Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

What Everyone Ought To Know About Cloud Security

21,644 views

Published on

I gave this presentation at RSA Europe 2009.

Published in: Technology
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

What Everyone Ought To Know About Cloud Security

  1. 1. What Everyone Ought To Know About Cloud Security Craig Balding cloudsecurity.org 20/10/09 | Session ID: BUS-106 Classification: Intermediate
  2. 2. Agenda Decomposing Cloud Objectives Understand Implementations Applying Security
  3. 3. Objectives
  4. 4. Objectives <ul><li>Define ‘Cloud’ </li></ul><ul><li>Explore Cloud Attributes </li></ul><ul><li>Understand the 3 Layer Cloud Model </li></ul><ul><li>Link Security Controls to Layer </li></ul><ul><li>Explore Cloud Deployment Types </li></ul><ul><li>Public, Private & Virtual Private Security </li></ul><ul><li>Examine Key Cloud Security Controls </li></ul>
  5. 5. Cloud is the New Pink
  6. 6. Who Said This? &quot;We will make cloud computing announcements, because if orange is the new pink, we'll make orange blouses&quot;
  7. 7. Larry Ellison, CEO
  8. 8. Cloud vs. Grid Google Trends
  9. 9. Actions Speak Louder…
  10. 10. BUT Cloud != Virtualization
  11. 11. “ ABSTRACTION !”
  12. 12. Defining Cloud “… the market seems to have come to the conclusion that cloud computing has a lot in common with obscenity--you may not be able to define it, but you'll know it when you see it” James Urquhart – The Wisdom of Clouds
  13. 13. Decomposing Cloud
  14. 14. Smells Like Cloud <ul><li>Abstraction of Resources </li></ul><ul><li>On Demand </li></ul><ul><li>Elastic </li></ul><ul><li>Scalable </li></ul><ul><li>API </li></ul><ul><li>as a Service (aaS) </li></ul>
  15. 15. Cloud Layers Jericho Forum
  16. 16. Cloud Security?
  17. 17. Cloud Deployments
  18. 18. Cloud Cube Model Jericho Forum
  19. 19. Public Cloud: MS Azure
  20. 20. Public Cloud: Amazon Web Services
  21. 21. Public Cloud: force.com
  22. 22. Virtual Private Cloud
  23. 23. Private Cloud
  24. 24. Key Cloud Security Controls
  25. 25. How Much Time Do We Have? 80 pages
  26. 26. Recap: Risk Mitigation Must Cover… <ul><li>Abstraction of Resources </li></ul><ul><li>On Demand </li></ul><ul><li>Elastic </li></ul><ul><li>Scalable </li></ul><ul><li>API </li></ul><ul><li>as a Service (aaS) </li></ul>
  27. 27. It’s all about Workloads…
  28. 28. … and Providers!
  29. 29. SSL/TLS Is Not The Cure-All
  30. 30. … nor is Hiding Behind Contracts
  31. 31. Cloud Technology Concerns <ul><li>Compute: Hypervisors </li></ul><ul><li>Software Platform Maturity </li></ul><ul><li>Network: VPN, Intercloud </li></ul><ul><li>Distributed Storage </li></ul><ul><li>Federation </li></ul><ul><li>API Security </li></ul><ul><li>Billing </li></ul>
  32. 32. The Hypervisor
  33. 33. Cloud Platform Maturity
  34. 34. InterCloud VPN
  35. 35. Eventually Consistent
  36. 36. Identity / Federation
  37. 37. API Security
  38. 38. Non-Technology Concerns <ul><li>Billing </li></ul><ul><li>Change Control </li></ul><ul><li>ToS/SLA </li></ul><ul><li>Legal </li></ul><ul><li>Audits </li></ul><ul><li>Visibility </li></ul>
  39. 39. Billing
  40. 40. Change Control “… someone once likened the process of upgrading our core websearch infrastructure to “ changing the tires on a car while you’re going at 60 down the freeway. ” Urs Holzle – SVP Operations, Google
  41. 41. ToS & SLA
  42. 42. Legal
  43. 43. Audits The Tour On/off-site “ Certification” Change Control Security Awareness SDLC, Scans/Testing
  44. 44. Visibility Provider actions Admin activity Intrusion Detection A6 Working Group
  45. 45. Short Term Recommendations <ul><li>Implement Detection of Public Cloud Use for Company Business </li></ul><ul><li>Get Involved: business/IT leadership plans around cloud </li></ul><ul><li>Dive Deeper into Cloud Platforms </li></ul><ul><li>Track Cloud Security Alliance, ENISA, NIST </li></ul><ul><li>Try a Cloud Yourself </li></ul>
  46. 46. Further Reading & Contact Cloud & Cloud Security http://cloudsecurity.org/resources Email : [email_address]
  47. 47. Appendix
  48. 48. Cloud Model: Infrastructure (IaaS) Chris Hoff
  49. 49. Cloud Model: Platform (PaaS) Chris Hoff
  50. 50. Cloud Model: Software (SaaS) Chris Hoff

×