philosophies and perspectives that will assist anyone who wants to securely leverage the benefits the cloud by using its strengths to overcome issues that have traditionally been labeled as weaknesses.

Technology
1 of 8
Download to read offline
A Sumo Logic White Paper Building Secure Services in the Cloud
305 Main Street Redwood City, CA 94063 Toll-Free 1 855-LOG-SUMO + Int’l 1 650 810 8700 + www.sumologic.com + Many security professionals are skeptical about cloud-based services and infrastructure. But it’s a skepticism we’ve seen before, when a new computing paradigm encounters a suspicious—if not downright hostile—mindset (data-center-centric) and installed base. In this paper we will discuss some of the general philosophies and perspectives that will assist anyone who wants to securely leverage the benefits the cloud by using its strengths to overcome issues that have traditionally been labeled as weaknesses. As with any paradigm shift, cloud computing requires different rules and different logic. Operationally, security organizations need to change their thinking and processes from traditional data-center-centric models to new, more statistical models. For example, we exchange hands-on control over physical hardware with odds over a population of hardware. From a systems administration perspective, we exchange scripts and manual capacity planning and scaling with API calls, triggers, feedback loops and the automatic provisioning and de-provisioning of spot-bid compute resources. And, of course, from a security perspective, we face the challenge of a world that is not under our complete physical control.
305 Main Street Redwood City, CA 94063 Toll-Free 1 855-LOG-SUMO + Int’l 1 650 810 8700 + www.sumologic.com + While many veteran security professionals react to the cloud with suspicion and outright hostility, there are two realities: 1 the cloud is here to stay; and 2 it gives us an extremely powerful new set of tools for securing this environment. When properly leveraged, cloud-based IaaS offers availability benefits beyond what many enterprises can easily achieve on their own. By employing a combination of automation, integration with IaaS provider’s APIs and thoughtful system design you can achieve a level of security that is actually higher than most legacy in-house services currently provide. With a few well-placed API calls you can have a scalable army of hardened, patched, encrypted, scalable and disposable virtual machine resources at your disposal, ready to do your bidding, securely deliver your results and then self-destruct before returning from whence they came. Of course, doing this and leveraging it properly requires a different thought process than we may be accustomed to, but the reward can be well worth the shift in thinking. Design Design Design Defense in depth is traditionally a matter of strict design principles and security policies distributed across a number of departments and areas of expertise. In a system designed for the cloud you have the tools to design, implement and refine your policies, controls and enforcement in a streamlined and centralized fashion. The tools exist to add security at the network layer (with security groups, access management, host-level firewalls and VPNs), at the O/S layer, (with encrypted storage, strict privilege separation, and ruthlessly hardened systems), at the application layer (with the latest updates and thoroughly enforced policies) as part of your design and development cycle, rather than as part of ongoing operational maintenance. There are two realities: 1) the cloud is here to stay; and 2) it gives us an extremely powerful new set of tools for securing this environment.
305 Main Street Redwood City, CA 94063 Toll-Free 1 855-LOG-SUMO + Int’l 1 650 810 8700 + www.sumologic.com + One major advantage to deploying services in the cloud is the freedom to design your network and security measures from the ground up and implement your secure designs in code, which is not subject to the same concerns you have in a physical data center or hosting facility. Legacy compromises, rogue cross-over cables and obsolete equipment and software can all be things of the past. APIs such as those from Amazon Web Services allow you to design an entire network exactly the way you would like it to be implemented and to then recreate that network, complete with firewall rules, the latest security updates, and value-added IaaS tools such as identity and access management. The ability to re-size your storage, memory, bandwidth and compute dynamically or through your release-cycle to suit new designs and business needs removes the final layer of hardware management and multi-factor capacity planning inherent in large home-grown or hosted virtual machine deployments. When you need to re-deploy or re-scale your infrastructure, there is no need to worry about legacy issues that would prevent you from making the types of sweeping changes that look so good on paper. Your paper becomes reality, with no need to move cables, rename hosts, or worry about maximizing the ROI on a piece of equipment that is no longer relevant. Cloud tools allow you to take security management to a new level by enabling you to fully automate your controls and tests. By moving the systems administration away from distributed scripts and systems administrators and into the hands of production-ready code–which can be rigorously reviewed, tested and updated along with the rest of your service–you can achieve a scale and ease of management unthinkable in traditional paradigms. In this new paradigm, you are free to design your system with all of the security controls you could ever want but were probably never able to achieve in a brick-and-mortar data-center or hosting facility. Since your entire infrastructure is ephemeral, the best approach is to automate your deployments leveraging the cloud-based tools that allow you to make the installation, baselining and management of things like file-integrity-checkers trivial, so that all of your virtual machines can have file-integrity software and baselines built in from the ground up. By using APIs to programmatically assign virtual machines to role-based security groups that are well-designed in advance you can scale your network to massive sizes without ever having to worry about firewall rule ordering, optimization or audit as part of your operational cycle. Some IaaS providers allow you to build your own virtual private network of virtual machines according to your own network topology. This affords some advantages in terms of leveraging predictable host-names and allows you to employ an network-layer protections such as Intrusion Prevention Sensors Your paper becomes reality, with no need to move cables, rename hosts, or worry about maximizing the ROI on a piece of equipment that is no longer relevant.
305 Main Street Redwood City, CA 94063 Toll-Free 1 855-LOG-SUMO + Int’l 1 650 810 8700 + www.sumologic.com + (IPS) or Web-Application Firewalls (WAF) that are available as virtual machine appliances or that can run as software on your platform. These additional layers of protection and convenience allow you to leverage some of the successful technologies which were designed within the data-center paradigm and still incorporate these controls into your SDLC and minimize operational cost. With the kind of programmatic flexibility brought to bear by cloud APIs you have the ability to engineer a system with security built in at every level, and the scaling and management of those controls has never been easier. As a result of this transformational new paradigm we have to focus on the design of our security systems and leverage the reliability and automation that cloud providers afford us to operate securely in this new environment. This paper does not attempt to cover every best practice one should employ in order to build secure and scalable systems in the cloud, but we will discuss some of the foundational design principals which will help guide you in your thinking as you design such systems. Defense in Depth. Everything. All the Time. A cloud-based service needs to be thought about holistically, as an integrated system. This system has layers, components, interfaces and interactions, which are all under your control and programmatically scaled to wherever you set the dial. Each of these factors needs to be carefully considered from a security perspective that flows from a centr al design. Data needs to be considered in its three elemental forms: at rest, in motion, and in use. You also need to be able implement and monitor access control across all of the various virtual machines and applications (monitoring applications, third-party applications, development resources). Interfaces and APIs need to be scrubbed as clean as possible and limited to authenticated users and systems. Keys must be stored away from locks… All of the traditional rules need to still apply, but can be executed in new and efficient ways.
305 Main Street Redwood City, CA 94063 Toll-Free 1 855-LOG-SUMO + Int’l 1 650 810 8700 + www.sumologic.com + There are a lot of details, but at the heart of it is the system, with inputs, outputs, storage, memory, and transport. Each of those must be thought of on its own and in combination with the other components it interacts with. It is both that simple and that complicated. Cloud IaaS providers and their partners offer a multitude of mature tools to assist with things like key-management, user management, Access/Authentication/ Audit, load-balancing, caching, messaging, volume management, and much more. Leveraging these tools and interfaces can drastically reduce the engineering effort required to implement and manage your security controls. If you properly leverage your design and automation tools, your security will become fractal, and embedded in every layer of your system as it scales and evolves. All Things Are Possible With Automation Thinking of your entire infrastructure as part of your code-base changes the game completely in terms of what you are able to achieve. There is no longer a gap or disconnect between the operational physical layer and the software that runs on top of it. By simply changing your thinking, machine and network failures are now simply exceptions to be caught and handled by your system. New boxes can brought online in real-time to replace or reinforce your existing fleet, new capacity can be bid on and pu rchased, and your infrastructure can now evolve and support your system because it is part of the system. From a security perspective this coupling enables you to use your infrastructure to adapt automatically. For instance, a service registry can be kept which keeps the IP addresses and ports of all of the registered services in your system and your code can use your cloud provider’s APIs to restrict network communication
305 Main Street Redwood City, CA 94063 Toll-Free 1 855-LOG-SUMO + Int’l 1 650 810 8700 + www.sumologic.com + to only the ip-addresses and ports which are required by the system to function. SSL/TLS services can generate new key-pairs and shared secrets and securely store them on encrypted volumes every time you deploy your service. Host firewalls, host-IDS and integrity-checkers can be configured based on the tags you assign to each virtual instance. All of these measures can be unit-tested and QA’d as part of your Secure Development Life-Cycle (SDLC), allowing you to rapidly develop enhancements in pace with your product. Less is More Simplicity leads to security. Simplicity of design, of interfaces, and of data-flow all help lead to a secure and scalable system. Reduce, Reuse, Recycle Keeping APIs and other interfaces simple, clean and minimal, designing-in code-re-use and centralizing configuration information will help keep your attack-surface to a minimum as well as allow for easier troubleshooting and easier, faster turn-around on any security-related fixes that need to be made. Do the Right Thing Your system has I/O, storage, memory and network underneath it, as well as your software components. Think about every place that information is exchanged, transferred or transformed in your system and make sure you are doing the right thing there. If this is input, sanitize it. If it is storage, network or memory (where possible) encrypt it. If it is output you are feeding back to your customer or another component, sanitize that too. Don’t trust client-side verification, instead enforce everything at every layer. Leave No Trace You can safely use these giant blocks of anonymous pay-by-the-hour compute by leaving a minimal footprint, minimizing your attack surfaces and eliminating the chances that you’ll accidentally leave sensitive data exposed.
305 Main Street Redwood City, CA 94063 Toll-Free 1 855-LOG-SUMO + Int’l 1 650 810 8700 + www.sumologic.com + Default Deny/Whitelist Allow only expected connections. If your front-end web-application needs to accept connections from anyone in the world so be it (but it’s more likely your load balancer does, in which case your web-app instances should only talk to the load-balancers). As part of your infrastructure as software design, you know what needs to talk to what and on what port and under what circumstances, so you should only allow that, everything else is bit-bucketed and alerted on. In software-driven cloud-based deployments, there is no longer any excuse for any other way of doing it. Encrypt It All At rest, in motion, and in use; any data that is ephemeral can be kept on encrypted ephemeral storage and the keys can simply be kept in memory. When the instance dies, the key dies with it. Longer-lived data should be stored away from the keys that secure it. If the data is particularly sensitive, in addition to keeping it encrypted, you can program your system to securely wipe the data using any of the various best-practice protocols for secure data deletion before spinning down the disk and giving it back to the pool. Tools are readily available for installation on your virtual machines, which make this secure data deletion simple and easily automated. Everything Else is Disposable Ephemeral is a powerful concept once you embrace it. Secure and encrypt everything you care about, the rest of your virtual machine fleet can be re-booted, terminated, or sacrificed. It’s Easier Than You Think Abandoning your legacy infrastructure and centralizing your security design and enforcement within your code-base will ultimately allow for greater security at lower human and capital cost. Joan Pepin is an Information Security veteran with 15 years experience in healthcare, manufacturing, defense, ISPs and MSSPs. A recognized expert in security policy and lifecycle management, she is the inventor of SecureWorks’ Anomaly Detection Engine and Event Linking technologies. Joan has achieved noteworthy success in her nine years with the Guardent/VeriSign/Secureworks organization and is now the Director of Security for Sumo Logic. Her specialties include policy management, security metrics, incident response and security thought-leadership: she was a keynote speaker at 2008 Forrester Security Summit and presenter at 2008 Gartner Security Summit CSO Series. © Copyright 2013 Sumo Logic, Inc. All rights reserved. Sumo Logic, Elastic Log Processing, LogReduce, Push Analytics and Big Data for Real-Time IT are trademarks of Sumo Logic, Inc. All other company and product names mentioned herein may be trademarks of their respective owners.

Recommended

BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyHappiest Minds Technologies
 
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)Happiest Minds Technologies
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudRightScale
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
Cloud security (domain11 14)
Cloud security (domain11 14)Cloud security (domain11 14)
Cloud security (domain11 14)Maganathin Veeraragaloo
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)Maganathin Veeraragaloo
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 
Cloud Security Issues 1.04.10
Cloud Security Issues 1.04.10Cloud Security Issues 1.04.10
Cloud Security Issues 1.04.10Rugby7277
 

Recommended

BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyHappiest Minds Technologies
 
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)Happiest Minds Technologies
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudRightScale
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
Cloud security (domain11 14)
Cloud security (domain11 14)Cloud security (domain11 14)
Cloud security (domain11 14)Maganathin Veeraragaloo
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)Maganathin Veeraragaloo
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 
Cloud Security Issues 1.04.10
Cloud Security Issues 1.04.10Cloud Security Issues 1.04.10
Cloud Security Issues 1.04.10Rugby7277
 
Security concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingSecurity concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingClinton DSouza
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloudAzure Group
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)ClubHack
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Project
 
Intel SaaS Security Playbook
Intel SaaS Security PlaybookIntel SaaS Security Playbook
Intel SaaS Security PlaybookIntel IT Center
 
Cloud Security POV_Final (by KM)
Cloud Security POV_Final (by KM)Cloud Security POV_Final (by KM)
Cloud Security POV_Final (by KM)Khiro Mishra
 
Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues Discover Cloud Computing
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 
Mindtree distributed agile journey and guiding principles
Mindtree distributed agile journey and guiding principlesMindtree distributed agile journey and guiding principles
Mindtree distributed agile journey and guiding principlesMindtree Ltd.
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwaribhanu krishna
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...IJIR JOURNALS IJIRUSA
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudCloudHesive
 
Cloud computing
Cloud computingCloud computing
Cloud computingakanksha botke
 
Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud securityDavid De Vos
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale
 
Best Data Center Physical Security using Cloud-Based AI Devices: Gain Total N...
Best Data Center Physical Security using Cloud-Based AI Devices: Gain Total N...Best Data Center Physical Security using Cloud-Based AI Devices: Gain Total N...
Best Data Center Physical Security using Cloud-Based AI Devices: Gain Total N...www.securitysystems.best
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications Array Networks
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportVivek Maurya
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingJim Geovedi
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsASBIS SK
 
Scaling a Start-up DevOps team to 10x while scaling the system 50x
Scaling a Start-up DevOps team to 10x while scaling the system 50x Scaling a Start-up DevOps team to 10x while scaling the system 50x
Scaling a Start-up DevOps team to 10x while scaling the system 50x Stefan Zier
 
Sumo Logic quickStart Webinar June 2016
Sumo Logic quickStart Webinar June 2016Sumo Logic quickStart Webinar June 2016
Sumo Logic quickStart Webinar June 2016Sumo Logic
 

More Related Content

What's hot

Security concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingSecurity concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingClinton DSouza
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloudAzure Group
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)ClubHack
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Project
 
Intel SaaS Security Playbook
Intel SaaS Security PlaybookIntel SaaS Security Playbook
Intel SaaS Security PlaybookIntel IT Center
 
Cloud Security POV_Final (by KM)
Cloud Security POV_Final (by KM)Cloud Security POV_Final (by KM)
Cloud Security POV_Final (by KM)Khiro Mishra
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 
Mindtree distributed agile journey and guiding principles
Mindtree distributed agile journey and guiding principlesMindtree distributed agile journey and guiding principles
Mindtree distributed agile journey and guiding principlesMindtree Ltd.
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwaribhanu krishna
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...IJIR JOURNALS IJIRUSA
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudCloudHesive
 
Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud securityDavid De Vos
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale
 
Best Data Center Physical Security using Cloud-Based AI Devices: Gain Total N...
Best Data Center Physical Security using Cloud-Based AI Devices: Gain Total N...Best Data Center Physical Security using Cloud-Based AI Devices: Gain Total N...
Best Data Center Physical Security using Cloud-Based AI Devices: Gain Total N...www.securitysystems.best
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications Array Networks
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportVivek Maurya
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingJim Geovedi
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsASBIS SK
 

What's hot (20)

Security concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computingSecurity concerns with SaaS layer of cloud computing
Security concerns with SaaS layer of cloud computing
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloud
 
Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)Cloud computing security & forensics (manu)
Cloud computing security & forensics (manu)
 
PRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by DesignPRISMACLOUD Cloud Security and Privacy by Design
PRISMACLOUD Cloud Security and Privacy by Design
 
Intel SaaS Security Playbook
Intel SaaS Security PlaybookIntel SaaS Security Playbook
Intel SaaS Security Playbook
 
Cloud Security POV_Final (by KM)
Cloud Security POV_Final (by KM)Cloud Security POV_Final (by KM)
Cloud Security POV_Final (by KM)
 
Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105
 
Mindtree distributed agile journey and guiding principles
Mindtree distributed agile journey and guiding principlesMindtree distributed agile journey and guiding principles
Mindtree distributed agile journey and guiding principles
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwari
 
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
Ijirsm ashok-kumar-h-problems-and-solutions-infrastructure-as-service-securit...
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud security
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
 
Best Data Center Physical Security using Cloud-Based AI Devices: Gain Total N...
Best Data Center Physical Security using Cloud-Based AI Devices: Gain Total N...Best Data Center Physical Security using Cloud-Based AI Devices: Gain Total N...
Best Data Center Physical Security using Cloud-Based AI Devices: Gain Total N...
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” report
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security Solutions
 

Viewers also liked

Scaling a Start-up DevOps team to 10x while scaling the system 50x
Scaling a Start-up DevOps team to 10x while scaling the system 50x Scaling a Start-up DevOps team to 10x while scaling the system 50x
Scaling a Start-up DevOps team to 10x while scaling the system 50x Stefan Zier
 
Sumo Logic quickStart Webinar June 2016
Sumo Logic quickStart Webinar June 2016Sumo Logic quickStart Webinar June 2016
Sumo Logic quickStart Webinar June 2016Sumo Logic
 
Sumo Logic QuickStart Webinar Sep 2016
Sumo Logic QuickStart Webinar Sep 2016Sumo Logic QuickStart Webinar Sep 2016
Sumo Logic QuickStart Webinar Sep 2016Sumo Logic
 
How to Webinar: Sumo Logic Dashboards
How to Webinar: Sumo Logic DashboardsHow to Webinar: Sumo Logic Dashboards
How to Webinar: Sumo Logic DashboardsSumo Logic
 
Advanced Troubleshooting Techniques for your Application Stack Using MongoDB
Advanced Troubleshooting Techniques for your Application Stack Using MongoDBAdvanced Troubleshooting Techniques for your Application Stack Using MongoDB
Advanced Troubleshooting Techniques for your Application Stack Using MongoDBSumo Logic
 
The Cloud Adoption Challenge
The Cloud Adoption ChallengeThe Cloud Adoption Challenge
The Cloud Adoption ChallengeSumo Logic
 
Harnessing the Power of Big Data for Real-Time IT
Harnessing the Power of Big Data for Real-Time ITHarnessing the Power of Big Data for Real-Time IT
Harnessing the Power of Big Data for Real-Time ITSumo Logic
 
How To Webinar - Sumo Logic API
How To Webinar - Sumo Logic APIHow To Webinar - Sumo Logic API
How To Webinar - Sumo Logic APISumo Logic
 
Sumo Logic "How to" Webinar: Advanced Analytics
Sumo Logic "How to" Webinar: Advanced AnalyticsSumo Logic "How to" Webinar: Advanced Analytics
Sumo Logic "How to" Webinar: Advanced AnalyticsSumo Logic
 
Sumo Logic "How To" Webinar: Apps
Sumo Logic "How To" Webinar: AppsSumo Logic "How To" Webinar: Apps
Sumo Logic "How To" Webinar: AppsSumo Logic
 
Sumo Logic Webinar: Visibility into your Host Metrics
Sumo Logic Webinar: Visibility into your Host MetricsSumo Logic Webinar: Visibility into your Host Metrics
Sumo Logic Webinar: Visibility into your Host MetricsSumo Logic
 
Sumo Logic QuickStart Webinar July 2016
Sumo Logic QuickStart Webinar July 2016Sumo Logic QuickStart Webinar July 2016
Sumo Logic QuickStart Webinar July 2016Sumo Logic
 
Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic QuickStart Webinar Oct 2016Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic QuickStart Webinar Oct 2016Sumo Logic
 
How to Reduce your MTTI/MTTR with a Single Click
How to Reduce your MTTI/MTTR with a Single ClickHow to Reduce your MTTI/MTTR with a Single Click
How to Reduce your MTTI/MTTR with a Single ClickSumo Logic
 
Sumo Logic Quickstart - Nv 2016
Sumo Logic Quickstart - Nv 2016Sumo Logic Quickstart - Nv 2016
Sumo Logic Quickstart - Nv 2016Sumo Logic
 
Sumo Logic: Optimizing Scheduled Searches
Sumo Logic: Optimizing Scheduled SearchesSumo Logic: Optimizing Scheduled Searches
Sumo Logic: Optimizing Scheduled SearchesSumo Logic
 
"How to" Webinar: Sending Data to Sumo Logic
"How to" Webinar: Sending Data to Sumo Logic"How to" Webinar: Sending Data to Sumo Logic
"How to" Webinar: Sending Data to Sumo LogicSumo Logic
 
Sumo Logic - Optimizing Your Search Experience (2016-08-17)
Sumo Logic - Optimizing Your Search Experience (2016-08-17)Sumo Logic - Optimizing Your Search Experience (2016-08-17)
Sumo Logic - Optimizing Your Search Experience (2016-08-17)Sumo Logic
 
How Customer Data Platforms Solve Enough To Be Interesting
How Customer Data Platforms Solve Enough To Be InterestingHow Customer Data Platforms Solve Enough To Be Interesting
How Customer Data Platforms Solve Enough To Be InterestingMarTech Conference
 
How Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and Metrics
How Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and MetricsHow Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and Metrics
How Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and MetricsSumo Logic
 

Viewers also liked (20)

Scaling a Start-up DevOps team to 10x while scaling the system 50x
Scaling a Start-up DevOps team to 10x while scaling the system 50x Scaling a Start-up DevOps team to 10x while scaling the system 50x
Scaling a Start-up DevOps team to 10x while scaling the system 50x
 
Sumo Logic quickStart Webinar June 2016
Sumo Logic quickStart Webinar June 2016Sumo Logic quickStart Webinar June 2016
Sumo Logic quickStart Webinar June 2016
 
Sumo Logic QuickStart Webinar Sep 2016
Sumo Logic QuickStart Webinar Sep 2016Sumo Logic QuickStart Webinar Sep 2016
Sumo Logic QuickStart Webinar Sep 2016
 
How to Webinar: Sumo Logic Dashboards
How to Webinar: Sumo Logic DashboardsHow to Webinar: Sumo Logic Dashboards
How to Webinar: Sumo Logic Dashboards
 
Advanced Troubleshooting Techniques for your Application Stack Using MongoDB
Advanced Troubleshooting Techniques for your Application Stack Using MongoDBAdvanced Troubleshooting Techniques for your Application Stack Using MongoDB
Advanced Troubleshooting Techniques for your Application Stack Using MongoDB
 
The Cloud Adoption Challenge
The Cloud Adoption ChallengeThe Cloud Adoption Challenge
The Cloud Adoption Challenge
 
Harnessing the Power of Big Data for Real-Time IT
Harnessing the Power of Big Data for Real-Time ITHarnessing the Power of Big Data for Real-Time IT
Harnessing the Power of Big Data for Real-Time IT
 
How To Webinar - Sumo Logic API
How To Webinar - Sumo Logic APIHow To Webinar - Sumo Logic API
How To Webinar - Sumo Logic API
 
Sumo Logic "How to" Webinar: Advanced Analytics
Sumo Logic "How to" Webinar: Advanced AnalyticsSumo Logic "How to" Webinar: Advanced Analytics
Sumo Logic "How to" Webinar: Advanced Analytics
 
Sumo Logic "How To" Webinar: Apps
Sumo Logic "How To" Webinar: AppsSumo Logic "How To" Webinar: Apps
Sumo Logic "How To" Webinar: Apps
 
Sumo Logic Webinar: Visibility into your Host Metrics
Sumo Logic Webinar: Visibility into your Host MetricsSumo Logic Webinar: Visibility into your Host Metrics
Sumo Logic Webinar: Visibility into your Host Metrics
 
Sumo Logic QuickStart Webinar July 2016
Sumo Logic QuickStart Webinar July 2016Sumo Logic QuickStart Webinar July 2016
Sumo Logic QuickStart Webinar July 2016
 
Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic QuickStart Webinar Oct 2016Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic QuickStart Webinar Oct 2016
 
How to Reduce your MTTI/MTTR with a Single Click
How to Reduce your MTTI/MTTR with a Single ClickHow to Reduce your MTTI/MTTR with a Single Click
How to Reduce your MTTI/MTTR with a Single Click
 
Sumo Logic Quickstart - Nv 2016
Sumo Logic Quickstart - Nv 2016Sumo Logic Quickstart - Nv 2016
Sumo Logic Quickstart - Nv 2016
 
Sumo Logic: Optimizing Scheduled Searches
Sumo Logic: Optimizing Scheduled SearchesSumo Logic: Optimizing Scheduled Searches
Sumo Logic: Optimizing Scheduled Searches
 
"How to" Webinar: Sending Data to Sumo Logic
"How to" Webinar: Sending Data to Sumo Logic"How to" Webinar: Sending Data to Sumo Logic
"How to" Webinar: Sending Data to Sumo Logic
 
Sumo Logic - Optimizing Your Search Experience (2016-08-17)
Sumo Logic - Optimizing Your Search Experience (2016-08-17)Sumo Logic - Optimizing Your Search Experience (2016-08-17)
Sumo Logic - Optimizing Your Search Experience (2016-08-17)
 
How Customer Data Platforms Solve Enough To Be Interesting
How Customer Data Platforms Solve Enough To Be InterestingHow Customer Data Platforms Solve Enough To Be Interesting
How Customer Data Platforms Solve Enough To Be Interesting
 
How Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and Metrics
How Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and MetricsHow Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and Metrics
How Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and Metrics
 

Similar to Building Secure Services in the Cloud

HOW-CLOUD-IMPLEMENTATION-CAN-ENSURE-MAXIMUM-ROI.pdf
HOW-CLOUD-IMPLEMENTATION-CAN-ENSURE-MAXIMUM-ROI.pdfHOW-CLOUD-IMPLEMENTATION-CAN-ENSURE-MAXIMUM-ROI.pdf
HOW-CLOUD-IMPLEMENTATION-CAN-ENSURE-MAXIMUM-ROI.pdfAgaram Technologies
 
Tools of noc
Tools of nocTools of noc
Tools of nocmunawarul
 
Cloud Ecosystems A Perspective
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspectivejmcdaniel650
 
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in CloudIRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in CloudIRJET Journal
 
Private Cloud Computing - Get the best for your business | Sysfore
Private Cloud Computing - Get the best for your business | SysforePrivate Cloud Computing - Get the best for your business | Sysfore
Private Cloud Computing - Get the best for your business | SysforeSysfore Technologies
 
CIT-382 Cloud Technology
CIT-382 Cloud TechnologyCIT-382 Cloud Technology
CIT-382 Cloud TechnologyLuisDeLeon74
 
Pros And Cons Of Cloud-Based Security Solutions.pptx
Pros And Cons Of Cloud-Based Security Solutions.pptxPros And Cons Of Cloud-Based Security Solutions.pptx
Pros And Cons Of Cloud-Based Security Solutions.pptxMetaorange
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhShah Sheikh
 
Current trends in software engineering
Current trends in software engineeringCurrent trends in software engineering
Current trends in software engineeringbrra51
 
Albara Abdalkhalig
Albara AbdalkhaligAlbara Abdalkhalig
Albara Abdalkhaligbrra51
 
Cloud Security: A Brief Journey through the Revolutionary Technology
Cloud Security: A Brief Journey through the Revolutionary TechnologyCloud Security: A Brief Journey through the Revolutionary Technology
Cloud Security: A Brief Journey through the Revolutionary Technologyrosswilks1
 
Introduction to Cloud computing
Introduction to Cloud computingIntroduction to Cloud computing
Introduction to Cloud computingKumayl Rajani
 
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docxRunning head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docxtodd581
 

Similar to Building Secure Services in the Cloud (20)

HOW-CLOUD-IMPLEMENTATION-CAN-ENSURE-MAXIMUM-ROI.pdf
HOW-CLOUD-IMPLEMENTATION-CAN-ENSURE-MAXIMUM-ROI.pdfHOW-CLOUD-IMPLEMENTATION-CAN-ENSURE-MAXIMUM-ROI.pdf
HOW-CLOUD-IMPLEMENTATION-CAN-ENSURE-MAXIMUM-ROI.pdf
 
Tools of noc
Tools of nocTools of noc
Tools of noc
 
Cloud Ecosystems A Perspective
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspective
 
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in CloudIRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in Cloud
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Private Cloud Computing - Get the best for your business | Sysfore
Private Cloud Computing - Get the best for your business | SysforePrivate Cloud Computing - Get the best for your business | Sysfore
Private Cloud Computing - Get the best for your business | Sysfore
 
Cloud Architect Company in India
Cloud Architect Company in IndiaCloud Architect Company in India
Cloud Architect Company in India
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
 
CIT-382 Cloud Technology
CIT-382 Cloud TechnologyCIT-382 Cloud Technology
CIT-382 Cloud Technology
 
Cloud Architect Company in India
Cloud Architect Company in IndiaCloud Architect Company in India
Cloud Architect Company in India
 
Pros And Cons Of Cloud-Based Security Solutions.pptx
Pros And Cons Of Cloud-Based Security Solutions.pptxPros And Cons Of Cloud-Based Security Solutions.pptx
Pros And Cons Of Cloud-Based Security Solutions.pptx
 
CSEC630 individaul assign
CSEC630 individaul assignCSEC630 individaul assign
CSEC630 individaul assign
 
Cloud monitoring overview
Cloud monitoring overviewCloud monitoring overview
Cloud monitoring overview
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
 
Current trends in software engineering
Current trends in software engineeringCurrent trends in software engineering
Current trends in software engineering
 
Albara Abdalkhalig
Albara AbdalkhaligAlbara Abdalkhalig
Albara Abdalkhalig
 
Cloud Security: A Brief Journey through the Revolutionary Technology
Cloud Security: A Brief Journey through the Revolutionary TechnologyCloud Security: A Brief Journey through the Revolutionary Technology
Cloud Security: A Brief Journey through the Revolutionary Technology
 
Introduction to Cloud computing
Introduction to Cloud computingIntroduction to Cloud computing
Introduction to Cloud computing
 
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docxRunning head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
Running head NETWORK INFRASTRUCTURE AND SECURITY 1NETWOR.docx
 

More from Sumo Logic

Welcome Webinar Slides
Welcome Webinar SlidesWelcome Webinar Slides
Welcome Webinar SlidesSumo Logic
 
Welcome Webinar PDF
Welcome Webinar PDFWelcome Webinar PDF
Welcome Webinar PDFSumo Logic
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic
 
Sumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & ComplianceSumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & ComplianceSumo Logic
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic
 
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic
 
Sumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security AnalyticsSumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security AnalyticsSumo Logic
 
Sumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - AdministrationSumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - AdministrationSumo Logic
 
Sumo Logic Cert Jam - Search Mastery
Sumo Logic Cert Jam - Search MasterySumo Logic Cert Jam - Search Mastery
Sumo Logic Cert Jam - Search MasterySumo Logic
 
Sumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - FundamentalsSumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - FundamentalsSumo Logic
 
Sumo Logic Cert Jam - Fundamentals (Spanish)
Sumo Logic Cert Jam - Fundamentals (Spanish)Sumo Logic Cert Jam - Fundamentals (Spanish)
Sumo Logic Cert Jam - Fundamentals (Spanish)Sumo Logic
 
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Sumo Logic
 
Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018Sumo Logic
 
Level 2 Certification: Using Sumo Logic - Oct 2018
Level 2 Certification: Using Sumo Logic - Oct 2018Level 2 Certification: Using Sumo Logic - Oct 2018
Level 2 Certification: Using Sumo Logic - Oct 2018Sumo Logic
 
Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic Certification - Level 2 (Using Sumo)Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic Certification - Level 2 (Using Sumo)Sumo Logic
 
Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Sumo Logic
 
Sumo Logic QuickStart Webinar - Get Certified
Sumo Logic QuickStart Webinar - Get CertifiedSumo Logic QuickStart Webinar - Get Certified
Sumo Logic QuickStart Webinar - Get CertifiedSumo Logic
 
You Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOpsYou Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOpsSumo Logic
 
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic WebinarMaking the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic WebinarSumo Logic
 

More from Sumo Logic (20)

Welcome Webinar Slides
Welcome Webinar SlidesWelcome Webinar Slides
Welcome Webinar Slides
 
Welcome Webinar PDF
Welcome Webinar PDFWelcome Webinar PDF
Welcome Webinar PDF
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
 
Sumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & ComplianceSumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & Compliance
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
 
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics Mastery
 
Sumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security AnalyticsSumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security Analytics
 
Sumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - AdministrationSumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - Administration
 
Sumo Logic Cert Jam - Search Mastery
Sumo Logic Cert Jam - Search MasterySumo Logic Cert Jam - Search Mastery
Sumo Logic Cert Jam - Search Mastery
 
Sumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - FundamentalsSumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - Fundamentals
 
Sumo Logic Cert Jam - Fundamentals (Spanish)
Sumo Logic Cert Jam - Fundamentals (Spanish)Sumo Logic Cert Jam - Fundamentals (Spanish)
Sumo Logic Cert Jam - Fundamentals (Spanish)
 
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics Mastery
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018
 
Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018
 
Level 2 Certification: Using Sumo Logic - Oct 2018
Level 2 Certification: Using Sumo Logic - Oct 2018Level 2 Certification: Using Sumo Logic - Oct 2018
Level 2 Certification: Using Sumo Logic - Oct 2018
 
Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic Certification - Level 2 (Using Sumo)Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic Certification - Level 2 (Using Sumo)
 
Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018
 
Sumo Logic QuickStart Webinar - Get Certified
Sumo Logic QuickStart Webinar - Get CertifiedSumo Logic QuickStart Webinar - Get Certified
Sumo Logic QuickStart Webinar - Get Certified
 
You Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOpsYou Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOps
 
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic WebinarMaking the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
 

Recently uploaded

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 

Recently uploaded (20)

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 

Building Secure Services in the Cloud

  • 1. A Sumo Logic White Paper Building Secure Services in the Cloud
  • 2. 305 Main Street Redwood City, CA 94063 Toll-Free 1 855-LOG-SUMO + Int’l 1 650 810 8700 + www.sumologic.com + Many security professionals are skeptical about cloud-based services and infrastructure. But it’s a skepticism we’ve seen before, when a new computing paradigm encounters a suspicious—if not downright hostile—mindset (data-center-centric) and installed base. In this paper we will discuss some of the general philosophies and perspectives that will assist anyone who wants to securely leverage the benefits the cloud by using its strengths to overcome issues that have traditionally been labeled as weaknesses. As with any paradigm shift, cloud computing requires different rules and different logic. Operationally, security organizations need to change their thinking and processes from traditional data-center-centric models to new, more statistical models. For example, we exchange hands-on control over physical hardware with odds over a population of hardware. From a systems administration perspective, we exchange scripts and manual capacity planning and scaling with API calls, triggers, feedback loops and the automatic provisioning and de-provisioning of spot-bid compute resources. And, of course, from a security perspective, we face the challenge of a world that is not under our complete physical control.
  • 3. 305 Main Street Redwood City, CA 94063 Toll-Free 1 855-LOG-SUMO + Int’l 1 650 810 8700 + www.sumologic.com + While many veteran security professionals react to the cloud with suspicion and outright hostility, there are two realities: 1 the cloud is here to stay; and 2 it gives us an extremely powerful new set of tools for securing this environment. When properly leveraged, cloud-based IaaS offers availability benefits beyond what many enterprises can easily achieve on their own. By employing a combination of automation, integration with IaaS provider’s APIs and thoughtful system design you can achieve a level of security that is actually higher than most legacy in-house services currently provide. With a few well-placed API calls you can have a scalable army of hardened, patched, encrypted, scalable and disposable virtual machine resources at your disposal, ready to do your bidding, securely deliver your results and then self-destruct before returning from whence they came. Of course, doing this and leveraging it properly requires a different thought process than we may be accustomed to, but the reward can be well worth the shift in thinking. Design Design Design Defense in depth is traditionally a matter of strict design principles and security policies distributed across a number of departments and areas of expertise. In a system designed for the cloud you have the tools to design, implement and refine your policies, controls and enforcement in a streamlined and centralized fashion. The tools exist to add security at the network layer (with security groups, access management, host-level firewalls and VPNs), at the O/S layer, (with encrypted storage, strict privilege separation, and ruthlessly hardened systems), at the application layer (with the latest updates and thoroughly enforced policies) as part of your design and development cycle, rather than as part of ongoing operational maintenance. There are two realities: 1) the cloud is here to stay; and 2) it gives us an extremely powerful new set of tools for securing this environment.
  • 4. 305 Main Street Redwood City, CA 94063 Toll-Free 1 855-LOG-SUMO + Int’l 1 650 810 8700 + www.sumologic.com + One major advantage to deploying services in the cloud is the freedom to design your network and security measures from the ground up and implement your secure designs in code, which is not subject to the same concerns you have in a physical data center or hosting facility. Legacy compromises, rogue cross-over cables and obsolete equipment and software can all be things of the past. APIs such as those from Amazon Web Services allow you to design an entire network exactly the way you would like it to be implemented and to then recreate that network, complete with firewall rules, the latest security updates, and value-added IaaS tools such as identity and access management. The ability to re-size your storage, memory, bandwidth and compute dynamically or through your release-cycle to suit new designs and business needs removes the final layer of hardware management and multi-factor capacity planning inherent in large home-grown or hosted virtual machine deployments. When you need to re-deploy or re-scale your infrastructure, there is no need to worry about legacy issues that would prevent you from making the types of sweeping changes that look so good on paper. Your paper becomes reality, with no need to move cables, rename hosts, or worry about maximizing the ROI on a piece of equipment that is no longer relevant. Cloud tools allow you to take security management to a new level by enabling you to fully automate your controls and tests. By moving the systems administration away from distributed scripts and systems administrators and into the hands of production-ready code–which can be rigorously reviewed, tested and updated along with the rest of your service–you can achieve a scale and ease of management unthinkable in traditional paradigms. In this new paradigm, you are free to design your system with all of the security controls you could ever want but were probably never able to achieve in a brick-and-mortar data-center or hosting facility. Since your entire infrastructure is ephemeral, the best approach is to automate your deployments leveraging the cloud-based tools that allow you to make the installation, baselining and management of things like file-integrity-checkers trivial, so that all of your virtual machines can have file-integrity software and baselines built in from the ground up. By using APIs to programmatically assign virtual machines to role-based security groups that are well-designed in advance you can scale your network to massive sizes without ever having to worry about firewall rule ordering, optimization or audit as part of your operational cycle. Some IaaS providers allow you to build your own virtual private network of virtual machines according to your own network topology. This affords some advantages in terms of leveraging predictable host-names and allows you to employ an network-layer protections such as Intrusion Prevention Sensors Your paper becomes reality, with no need to move cables, rename hosts, or worry about maximizing the ROI on a piece of equipment that is no longer relevant.
  • 5. 305 Main Street Redwood City, CA 94063 Toll-Free 1 855-LOG-SUMO + Int’l 1 650 810 8700 + www.sumologic.com + (IPS) or Web-Application Firewalls (WAF) that are available as virtual machine appliances or that can run as software on your platform. These additional layers of protection and convenience allow you to leverage some of the successful technologies which were designed within the data-center paradigm and still incorporate these controls into your SDLC and minimize operational cost. With the kind of programmatic flexibility brought to bear by cloud APIs you have the ability to engineer a system with security built in at every level, and the scaling and management of those controls has never been easier. As a result of this transformational new paradigm we have to focus on the design of our security systems and leverage the reliability and automation that cloud providers afford us to operate securely in this new environment. This paper does not attempt to cover every best practice one should employ in order to build secure and scalable systems in the cloud, but we will discuss some of the foundational design principals which will help guide you in your thinking as you design such systems. Defense in Depth. Everything. All the Time. A cloud-based service needs to be thought about holistically, as an integrated system. This system has layers, components, interfaces and interactions, which are all under your control and programmatically scaled to wherever you set the dial. Each of these factors needs to be carefully considered from a security perspective that flows from a centr al design. Data needs to be considered in its three elemental forms: at rest, in motion, and in use. You also need to be able implement and monitor access control across all of the various virtual machines and applications (monitoring applications, third-party applications, development resources). Interfaces and APIs need to be scrubbed as clean as possible and limited to authenticated users and systems. Keys must be stored away from locks… All of the traditional rules need to still apply, but can be executed in new and efficient ways.
  • 6. 305 Main Street Redwood City, CA 94063 Toll-Free 1 855-LOG-SUMO + Int’l 1 650 810 8700 + www.sumologic.com + There are a lot of details, but at the heart of it is the system, with inputs, outputs, storage, memory, and transport. Each of those must be thought of on its own and in combination with the other components it interacts with. It is both that simple and that complicated. Cloud IaaS providers and their partners offer a multitude of mature tools to assist with things like key-management, user management, Access/Authentication/ Audit, load-balancing, caching, messaging, volume management, and much more. Leveraging these tools and interfaces can drastically reduce the engineering effort required to implement and manage your security controls. If you properly leverage your design and automation tools, your security will become fractal, and embedded in every layer of your system as it scales and evolves. All Things Are Possible With Automation Thinking of your entire infrastructure as part of your code-base changes the game completely in terms of what you are able to achieve. There is no longer a gap or disconnect between the operational physical layer and the software that runs on top of it. By simply changing your thinking, machine and network failures are now simply exceptions to be caught and handled by your system. New boxes can brought online in real-time to replace or reinforce your existing fleet, new capacity can be bid on and pu rchased, and your infrastructure can now evolve and support your system because it is part of the system. From a security perspective this coupling enables you to use your infrastructure to adapt automatically. For instance, a service registry can be kept which keeps the IP addresses and ports of all of the registered services in your system and your code can use your cloud provider’s APIs to restrict network communication
  • 7. 305 Main Street Redwood City, CA 94063 Toll-Free 1 855-LOG-SUMO + Int’l 1 650 810 8700 + www.sumologic.com + to only the ip-addresses and ports which are required by the system to function. SSL/TLS services can generate new key-pairs and shared secrets and securely store them on encrypted volumes every time you deploy your service. Host firewalls, host-IDS and integrity-checkers can be configured based on the tags you assign to each virtual instance. All of these measures can be unit-tested and QA’d as part of your Secure Development Life-Cycle (SDLC), allowing you to rapidly develop enhancements in pace with your product. Less is More Simplicity leads to security. Simplicity of design, of interfaces, and of data-flow all help lead to a secure and scalable system. Reduce, Reuse, Recycle Keeping APIs and other interfaces simple, clean and minimal, designing-in code-re-use and centralizing configuration information will help keep your attack-surface to a minimum as well as allow for easier troubleshooting and easier, faster turn-around on any security-related fixes that need to be made. Do the Right Thing Your system has I/O, storage, memory and network underneath it, as well as your software components. Think about every place that information is exchanged, transferred or transformed in your system and make sure you are doing the right thing there. If this is input, sanitize it. If it is storage, network or memory (where possible) encrypt it. If it is output you are feeding back to your customer or another component, sanitize that too. Don’t trust client-side verification, instead enforce everything at every layer. Leave No Trace You can safely use these giant blocks of anonymous pay-by-the-hour compute by leaving a minimal footprint, minimizing your attack surfaces and eliminating the chances that you’ll accidentally leave sensitive data exposed.
  • 8. 305 Main Street Redwood City, CA 94063 Toll-Free 1 855-LOG-SUMO + Int’l 1 650 810 8700 + www.sumologic.com + Default Deny/Whitelist Allow only expected connections. If your front-end web-application needs to accept connections from anyone in the world so be it (but it’s more likely your load balancer does, in which case your web-app instances should only talk to the load-balancers). As part of your infrastructure as software design, you know what needs to talk to what and on what port and under what circumstances, so you should only allow that, everything else is bit-bucketed and alerted on. In software-driven cloud-based deployments, there is no longer any excuse for any other way of doing it. Encrypt It All At rest, in motion, and in use; any data that is ephemeral can be kept on encrypted ephemeral storage and the keys can simply be kept in memory. When the instance dies, the key dies with it. Longer-lived data should be stored away from the keys that secure it. If the data is particularly sensitive, in addition to keeping it encrypted, you can program your system to securely wipe the data using any of the various best-practice protocols for secure data deletion before spinning down the disk and giving it back to the pool. Tools are readily available for installation on your virtual machines, which make this secure data deletion simple and easily automated. Everything Else is Disposable Ephemeral is a powerful concept once you embrace it. Secure and encrypt everything you care about, the rest of your virtual machine fleet can be re-booted, terminated, or sacrificed. It’s Easier Than You Think Abandoning your legacy infrastructure and centralizing your security design and enforcement within your code-base will ultimately allow for greater security at lower human and capital cost. Joan Pepin is an Information Security veteran with 15 years experience in healthcare, manufacturing, defense, ISPs and MSSPs. A recognized expert in security policy and lifecycle management, she is the inventor of SecureWorks’ Anomaly Detection Engine and Event Linking technologies. Joan has achieved noteworthy success in her nine years with the Guardent/VeriSign/Secureworks organization and is now the Director of Security for Sumo Logic. Her specialties include policy management, security metrics, incident response and security thought-leadership: she was a keynote speaker at 2008 Forrester Security Summit and presenter at 2008 Gartner Security Summit CSO Series. © Copyright 2013 Sumo Logic, Inc. All rights reserved. Sumo Logic, Elastic Log Processing, LogReduce, Push Analytics and Big Data for Real-Time IT are trademarks of Sumo Logic, Inc. All other company and product names mentioned herein may be trademarks of their respective owners.