Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cloud Security: Ten Things

7,601 views

Published on

If you're in IT, it's important to understand that your users are fully embracing the cloud. Understanding cloud security including how to utilize API calls safely and securely, the importance of Firewalls (yes, even in the cloud!) as well as ensuring redundancy and availability needs to be kept in the forefront of all cloud deployments. This presentation will help you to talk about cloud security in a non-confrontational way with your users.

Published in: Technology, Business
  • Be the first to comment

Cloud Security: Ten Things

  1. 1. 10 Things Ive LearnedAbout Cloud Security & Other Stuff Bill Mathews (@billford)
  2. 2. Introduction
  3. 3. Introduction• Who Am I?
  4. 4. Introduction• Who Am I?• Why Am I Here?
  5. 5. Introduction• Who Am I?• Why Am I Here?• Why I Care About The Cloud
  6. 6. Introduction• Who Am I?• Why Am I Here?• Why I Care About The Cloud• Why You Should Too
  7. 7. Top 10 Lists
  8. 8. Top 10 Lists • Assumes too much knowledge
  9. 9. Top 10 Lists • Assumes too much knowledge • Makes me turn green with rage
  10. 10. Top 10 Lists • Assumes too much knowledge • Makes me turn green with rage • However it is an easier way to break things down so this is just 10 things Ive learned
  11. 11. Top 10 Lists • Assumes too much knowledge • Makes me turn green with rage • However it is an easier way to break things down so this is just 10 things Ive learned • I wanted to provide a basic framework for discussion
  12. 12. Why Cloud? Why? ^^ Very popular question The #1 reason and really the only one you need is that your users are using it. It doesnt matter what you think, what your feelings are, theyre using it and you better get a grip on it.
  13. 13. Control Panels –A Tale of Two Techs
  14. 14. Control Panels –A Tale of Two Techs • Good / Bad and can be really really ugly
  15. 15. Control Panels –A Tale of Two Techs • Good / Bad and can be really really ugly • Really depends on the provider
  16. 16. Control Panels –A Tale of Two Techs • Good / Bad and can be really really ugly • Really depends on the provider • Can be very granular
  17. 17. Control Panels –A Tale of Two Techs • Good / Bad and can be really really ugly • Really depends on the provider • Can be very granular • Can be very limiting
  18. 18. Uptime/Downtime –Ouch That Hurts
  19. 19. Uptime/Downtime –Ouch That Hurts • This is NOT a problem limited to the cloud
  20. 20. Uptime/Downtime –Ouch That Hurts • This is NOT a problem limited to the cloud • This is a computer problem
  21. 21. Uptime/Downtime –Ouch That Hurts • This is NOT a problem limited to the cloud • This is a computer problem • Budgetary Considerations
  22. 22. Uptime/Downtime –Ouch That Hurts • This is NOT a problem limited to the cloud • This is a computer problem • Budgetary Considerations • Personal Experiences (Oh Amazon, what have you done?)
  23. 23. APIs – The Bars ofThe Cloudy Jail
  24. 24. APIs – The Bars ofThe Cloudy Jail • A brief history of API
  25. 25. APIs – The Bars ofThe Cloudy Jail • A brief history of API • What can an API do for you?
  26. 26. APIs – The Bars ofThe Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them
  27. 27. APIs – The Bars ofThe Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them • Why you should hate them
  28. 28. APIs – The Bars ofThe Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them • Why you should hate them • Why you should strongly distrust them
  29. 29. APIs – The Bars ofThe Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them • Why you should hate them • Why you should strongly distrust them • You should really get to know them though, seriously
  30. 30. Firewalls Are Dead...Long Live Firewalls
  31. 31. Firewalls Are Dead...Long Live Firewalls• Death of firewalls in the cloud
  32. 32. Firewalls Are Dead...Long Live Firewalls• Death of firewalls in the cloud• Rebirth of firewalls in the cloud
  33. 33. Firewalls Are Dead...Long Live Firewalls• Death of firewalls in the cloud• Rebirth of firewalls in the cloud• Benefits
  34. 34. Firewalls Are Dead...Long Live Firewalls• Death of firewalls in the cloud• Rebirth of firewalls in the cloud• Benefits• Pitfalls
  35. 35. Firewalls Are Dead...Long Live Firewalls• Death of firewalls in the cloud• Rebirth of firewalls in the cloud• Benefits• Pitfalls• Cautionary Tales
  36. 36. Redundancy –No The Cloud Isnt Magic
  37. 37. Redundancy –No The Cloud Isnt Magic • Yes you still have to plan for redundancy and availability, even in the cloud
  38. 38. Redundancy –No The Cloud Isnt Magic • Yes you still have to plan for redundancy and availability, even in the cloud • Marketing people lie (are you shocked yet?)
  39. 39. Redundancy –No The Cloud Isnt Magic • Yes you still have to plan for redundancy and availability, even in the cloud • Marketing people lie (are you shocked yet?) • Load Balancing across one provider is cool
  40. 40. Redundancy –No The Cloud Isnt Magic • Yes you still have to plan for redundancy and availability, even in the cloud • Marketing people lie (are you shocked yet?) • Load Balancing across one provider is cool • Load Balancing across multiple providers would be mega-awesome-cool
  41. 41. Encrypt Early /Encrypt Often
  42. 42. Encrypt Early /Encrypt Often • Seriously, just encrypt your stuff
  43. 43. Encrypt Early /Encrypt Often • Seriously, just encrypt your stuff • Logsup experiences
  44. 44. Encrypt Early /Encrypt Often • Seriously, just encrypt your stuff • Logsup experiences • Multi-tenancy is an element of the cloud you cannot control
  45. 45. Encrypt Early /Encrypt Often • Seriously, just encrypt your stuff • Logsup experiences • Multi-tenancy is an element of the cloud you cannot control • Same can be said of your VMWare, Xen, whatever infrastructure
  46. 46. Cloud is Cheap!
  47. 47. Cloud is Cheap! • Infrastructure as a Service (IaaS)
  48. 48. Cloud is Cheap! • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS)
  49. 49. Cloud is Cheap! • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Software as a Service (Saas)
  50. 50. Cloud is Cheap! • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Software as a Service (Saas) • Cost vs Benefit vs Pulling Your Hair Out (like me)
  51. 51. Logs in the Cloud –Long May it Rain
  52. 52. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too
  53. 53. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too•www.loggly.com
  54. 54. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too•www.loggly.com•www.splunkstorm.com
  55. 55. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too•www.loggly.com•www.splunkstorm.com• Access to your logs
  56. 56. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too•www.loggly.com•www.splunkstorm.com• Access to your logs• What to expect
  57. 57. Logs in the Cloud – Long May it Rain•YES you can have your logs from and in the cloud and you can analyze them too•www.loggly.com•www.splunkstorm.com• Access to your logs• What to expect• What not to expect
  58. 58. SLA or Seriously,Lawyers Again
  59. 59. SLA or Seriously,Lawyers Again • Service Level Agreements
  60. 60. SLA or Seriously,Lawyers Again • Service Level Agreements • Uptime guarantees
  61. 61. SLA or Seriously,Lawyers Again • Service Level Agreements • Uptime guarantees • Compensation for violation
  62. 62. SLA or Seriously,Lawyers Again • Service Level Agreements • Uptime guarantees • Compensation for violation • Some examples
  63. 63. Random Stuff
  64. 64. Random Stuff• Monitoring in/for the Cloud
  65. 65. Random Stuff• Monitoring in/for the Cloud• Amazonian Law
  66. 66. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine
  67. 67. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine• Uses for various cloud tech
  68. 68. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine• Uses for various cloud tech • Password Cracking/Brute Force
  69. 69. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine• Uses for various cloud tech • Password Cracking/Brute Force • Penetration Testing
  70. 70. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine• Uses for various cloud tech • Password Cracking/Brute Force • Penetration Testing • QA Testing
  71. 71. Random Stuff• Monitoring in/for the Cloud• Amazonian Law• Google App Engine• Uses for various cloud tech • Password Cracking/Brute Force • Penetration Testing • QA Testing • Auditing
  72. 72. Wrap Up / Q&A• Wrap Up• Q&A• Possible Brawl?• This Presentation is Licensed Under Creative Commons

×