SlideShare a Scribd company logo

Cloud Security Practices and Principles

Sumo Logic
Sumo Logic

The document discusses security practices and principles for cloud computing. It argues that the cloud provides opportunities to simplify security through automation and centralization of controls. By understanding the basic primitives of computing in the cloud (I/O, memory, storage, compute, code, data, access controls, interfaces), security professionals can design infrastructure that achieves minimalism, full default deny access, and emergent security through infrastructure coded as software rather than physical hardware.

Technology
1 of 17
Download to read offline
Cloud  Security  Prac0ces  and  Principles     Joan  Pepin   Director  of  Security   Sumo  Logic  Confiden0al  
!   An  opportunity  to  simplify  and  increase  security   !   Misunderstood   !   A  vic0m  of  FUD   –  Take  0me  to  examine  it?   –  Or  DOOM?   !   Fearing  what  you  do  not  understand  is  reasonable   from  an  IT  perspec9ve.  But  this  is  worth  the  9me  to   understand.   The  Public  Cloud  Is:   Sumo  Logic  Confiden0al  2  
!   You  have  people  on  your  staff  who  know  way  too   much  about  waMage,  and  BTUs  and  rack  density  and   how  raised,  exactly,  the  floor  needs  to  be   !   So  you  think  in  certain  ways:   –  Hardware  rotates  and  depreciates  on  a  fixed  36-­‐month   cycle   –  This  is  the  mix  of  RAM,  Disk,  and  CPU  I  have  to  work  with   –  This  is  how  many  waMs  we've  got   –  And  this  is  the  bandwidth  capacity  of  the  datacenter   The  Old  World   Sumo  Logic  Confiden0al  3  
!   Trying  to  insert  yourself  in  the  process  run  by  ping   power  and  pipe  guys   !   Dealing  with  span  ports     !   Dealing  with  legacy  compromises  and  legacy   infrastructure  that  no  longer  matches  your  security   requirements…   !   And  probably  never  did   !   We  do  lots  of  things  in  this  business  where  we  transit   public  space,  and  we  take  steps  to  secure  that  transit     Where  Does  This  Leave  You?   Sumo  Logic  Confiden0al  4  
!   Cloud  compu0ng  is  truly  a  different  paradigm  with   different  rules  and  different  logic       A  New  World   Sumo  Logic  Confiden0al  5   The  Old  World   Cloud  Compu9ng   Precise  Control   Sta0s0cs   Scripts  and  Capacity  Planning   Spreadsheets   Feedback  Loops/Auto-­‐scaling   36-­‐month  Refresh  Cycles   Bids  for  Spot  Instances   Physical  Control   Process,  Automa0on,  Design  
!   What  security  professionals  are  looking  for  is  control   !   You  can  achieve  control  in  the  cloud,  by  playing  a   new  game           !   “The  highest  form  of  generalship  is  to  thwart  your   enemies  plans.”  –Sun  Tzu     But  The  FUD!   Sumo  Logic  Confiden0al  6  
!   Not  needing  to  regularly  review  firewall  rule  ordering   as  part  of  your  opera0onal  process,  as  one  example   !   Instrument   !   Gather  data   !   Design  your  rules   !   Iterate  from  the  whiteboard   !   Not  a  live  firewall  console   !   For  instance  J   What’s  In  It  For  Me?   Sumo  Logic  Confiden0al  7  
!   In  the  cloud  you  have  the  tools  to  design,  implement   and  refine  your  policies,  controls  and  enforcement  in   a  centralized  fashion   !   Your  code  is  your  infrastructure   !   Your  SDLC  can  now  be  brought  to  bear  on  areas   tradi0onally  out-­‐of-­‐sync  with  your  security  posture   !   Scale  to  massive  sizes  without  having  to  worry  about   things  like  firewall  rule  ordering,  op0miza0on  or   audit  as  part  of  your  opera0onal  cycle   !   Your  security  will  become  fractal,  and  embedded  in   every  layer  of  your  system.   Design  Design  Design   Sumo  Logic  Confiden0al  8  
!   What  are  your  primi0ves?   !   I/O,  Memory,  Storage,  Compute,  and  Code   !   Data   –  At  Rest,  in  Mo0on,  and  in  Use   !   Access  control   –  Monitoring  tools,  third-­‐party  apps,  troubleshoo0ng  tools   !   Interfaces/APIs   –  Clean,  Minimal,  Authen0cated,  Validated   The  Primi0ves   Sumo  Logic  Confiden0al  9  
!   Each  of  those  must  be  thought  of  on  its  own  and  in   combina0on  with  the  other  components  it  interacts   with   !   It  is  both  that  simple  and  that  complicated.   Minimalism   Sumo  Logic  Confiden0al  10  
!   That  simplicity  gives  you  the  power  to  understand   everything   !   Every  protocol   !   Every  interface   !   If  you  want  to  achieve  true  and  full  Default  Deny  on   everything,  everywhere,  this  is  where  it  starts   !   Understand  your  state  changes   !   Bring  that  understanding  to  bear  through   development   !   And  you  can  aMain  Emergent  Security   Understand  Everything   Sumo  Logic  Confiden0al  11  
!   Your  en0re  infrastructure  is  your  code-­‐base     !   There  is  no  gap  between  the  opera0onal  physical   layer  and  the  sojware  that  runs  on  top  of  it.   !   Machine  and  network  failures  are  just  excep0ons  to   be  caught  and  handled   !   Your  infrastructure  can  now  evolve  and  support  your   system     !   because  it  is  the  system   With  Automa0on,  All  Things  are  Possible   Sumo  Logic  Confiden0al  12  
!   Register  all  of  your  VMs  services,  IPs,  and  ports   !   Automa0cally  build  firewall  policies  based  on  that   !   Re-­‐build  and  distribute  ssl/tls  keys   !   Whenever  you  want   !   HIDS,  HFW  and  File  Integrity  Checkers  configured   with  instance  tags   !   Unit  test  everything   !   Allowing  security  to  keep  up  with  your  product     Like  What?   Sumo  Logic  Confiden0al  13  
!   You  know…  like  we  do…  on  the  Internet  ;)   !   At  rest  and  in  mo0on.   !   Any  data  that  is  ephemeral  can  be  kept  on  encrypted   ephemeral  storage  with  keys  can  simply  be  kept  in   memory.     –  When  the  instance  dies,  the  key  dies  with  it.   !   Longer-­‐lived  data  should  be  stored  away  from  the   keys  that  secure  it   –  If  the  data  is  par0cularly  sensi0ve,  Securely  wipe  the  data   before  spinning  down  the  disk  and  giving  it  back  to  the   pool   Encrypt  It  All   Sumo  Logic  Confiden0al  14  
!   Allow  only  expected  connec0ons     !   Front-­‐end  web-­‐applica0ons  need  to  accept   connec0ons  from  anyone  in  the  world   –  (but  it's  more  likely  only  your  load  balancer  does)   !   As  part  of  your  infrastructure  as  sojware  design   –  Know  what  needs  to  talk  to  what     •  on  what  port  and  under  what  circumstances,     –  And  only  allow  that,     •  everything  else  is  bit-­‐bucketed  and  alerted  on.     !   In  sojware-­‐driven  cloud-­‐based  deployments,  there  is   no  longer  any  excuse  for  any  other  way  of  doing  it   Default  Deny  Nirvana   Sumo  Logic  Confiden0al  15  
!   The  public  u0lity  model  of  cloud  compu0ng  brings   substan0al  advantages  of  scalability  and  automa0on   which  can  be  leveraged  by  informa0on  security   professionals   !   As  a  result,  a  more  secure  service  can  be  built  on  the   public  cloud  for  less  investment  than  in  a  tradi0onal   data  center   !   Just  remember  your  fundamentals   !   And  always  shoot  the  messenger   Conclusion   Sumo  Logic  Confiden0al  16  
!   Download  our  white  paper,  Building  Secure  Services  in  the   Cloud:  www.sumologic.com/resources/       !   Register  for  Sumo  Logic  Free  www.freesumo.com   !   Contact  joan@sumologic.com  or  info@sumologic.com       Q&A  and  Next  Steps   Sumo  Logic  Confiden0al  17  

Recommended

BH SA A4 Brochure
BH SA A4 BrochureBH SA A4 Brochure
BH SA A4 BrochureAmit Parbhucharan
 
Cloud security design considerations
Cloud security design considerationsCloud security design considerations
Cloud security design considerationsMike Kavis
 
Cloud Computing Design Considerations
Cloud Computing Design ConsiderationsCloud Computing Design Considerations
Cloud Computing Design Considerations
Mike Kavis
 
SplunkSummit 2015 - ES Hands On Workshop
SplunkSummit 2015 - ES Hands On Workshop SplunkSummit 2015 - ES Hands On Workshop
SplunkSummit 2015 - ES Hands On Workshop
Splunk
 
Journey from Monolith to a Modularized Application - Approach and Key Learnin...
Journey from Monolith to a Modularized Application - Approach and Key Learnin...Journey from Monolith to a Modularized Application - Approach and Key Learnin...
Journey from Monolith to a Modularized Application - Approach and Key Learnin...
mfrancis
 
Microprocessors and microcontrollers
Microprocessors and microcontrollersMicroprocessors and microcontrollers
Microprocessors and microcontrollers
Aditya Porwal
 
Embedded system
Embedded systemEmbedded system
Embedded systempradhuman0702
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications WSO2
 

Recommended

BH SA A4 Brochure
BH SA A4 BrochureBH SA A4 Brochure
BH SA A4 BrochureAmit Parbhucharan
 
Cloud security design considerations
Cloud security design considerationsCloud security design considerations
Cloud security design considerationsMike Kavis
 
Cloud Computing Design Considerations
Cloud Computing Design ConsiderationsCloud Computing Design Considerations
Cloud Computing Design Considerations
Mike Kavis
 
SplunkSummit 2015 - ES Hands On Workshop
SplunkSummit 2015 - ES Hands On Workshop SplunkSummit 2015 - ES Hands On Workshop
SplunkSummit 2015 - ES Hands On Workshop
Splunk
 
Journey from Monolith to a Modularized Application - Approach and Key Learnin...
Journey from Monolith to a Modularized Application - Approach and Key Learnin...Journey from Monolith to a Modularized Application - Approach and Key Learnin...
Journey from Monolith to a Modularized Application - Approach and Key Learnin...
mfrancis
 
Microprocessors and microcontrollers
Microprocessors and microcontrollersMicroprocessors and microcontrollers
Microprocessors and microcontrollers
Aditya Porwal
 
Embedded system
Embedded systemEmbedded system
Embedded systempradhuman0702
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications WSO2
 
SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?
Anton Chuvakin
 
embeddedsystemspresentation-140524063909-phpapp01-converted.pptx
embeddedsystemspresentation-140524063909-phpapp01-converted.pptxembeddedsystemspresentation-140524063909-phpapp01-converted.pptx
embeddedsystemspresentation-140524063909-phpapp01-converted.pptx
DrVikasMahor
 
Embedded system by abhishek mahajan
Embedded system by abhishek mahajanEmbedded system by abhishek mahajan
Embedded system by abhishek mahajan
abhimaha09
 
Embedded system by abhishek mahajan
Embedded system by abhishek mahajanEmbedded system by abhishek mahajan
Embedded system by abhishek mahajan
Abhishek Mahajan
 
Embedded system by abhishek mahajan
Embedded system by abhishek mahajanEmbedded system by abhishek mahajan
Embedded system by abhishek mahajan
Abhishek Mahajan
 
Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)
Hackfest Communication
 
ERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, Solutions
ERPScan
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
dino715195
 
Security Automation & Orchestration
Security Automation & OrchestrationSecurity Automation & Orchestration
Security Automation & Orchestration
Splunk
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
WSO2
 
Embeddedsystems
EmbeddedsystemsEmbeddedsystems
Embeddedsystems
Prabhakaran Durai
 
Lessons learned to keep cholesterol on proper level base on private cloud pr...
Lessons learned to keep cholesterol on proper level base on private cloud pr... Lessons learned to keep cholesterol on proper level base on private cloud pr...
Lessons learned to keep cholesterol on proper level base on private cloud pr...
Robert Bigos
 
20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation
Tim Willoughby
 
Why the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systemsWhy the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systems
Ernest Mueller
 
Watching Somebody Else's Computer: Cloud Native Observability
Watching Somebody Else's Computer: Cloud Native ObservabilityWatching Somebody Else's Computer: Cloud Native Observability
Watching Somebody Else's Computer: Cloud Native Observability
Ronald McCollam
 
Embedded System Presentation
Embedded System PresentationEmbedded System Presentation
Embedded System Presentation
Prof. Erwin Globio
 
embeddedsystemspresentation-140524063909-phpapp01.pdf
embeddedsystemspresentation-140524063909-phpapp01.pdfembeddedsystemspresentation-140524063909-phpapp01.pdf
embeddedsystemspresentation-140524063909-phpapp01.pdf
Ashwin180668
 
Chapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t hChapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t h
WilheminaRossi174
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
hashnees
 
What frameworks can do for you – and what not (IPC14 SE)
What frameworks can do for you – and what not (IPC14 SE)What frameworks can do for you – and what not (IPC14 SE)
What frameworks can do for you – and what not (IPC14 SE)
Robert Lemke
 
Welcome Webinar Slides
Welcome Webinar SlidesWelcome Webinar Slides
Welcome Webinar Slides
Sumo Logic
 
Welcome Webinar PDF
Welcome Webinar PDFWelcome Webinar PDF
Welcome Webinar PDF
Sumo Logic
 

More Related Content

Similar to Cloud Security Practices and Principles

SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?
Anton Chuvakin
 
embeddedsystemspresentation-140524063909-phpapp01-converted.pptx
embeddedsystemspresentation-140524063909-phpapp01-converted.pptxembeddedsystemspresentation-140524063909-phpapp01-converted.pptx
embeddedsystemspresentation-140524063909-phpapp01-converted.pptx
DrVikasMahor
 
Embedded system by abhishek mahajan
Embedded system by abhishek mahajanEmbedded system by abhishek mahajan
Embedded system by abhishek mahajan
abhimaha09
 
Embedded system by abhishek mahajan
Embedded system by abhishek mahajanEmbedded system by abhishek mahajan
Embedded system by abhishek mahajan
Abhishek Mahajan
 
Embedded system by abhishek mahajan
Embedded system by abhishek mahajanEmbedded system by abhishek mahajan
Embedded system by abhishek mahajan
Abhishek Mahajan
 
Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)
Hackfest Communication
 
ERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, Solutions
ERPScan
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
dino715195
 
Security Automation & Orchestration
Security Automation & OrchestrationSecurity Automation & Orchestration
Security Automation & Orchestration
Splunk
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
WSO2
 
Lessons learned to keep cholesterol on proper level base on private cloud pr...
Lessons learned to keep cholesterol on proper level base on private cloud pr... Lessons learned to keep cholesterol on proper level base on private cloud pr...
Lessons learned to keep cholesterol on proper level base on private cloud pr...
Robert Bigos
 
20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation
Tim Willoughby
 
Why the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systemsWhy the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systems
Ernest Mueller
 
Watching Somebody Else's Computer: Cloud Native Observability
Watching Somebody Else's Computer: Cloud Native ObservabilityWatching Somebody Else's Computer: Cloud Native Observability
Watching Somebody Else's Computer: Cloud Native Observability
Ronald McCollam
 
Embedded System Presentation
Embedded System PresentationEmbedded System Presentation
Embedded System Presentation
Prof. Erwin Globio
 
embeddedsystemspresentation-140524063909-phpapp01.pdf
embeddedsystemspresentation-140524063909-phpapp01.pdfembeddedsystemspresentation-140524063909-phpapp01.pdf
embeddedsystemspresentation-140524063909-phpapp01.pdf
Ashwin180668
 
Chapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t hChapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t h
WilheminaRossi174
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
hashnees
 
What frameworks can do for you – and what not (IPC14 SE)
What frameworks can do for you – and what not (IPC14 SE)What frameworks can do for you – and what not (IPC14 SE)
What frameworks can do for you – and what not (IPC14 SE)
Robert Lemke
 

Similar to Cloud Security Practices and Principles (20)

SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?
 
embeddedsystemspresentation-140524063909-phpapp01-converted.pptx
embeddedsystemspresentation-140524063909-phpapp01-converted.pptxembeddedsystemspresentation-140524063909-phpapp01-converted.pptx
embeddedsystemspresentation-140524063909-phpapp01-converted.pptx
 
Embedded system by abhishek mahajan
Embedded system by abhishek mahajanEmbedded system by abhishek mahajan
Embedded system by abhishek mahajan
 
Embedded system by abhishek mahajan
Embedded system by abhishek mahajanEmbedded system by abhishek mahajan
Embedded system by abhishek mahajan
 
Embedded system by abhishek mahajan
Embedded system by abhishek mahajanEmbedded system by abhishek mahajan
Embedded system by abhishek mahajan
 
Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)
 
ERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, Solutions
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
 
Security Automation & Orchestration
Security Automation & OrchestrationSecurity Automation & Orchestration
Security Automation & Orchestration
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
 
Embeddedsystems
EmbeddedsystemsEmbeddedsystems
Embeddedsystems
 
Lessons learned to keep cholesterol on proper level base on private cloud pr...
Lessons learned to keep cholesterol on proper level base on private cloud pr... Lessons learned to keep cholesterol on proper level base on private cloud pr...
Lessons learned to keep cholesterol on proper level base on private cloud pr...
 
20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation
 
Why the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systemsWhy the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systems
 
Watching Somebody Else's Computer: Cloud Native Observability
Watching Somebody Else's Computer: Cloud Native ObservabilityWatching Somebody Else's Computer: Cloud Native Observability
Watching Somebody Else's Computer: Cloud Native Observability
 
Embedded System Presentation
Embedded System PresentationEmbedded System Presentation
Embedded System Presentation
 
embeddedsystemspresentation-140524063909-phpapp01.pdf
embeddedsystemspresentation-140524063909-phpapp01.pdfembeddedsystemspresentation-140524063909-phpapp01.pdf
embeddedsystemspresentation-140524063909-phpapp01.pdf
 
Chapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t hChapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t h
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
What frameworks can do for you – and what not (IPC14 SE)
What frameworks can do for you – and what not (IPC14 SE)What frameworks can do for you – and what not (IPC14 SE)
What frameworks can do for you – and what not (IPC14 SE)
 

More from Sumo Logic

Welcome Webinar Slides
Welcome Webinar SlidesWelcome Webinar Slides
Welcome Webinar Slides
Sumo Logic
 
Welcome Webinar PDF
Welcome Webinar PDFWelcome Webinar PDF
Welcome Webinar PDF
Sumo Logic
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic
 
Sumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & ComplianceSumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & Compliance
Sumo Logic
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic
 
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic
 
Sumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security AnalyticsSumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security Analytics
Sumo Logic
 
Sumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - AdministrationSumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - Administration
Sumo Logic
 
Sumo Logic Cert Jam - Search Mastery
Sumo Logic Cert Jam - Search MasterySumo Logic Cert Jam - Search Mastery
Sumo Logic Cert Jam - Search Mastery
Sumo Logic
 
Sumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - FundamentalsSumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - Fundamentals
Sumo Logic
 
Sumo Logic Cert Jam - Fundamentals (Spanish)
Sumo Logic Cert Jam - Fundamentals (Spanish)Sumo Logic Cert Jam - Fundamentals (Spanish)
Sumo Logic Cert Jam - Fundamentals (Spanish)
Sumo Logic
 
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Sumo Logic
 
Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018
Sumo Logic
 
Level 2 Certification: Using Sumo Logic - Oct 2018
Level 2 Certification: Using Sumo Logic - Oct 2018Level 2 Certification: Using Sumo Logic - Oct 2018
Level 2 Certification: Using Sumo Logic - Oct 2018
Sumo Logic
 
Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic Certification - Level 2 (Using Sumo)Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic
 
Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018
Sumo Logic
 
Sumo Logic QuickStart Webinar - Get Certified
Sumo Logic QuickStart Webinar - Get CertifiedSumo Logic QuickStart Webinar - Get Certified
Sumo Logic QuickStart Webinar - Get Certified
Sumo Logic
 
You Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOpsYou Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOps
Sumo Logic
 
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic WebinarMaking the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Sumo Logic
 

More from Sumo Logic (20)

Welcome Webinar Slides
Welcome Webinar SlidesWelcome Webinar Slides
Welcome Webinar Slides
 
Welcome Webinar PDF
Welcome Webinar PDFWelcome Webinar PDF
Welcome Webinar PDF
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
 
Sumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & ComplianceSumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & Compliance
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
 
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics Mastery
 
Sumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security AnalyticsSumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security Analytics
 
Sumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - AdministrationSumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - Administration
 
Sumo Logic Cert Jam - Search Mastery
Sumo Logic Cert Jam - Search MasterySumo Logic Cert Jam - Search Mastery
Sumo Logic Cert Jam - Search Mastery
 
Sumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - FundamentalsSumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - Fundamentals
 
Sumo Logic Cert Jam - Fundamentals (Spanish)
Sumo Logic Cert Jam - Fundamentals (Spanish)Sumo Logic Cert Jam - Fundamentals (Spanish)
Sumo Logic Cert Jam - Fundamentals (Spanish)
 
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics Mastery
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018
 
Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018
 
Level 2 Certification: Using Sumo Logic - Oct 2018
Level 2 Certification: Using Sumo Logic - Oct 2018Level 2 Certification: Using Sumo Logic - Oct 2018
Level 2 Certification: Using Sumo Logic - Oct 2018
 
Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic Certification - Level 2 (Using Sumo)Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic Certification - Level 2 (Using Sumo)
 
Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018
 
Sumo Logic QuickStart Webinar - Get Certified
Sumo Logic QuickStart Webinar - Get CertifiedSumo Logic QuickStart Webinar - Get Certified
Sumo Logic QuickStart Webinar - Get Certified
 
You Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOpsYou Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOps
 
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic WebinarMaking the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
 

Recently uploaded

The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 

Recently uploaded (20)

The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 

Cloud Security Practices and Principles

  • 1. Cloud  Security  Prac0ces  and  Principles     Joan  Pepin   Director  of  Security   Sumo  Logic  Confiden0al  
  • 2. !   An  opportunity  to  simplify  and  increase  security   !   Misunderstood   !   A  vic0m  of  FUD   –  Take  0me  to  examine  it?   –  Or  DOOM?   !   Fearing  what  you  do  not  understand  is  reasonable   from  an  IT  perspec9ve.  But  this  is  worth  the  9me  to   understand.   The  Public  Cloud  Is:   Sumo  Logic  Confiden0al  2  
  • 3. !   You  have  people  on  your  staff  who  know  way  too   much  about  waMage,  and  BTUs  and  rack  density  and   how  raised,  exactly,  the  floor  needs  to  be   !   So  you  think  in  certain  ways:   –  Hardware  rotates  and  depreciates  on  a  fixed  36-­‐month   cycle   –  This  is  the  mix  of  RAM,  Disk,  and  CPU  I  have  to  work  with   –  This  is  how  many  waMs  we've  got   –  And  this  is  the  bandwidth  capacity  of  the  datacenter   The  Old  World   Sumo  Logic  Confiden0al  3  
  • 4. !   Trying  to  insert  yourself  in  the  process  run  by  ping   power  and  pipe  guys   !   Dealing  with  span  ports     !   Dealing  with  legacy  compromises  and  legacy   infrastructure  that  no  longer  matches  your  security   requirements…   !   And  probably  never  did   !   We  do  lots  of  things  in  this  business  where  we  transit   public  space,  and  we  take  steps  to  secure  that  transit     Where  Does  This  Leave  You?   Sumo  Logic  Confiden0al  4  
  • 5. !   Cloud  compu0ng  is  truly  a  different  paradigm  with   different  rules  and  different  logic       A  New  World   Sumo  Logic  Confiden0al  5   The  Old  World   Cloud  Compu9ng   Precise  Control   Sta0s0cs   Scripts  and  Capacity  Planning   Spreadsheets   Feedback  Loops/Auto-­‐scaling   36-­‐month  Refresh  Cycles   Bids  for  Spot  Instances   Physical  Control   Process,  Automa0on,  Design  
  • 6. !   What  security  professionals  are  looking  for  is  control   !   You  can  achieve  control  in  the  cloud,  by  playing  a   new  game           !   “The  highest  form  of  generalship  is  to  thwart  your   enemies  plans.”  –Sun  Tzu     But  The  FUD!   Sumo  Logic  Confiden0al  6  
  • 7. !   Not  needing  to  regularly  review  firewall  rule  ordering   as  part  of  your  opera0onal  process,  as  one  example   !   Instrument   !   Gather  data   !   Design  your  rules   !   Iterate  from  the  whiteboard   !   Not  a  live  firewall  console   !   For  instance  J   What’s  In  It  For  Me?   Sumo  Logic  Confiden0al  7  
  • 8. !   In  the  cloud  you  have  the  tools  to  design,  implement   and  refine  your  policies,  controls  and  enforcement  in   a  centralized  fashion   !   Your  code  is  your  infrastructure   !   Your  SDLC  can  now  be  brought  to  bear  on  areas   tradi0onally  out-­‐of-­‐sync  with  your  security  posture   !   Scale  to  massive  sizes  without  having  to  worry  about   things  like  firewall  rule  ordering,  op0miza0on  or   audit  as  part  of  your  opera0onal  cycle   !   Your  security  will  become  fractal,  and  embedded  in   every  layer  of  your  system.   Design  Design  Design   Sumo  Logic  Confiden0al  8  
  • 9. !   What  are  your  primi0ves?   !   I/O,  Memory,  Storage,  Compute,  and  Code   !   Data   –  At  Rest,  in  Mo0on,  and  in  Use   !   Access  control   –  Monitoring  tools,  third-­‐party  apps,  troubleshoo0ng  tools   !   Interfaces/APIs   –  Clean,  Minimal,  Authen0cated,  Validated   The  Primi0ves   Sumo  Logic  Confiden0al  9  
  • 10. !   Each  of  those  must  be  thought  of  on  its  own  and  in   combina0on  with  the  other  components  it  interacts   with   !   It  is  both  that  simple  and  that  complicated.   Minimalism   Sumo  Logic  Confiden0al  10  
  • 11. !   That  simplicity  gives  you  the  power  to  understand   everything   !   Every  protocol   !   Every  interface   !   If  you  want  to  achieve  true  and  full  Default  Deny  on   everything,  everywhere,  this  is  where  it  starts   !   Understand  your  state  changes   !   Bring  that  understanding  to  bear  through   development   !   And  you  can  aMain  Emergent  Security   Understand  Everything   Sumo  Logic  Confiden0al  11  
  • 12. !   Your  en0re  infrastructure  is  your  code-­‐base     !   There  is  no  gap  between  the  opera0onal  physical   layer  and  the  sojware  that  runs  on  top  of  it.   !   Machine  and  network  failures  are  just  excep0ons  to   be  caught  and  handled   !   Your  infrastructure  can  now  evolve  and  support  your   system     !   because  it  is  the  system   With  Automa0on,  All  Things  are  Possible   Sumo  Logic  Confiden0al  12  
  • 13. !   Register  all  of  your  VMs  services,  IPs,  and  ports   !   Automa0cally  build  firewall  policies  based  on  that   !   Re-­‐build  and  distribute  ssl/tls  keys   !   Whenever  you  want   !   HIDS,  HFW  and  File  Integrity  Checkers  configured   with  instance  tags   !   Unit  test  everything   !   Allowing  security  to  keep  up  with  your  product     Like  What?   Sumo  Logic  Confiden0al  13  
  • 14. !   You  know…  like  we  do…  on  the  Internet  ;)   !   At  rest  and  in  mo0on.   !   Any  data  that  is  ephemeral  can  be  kept  on  encrypted   ephemeral  storage  with  keys  can  simply  be  kept  in   memory.     –  When  the  instance  dies,  the  key  dies  with  it.   !   Longer-­‐lived  data  should  be  stored  away  from  the   keys  that  secure  it   –  If  the  data  is  par0cularly  sensi0ve,  Securely  wipe  the  data   before  spinning  down  the  disk  and  giving  it  back  to  the   pool   Encrypt  It  All   Sumo  Logic  Confiden0al  14  
  • 15. !   Allow  only  expected  connec0ons     !   Front-­‐end  web-­‐applica0ons  need  to  accept   connec0ons  from  anyone  in  the  world   –  (but  it's  more  likely  only  your  load  balancer  does)   !   As  part  of  your  infrastructure  as  sojware  design   –  Know  what  needs  to  talk  to  what     •  on  what  port  and  under  what  circumstances,     –  And  only  allow  that,     •  everything  else  is  bit-­‐bucketed  and  alerted  on.     !   In  sojware-­‐driven  cloud-­‐based  deployments,  there  is   no  longer  any  excuse  for  any  other  way  of  doing  it   Default  Deny  Nirvana   Sumo  Logic  Confiden0al  15  
  • 16. !   The  public  u0lity  model  of  cloud  compu0ng  brings   substan0al  advantages  of  scalability  and  automa0on   which  can  be  leveraged  by  informa0on  security   professionals   !   As  a  result,  a  more  secure  service  can  be  built  on  the   public  cloud  for  less  investment  than  in  a  tradi0onal   data  center   !   Just  remember  your  fundamentals   !   And  always  shoot  the  messenger   Conclusion   Sumo  Logic  Confiden0al  16  
  • 17. !   Download  our  white  paper,  Building  Secure  Services  in  the   Cloud:  www.sumologic.com/resources/       !   Register  for  Sumo  Logic  Free  www.freesumo.com   !   Contact  joan@sumologic.com  or  info@sumologic.com       Q&A  and  Next  Steps   Sumo  Logic  Confiden0al  17