Securing Your Data In The Cloud


Published on

Introduction to data security in the cloud.

Published in: Technology
1 Comment
  • Have you updated this? Nice overview whether you did or not.

    Any insight on fourth Amendment issues w/ government entities accessing your data since you stored it on a 3rd-party's equipment?
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Securing Your Data In The Cloud

  1. 1. Securing your Data in the Cloud Omer Trajman Sr. Dir. for Cloud and Virtualization Vertica Systems [email_address]
  2. 2. Something old…Something new <ul><li>Before we jump in what do we mean “ Cloud ?” </li></ul><ul><li>Oh….and what do we mean “ securing ?” </li></ul><ul><li>Plus ça change… </li></ul><ul><li>Tools of the trade </li></ul><ul><li>Key takeaways </li></ul>
  3. 3. What is….Cloud? <ul><li>What are Cloud Services? </li></ul><ul><li>Other Peoples’ Software </li></ul><ul><li>What are Cloud Platforms? </li></ul><ul><li>Other Peoples’ Frameworks </li></ul><ul><li>What is Cloud Infrastructure? </li></ul><ul><li>Other Peoples’ Hardware </li></ul>
  4. 4. Security is a Tradeoff <ul><li>“ Security costs money, but it also costs in time, convenience, capabilities,… ” </li></ul><ul><li>-Bruce Schneier </li></ul><ul><li>Assess how important it is to secure your data </li></ul><ul><li>What are the risks with in-house and cloud? </li></ul><ul><li>Why not keep it under your mattress ? </li></ul>
  5. 5. Data Security 101 <ul><li>Confidential and Proprietary </li></ul><ul><li>Secure Communications </li></ul><ul><li>On Disk Encryption </li></ul><ul><li>Private Key Cryptography </li></ul><ul><li>Timeliness of Data </li></ul>
  6. 6. History of Keeping Secrets <ul><li>Greeks use coded messages during wartime </li></ul><ul><li>Manuscript for the Deciphering Cryptographic Messages was written circa 800 AD </li></ul><ul><li>Computer Science was nurtured during the World Wars to keep communications secure </li></ul><ul><li>In 1970 IBM invented DES for the NIST to support secure financial transactions </li></ul><ul><li>In 1976 Diffie and Hellman introduced asymmetric key exchange </li></ul>
  7. 7. What do we keep Secure Today? <ul><li>Most Security and Military Information </li></ul><ul><li>Some Financial Data </li></ul><ul><li>Some Personal Information </li></ul><ul><li>Some Business Information </li></ul>
  8. 8. Tools of the Trade <ul><li>Key Algorithms </li></ul><ul><ul><li>AES, Blowfish, RSA, DH </li></ul></ul><ul><li>Encryption in Place </li></ul><ul><ul><li>PGP, FileVault, Firmware </li></ul></ul><ul><li>Secure Transmission </li></ul><ul><ul><li>SSL, VPN, SSH </li></ul></ul><ul><li>Firewalls </li></ul><ul><ul><li>Comes with your OS </li></ul></ul>
  9. 9. Securing the Cloud <ul><li>Create a VPN </li></ul><ul><li>Firewall the host </li></ul><ul><li>Encrypt the disk </li></ul><ul><li>Consider where to keep sensitive data </li></ul>
  10. 10. Virtual Private Network <ul><li>Why </li></ul><ul><ul><li>Secure communication between your enterprise and cloud infrastructure </li></ul></ul><ul><li>What </li></ul><ul><ul><li>OpenVPN, Checkpoint, Cisco, CohesiveFT </li></ul></ul>VPN
  11. 11. Virtual Private Network <ul><li>How </li></ul><ul><ul><li>VPN Server in your enterprise </li></ul></ul><ul><ul><li>Cloud machine configure to connect over VPN to a server in your enterprise </li></ul></ul><ul><ul><li>Client keys deployed to cloud machines </li></ul></ul><ul><li>Challenges </li></ul><ul><ul><li>Provisioning VPN client software </li></ul></ul><ul><ul><li>Key management for Cloud machines </li></ul></ul><ul><ul><li>Failover if Cloud machines fail </li></ul></ul>
  12. 12. <ul><li>Why </li></ul><ul><ul><li>Guard against intrusion, enforce network policies </li></ul></ul><ul><li>What </li></ul><ul><ul><li>IaaS provided, OS Built-in, Checkpoint </li></ul></ul>Firewall VPN
  13. 13. Firewall <ul><li>How </li></ul><ul><ul><li>For IaaS there is an API (e.g. Amazon EC2 groups) that controls network access </li></ul></ul><ul><ul><li>Linux Firewall or iptables configuration </li></ul></ul><ul><li>Challenges </li></ul><ul><ul><li>Complex port requirements (e.g. ssh internally and https externally) </li></ul></ul><ul><ul><li>Subtleties in configuration files can lead to a susceptible host </li></ul></ul>
  14. 14. Encryption <ul><li>Why </li></ul><ul><ul><li>Prevent malicious or accidental data leaks </li></ul></ul><ul><li>What </li></ul><ul><ul><li>Truecrypt, Encfs, CryptoFS, NTFS Encryption </li></ul></ul>1, Jonathan 2, Susan 3, David 03Wea91ab05841fe1oFVDxa2x99G
  15. 15. Encryption <ul><li>How </li></ul><ul><ul><li>DIY – install an encrypted volume on the host </li></ul></ul><ul><ul><li>May come as an IaaS option </li></ul></ul><ul><li>Challenges </li></ul><ul><ul><li>Key management </li></ul></ul><ul><ul><li>Complicates host setup </li></ul></ul><ul><ul><li>Incremental backup/recovery </li></ul></ul>
  16. 16. What about Securing Resources? <ul><li>Don’t use passwords (use public/private keys) </li></ul><ul><li>Open minimal ports (use dedicated servers) </li></ul><ul><li>Monitor your system (tripwire, OSSEC) </li></ul><ul><li>Use configuration tools (FireHOL, Bastille) </li></ul><ul><li>Keep Backups (and keep them secure) </li></ul>Client Server Data
  17. 17. Future Developments <ul><li>Cloud offerings are constantly changing </li></ul><ul><li>Management as a Service providers will facilitate setup configurations </li></ul><ul><li>Security will become an integrated offering </li></ul><ul><li>Best practices for Cloud security are growing out of enterprise and web security expertise </li></ul>
  18. 18. Key Takeaways <ul><li>Security is a trade off </li></ul><ul><li>Use the same tools in the cloud </li></ul><ul><li>VPN, Firewall, Encrypt…Detect and Backup </li></ul><ul><li>Look for solutions from your provider </li></ul><ul><li>Check your service agreement </li></ul>
  19. 19. References <ul><li>Twenty Rules for Amazon Cloud Security (George Reese, O’Reilly) </li></ul><ul><li>Three tools to help you configure iptables (Chris Lynch, </li></ul><ul><li>Disk Encryption Tools for Linux </li></ul><ul><li>(Justin Krelc and Ed Tittel, All about Linux) </li></ul><ul><li>VPN labs </li></ul><ul><li>Amazon Security Whitepaper </li></ul><ul><li>thank you – </li></ul>