The cloud is as secure as  you want it to be...              Debashis Banerjee                    Yahoo! India            ...
My son’s first                     day                   at school                     Catered Food                 on my ...
Today’s Journey                                         Multi device       Refresher to                                   ...
Cloud Computing - Refresher  • Key aspects of using the cloud: Elasticity, On Demand,    Multi Tenancy, Multi Device, Abil...
Key questions to ask about security?• What do you need to protect? Who are your users?• Where does your data live? How doe...
Ensuring your cloud solution is secure                           Identity                           Provider              ...
Security in Public Cloud Deployments• Strong Identity management• Privileged Account Management• Place the appropriate typ...
Security in the Private & Hybrid CloudPrivate:   • Design such that there is scope to move to a hybrid model   • Impose SS...
Multi Device Cloud Security – Mobile Phones• The mobile device as an extension of the Cloud• Secure Mobile Apps on the clo...
Multi Factor Auth – OTPs, SMS basedUse OTPs effectively to protect your data access to the cloud   GoldKey   Multi Factor ...
Some APIs useful in cloud security• Safe Browsing API• VM Safe APIs                                     11
In Conclusion• Cloud Security is critical to succeed in the cloud• Choose Private / Public / Hybrid cloud & SaaS / PaaS / ...
Remember your questions about security to1. Your child’s school2. Your anniversary party caterers3. Your airline4. Your ba...
Upcoming SlideShare
Loading in …5
×

Cloud security - The Cloud is as Secure as you want it to be! - Indicthreads cloud computing conference 2011

1,138 views

Published on

Session presented at the 2nd IndicThreads.com Conference on Cloud Computing held in Pune, India on 3-4 June 2011.

http://CloudComputing.IndicThreads.com

Abstract:As part of this session I intend to provide a technical overview of how cloud computing can be made secure across various networks architectures and deployments such as

(a) Security in public cloud deployments – data and application security. This will cover methods such as data encryption, multi tenancy, data wipeout, what type of data to place in public clouds, autentication methods.
(b) Security by using public/private mix hybrid cloud deployments. This will cover using hybrid clouds effectively to segregate some portions of data in the public and some in hybrid and how a request can be moved across these. It would also cover options for enterprises to make their solutions secure.
(c) Security features provided by current cloud vendors.
(d) How a cloud deployer can ensure the solution they are providing is secure.

Key Takeaway after this session: An understanding of various security solutions that developers, deployers, architects can use when using cloud computing solutions

Speaker: Debashis Banerjee is a technology professional with 12+ years of expertise in development and leading global teams in development of Cloud, Security, Internet based and Telecom products. He is currently a Senior Engineering Manager with Yahoo! India.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,138
On SlideShare
0
From Embeds
0
Number of Embeds
94
Actions
Shares
0
Downloads
35
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cloud security - The Cloud is as Secure as you want it to be! - Indicthreads cloud computing conference 2011

  1. 1. The cloud is as secure as you want it to be... Debashis Banerjee Yahoo! India 1
  2. 2. My son’s first day at school Catered Food on my anniversary party Money in my bankMy seat on theplane 2
  3. 3. Today’s Journey Multi device Refresher to Cloud the cloud Security – Mobiles OTP, SMS Ensuring based multiyour cloud Factor auth is secure Public, Private and Hybrid Secure Cloud Security APIs 3 Image: FreeDigitalPhotos.net
  4. 4. Cloud Computing - Refresher • Key aspects of using the cloud: Elasticity, On Demand, Multi Tenancy, Multi Device, Ability to measure Service • Type of Clouds - Public Clouds, Private Clouds, Hybrid Clouds, Community/Partner Clouds • Deployment models : SaaS , PaaS , IaaS 4
  5. 5. Key questions to ask about security?• What do you need to protect? Who are your users?• Where does your data live? How does it flow? What geographies?• What are your compliance, logging needs?• Is there SSO and Identity management in place?• Do you have a mix of physical , virtual, cloud?• Who pays for security? Who is accountable for what aspect of• security?• How do you react if a security breach takes place? 5
  6. 6. Ensuring your cloud solution is secure Identity Provider Strong AuthSecure Multi Ingress and DeviceData Egress SecurityIn backup Access Federated SSO Privileged Access Public Cloud Geo-Political Multi Tenancy Private Cloud ConsiderationsLogging, Secure Data atAuditing rest, motionCompliance,Playback Enterprise Physical, Virtual and cloud resources Wipeout, 6 Encryption
  7. 7. Security in Public Cloud Deployments• Strong Identity management• Privileged Account Management• Place the appropriate type of data in the cloud• Have access to compliance and logging , auditing• Being a public cloud ensure you impose where you data can or cannot travel• Wipeout policies• Ensure you are comfortable with the security of multi tenancy• Secure keys 7
  8. 8. Security in the Private & Hybrid CloudPrivate: • Design such that there is scope to move to a hybrid model • Impose SSOHybrid: • Segregate your data between clouds • Use SAML and ensure appropriate enterprise credentials are within the perimeter • Have your Federation set up correctly. Enable SSO. • Ensuring enterprise credentials do not travel into the cloud 8
  9. 9. Multi Device Cloud Security – Mobile Phones• The mobile device as an extension of the Cloud• Secure Mobile Apps on the cloud.• On Cloud and On Device virus scanning• Seamless policies for mobile devices• Credential life cycle management• Secure Roaming Users 9
  10. 10. Multi Factor Auth – OTPs, SMS basedUse OTPs effectively to protect your data access to the cloud GoldKey Multi Factor Auth – AWS/Gemalto 2 Factor Auth using SMS 10 Image: http://commons.wikimedia.org/wiki/File:RSA-SecurID-Tokens.jpg
  11. 11. Some APIs useful in cloud security• Safe Browsing API• VM Safe APIs 11
  12. 12. In Conclusion• Cloud Security is critical to succeed in the cloud• Choose Private / Public / Hybrid cloud & SaaS / PaaS / IaaS• Identity & Privileged User Management• Compliance, Certification and Logging• Consider Multi Device Scenarios• Use Strong Authentication 12
  13. 13. Remember your questions about security to1. Your child’s school2. Your anniversary party caterers3. Your airline4. Your bank And you won’t go wrong with the Cloud Security !!!! Image: FreeDigitalPhotos.net 13

×