ISACA Cloud Security Presentation 2013-09-24

•Download as PPTX, PDF•

0 likes•669 views

Major Hayden is a chief security architect at Rackspace who has over 5 years of experience in cloud operations. In his presentation, he discusses cloud hosting and the shift from managing computers to utilizing computing resources. He outlines the different types of cloud deployments including public, private, and hybrid clouds. Hayden also addresses common security questions about selecting cloud providers, contractual agreements, risks of company-owned servers, public cloud networking risks, and securely storing data in the cloud.

Technology Health & Medicine

Why are we here today?
Cloud Security // ISACA San Antonio 2013-09-24 2

Who am I?
 Chief Security Architect at Rackspace
 Red Hat Certified Architect and MySQL DBA
 Five years of cloud operations experience
 Integrated Slicehost with Rackspace
 Launched Rackspace’s Cloud Servers product based on
Slicehost technology
 Launched Rackspace’s Open Cloud Servers powered by
OpenStack
Cloud Security // ISACA San Antonio 2013-09-24 3

Today’s big three
1. An understandable and repeatable definition of cloud
really does exist (and I’ll help you learn it)
2. There are different cloud deployment strategies and you
can secure each of them
3. Cloud hosting risks are very similar to the risks from
other IT hosting methods
Cloud Security // ISACA San Antonio 2013-09-24 4

What is cloud hosting?
Cloud Security // ISACA San Antonio 2013-09-24 5

Cloud hosting is a shift from
managing computers
to utilizing
computing resources
Cloud Security // ISACA San Antonio 2013-09-24 6

Cloud Security // ISACA San Antonio 2013-09-24 7

Cloud Security // ISACA San Antonio 2013-09-24 8
Colocation Dedicated Managed Cloud

Cloud Security // ISACA San Antonio 2013-09-24 9
Colocation Dedicated Managed Cloud

Cloud Security // ISACA San Antonio 2013-09-24 10
Colocation Dedicated Managed Cloud

Cloud Security // ISACA San Antonio 2013-09-24 11
Colocation Dedicated Managed Cloud

Key points
 Resources are always available
 Pay for what you use
 Fewer fixed costs, more variable costs
 Maintain business focus
Cloud Security // ISACA San Antonio 2013-09-24 12

Cloud hosting
brings new challenges
Cloud Security // ISACA San Antonio 2013-09-24 13

Homes vs. Apartments
Cloud Security // ISACA San Antonio 2013-09-24 14
Flickr: atelier_tee Flickr: oldtasty

Key points
 Can’t choose your neighbors
 Fluctuating performance
 Stay within the confines of the system
 Service providers can touch your data*
Cloud Security // ISACA San Antonio 2013-09-24 15

Cattle vs. Pets
(Credit goes to Gavin McCance at CERN for this analogy)
Cloud Security // ISACA San Antonio 2013-09-24 16

Key points
 Rely on automation
 Use configuration management
 Build in redundancy based on business needs
Cloud Security // ISACA San Antonio 2013-09-24 17

Cloud types:
Public, Private, and Hybrid
Cloud Security // ISACA San Antonio 2013-09-24 18

Benefits
 Public: easily expandable and cheap
 Private: host with provider or host internally,
fewer noisy neighbor issues, compliance is easier
 Hybrid: helpful for bridging into cloud, allows for
the workloads to run where they run best
Cloud Security // ISACA San Antonio 2013-09-24 19

Let’s go through
your questions
Cloud Security // ISACA San Antonio 2013-09-24 20

What due diligence should
a company perform when
selecting cloud services?
Cloud Security // ISACA San Antonio 2013-09-24 21

Due diligence
 Easy answer: Assess a cloud provider just as you
would any other provider of IT services
 Look for business practice and security maturity
 Test the provider thoroughly ahead of time
 Monitor the provider’s actions closely around
outages or when receiving support
Cloud Security // ISACA San Antonio 2013-09-24 22

What are some
good contractual
agreement clauses?
Cloud Security // ISACA San Antonio 2013-09-24 23

Contractual agreements
 Confidentiality and security requirements
 Encryption standards*
 Service description and SLA’s
 Indemnification
Cloud Security // ISACA San Antonio 2013-09-24 24

What are the risks
if the company
owns the servers?
Cloud Security // ISACA San Antonio 2013-09-24 25

Company-owned server risks
 Similar to self-hosted or vendor-hosted IT
services on dedicated equipment
 IT staff that maintain the servers will have some
level of access to virtual machine data
Cloud Security // ISACA San Antonio 2013-09-24 26

Does the internet-facing
nature of public cloud
create additional risks?
Cloud Security // ISACA San Antonio 2013-09-24 27

Public cloud networking risks
 About the same as internet-facing dedicated
hardware
 Some public clouds may have hardware
networking devices such as firewalls or load
balancers
 Other providers might provide a shared firewall
or load balancer environment to use
Cloud Security // ISACA San Antonio 2013-09-24 28

How do I securely store
data in cloud services?
Cloud Security // ISACA San Antonio 2013-09-24 29

Storing data in cloud
 Your data is never fully safe in any storage
 Understand your most probable threats first
 Make your data less useful to others
 Encryption with digital signatures
 Sharding
 Tokenization (can help with data transport laws)
 Hardware Security Module (HSM)
Cloud Security // ISACA San Antonio 2013-09-24 30

Thanks for inviting me!
Q&A?
Cloud Security // ISACA San Antonio 2013-09-24 31
Have more questions later?
major.hayden@rackspace.com
http://major.io/

This document discusses data encryption in Azure. It covers Azure Key Vault for key management, which allows users to securely store and control encryption keys. It also describes the different key management options with Azure Key Vault, including using Microsoft-managed keys, customer-managed keys, and bringing your own keys via hardware security modules. Several encryption scenarios are presented, such as encrypting storage services, performing key rotation, and using Key Vault for SQL Server encryption.

CSA v4 Topology

Jason Rusch - CISSP CGEIT CISM CISA GNSA

The document discusses 14 domains related to security guidance for critical areas of focus in cloud computing. The domains include legal issues, contracts, electronic discovery, governance, risk management, infrastructure security, incident response, management and business continuity, information governance, cloud concepts and architectures, virtualization and containers, application security, data security and encryption, identity and access management, security as a service, and related technologies. The document also notes that the CSA uses the NIST 800-145 model for defining cloud computing and endorses the more in-depth ISO/IEC 17788 reference model.

Confraria Security 17 June - Cloud Security

Vitor Domingos

Cloud computing provides on-demand access to shared computing resources like networks, servers, storage, applications and services. While it offers advantages like flexibility and cost savings, security is a major concern due to issues like loss of physical control of data and systems, multi-tenancy, and the complexity of massive cloud systems. Key challenges include isolation management between tenants, data encryption, disaster recovery planning and secure virtualization. Organizations should plan for security, encrypt data, backup regularly, audit systems and sandbox applications to help address risks in the cloud.

The Cloud Done Right

Intel Corporation

ReliaCloud is an Infrastructure as a Service (IaaS) cloud provider that offers reliable, elastic, and low-cost cloud servers and infrastructure. It provides scalable Windows and Linux servers starting at $0.05 per hour without setup fees or long-term contracts. ReliaCloud ensures security through datacenter security policies, firewall perimeter protection, private cloud networks, and customer control over server and firewall access lists. It plans to expand security options through VPN gateway access and private cloud infrastructure.

[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center

Nur Shiqim Chok

1) The document discusses Cisco Tetration Analytics, a product that provides visibility and security for data centers through machine learning-powered network monitoring and analytics. 2) Tetration collects data from sensors on network devices, servers, and endpoints to generate metadata about all network traffic and identify anomalies, outliers, and deviations from baselines. 3) It offers capabilities like application dependency mapping, real-time whitelisting, inventory of software and open ports, and network forensics to help strengthen data center security, reduce mean time to identify issues, and enable compliance.

Cisco Connect 2018 Indonesia - Delivering intent for data center networking

NetworkCollaborators

The document discusses Cisco's approach to intent-based networking for data centers. It describes how modern data centers are increasingly complex with distributed applications and microservices. It introduces Cisco's intent lifecycle approach, which includes automation, analytics, assurance, and policy to guarantee consistency and compliance with intent. Key components of Cisco's solution include Application Centric Infrastructure (ACI), Tetration for visibility and segmentation, and the Network Assurance Engine for continuously validating the network configuration matches intent through mathematical modeling.

Mondi Group

Cisco Case Studies

Mondi Group is an international packaging company that chose a Cisco security solution to standardize security across its wide area network and newly acquired businesses. The Cisco TrustSec architecture combined with Cisco Identity Services Engine provides user and device identification and flexible security policies. This allows Mondi to promote flexible collaboration while maintaining rigorous security, and to easily integrate new locations and acquisitions into its global security model.

Network Research Assistance

Network Simulation Tools

The document discusses Cisco's HyperFlex hyperconverged infrastructure solution. It highlights how HyperFlex can support any application on any cloud at scale. It provides an overview of key HyperFlex features like its integration with Cisco UCS, data platform, scale-out architecture, and operational simplicity. Examples of benefits like accelerated deployment, increased utilization, and lower management costs are also summarized.

In Cloud We Trust

Andy Harjanto

The document discusses some of the main security concerns with cloud computing, including data privacy, security, and issues of trust. It suggests adopting a layered security approach, using encryption, strong authentication methods, and choosing reputable cloud providers. While cloud computing security risks exist, the document argues providers have incentives to maintain good security practices and outlines some typical security processes providers have in place. It recommends a gradual approach to cloud adoption starting with non-critical systems.

Dome9 Public Cloud Security

Sudarshan Srinivasan

Dome9 is the leader in public cloud infrastructure security. The innovative Dome9 Arc SaaS platform offers technologies to assess security posture, detect misconfigurations, model gold standard policies, protect against attacks and insider threats, and conform to security best practices in the cloud. Enterprises use Dome9 Arc for faster and more effective cloud security operations, pain-free compliance and governance, and rugged DevOps practices. Learn more at https://dome9.com.

Cisco Connect 2018 Indonesia - Building a secure data center

NetworkCollaborators

This document discusses how Cisco Tetration Analytics can strengthen data center security. It provides an overview of Tetration Analytics, which uses machine learning to gain visibility into all network traffic and identify anomalies. This helps users establish a baseline, detect outliers, and create automated whitelisting policies to lock down systems. The document also reviews Tetration's deployment options, data sources, use cases, and integration with the broader Cisco security ecosystem.

Cloud security

Alexandra Instituttet

This document discusses cloud computing security challenges. It identifies 14 specific challenges such as migrating personal information and sensitive data to the cloud, ensuring compliance with data protection directives, managing access and identities, securing hypervisors and virtual operating systems, attracting hackers as cloud presents a high value target, and issues with cloud forensics and data discovery. It also maps these 14 challenges to relevant domains in cloud security like governance, legal and electronic discovery, encryption, identity and access management, compliance, and incident response. The document was created by Alexandra Institute on cloud computing security and provides a link for more information.

Safe Swiss Cloud: Swiss Enterprise Cloud since 2012

Safe Swiss Cloud

vArmour - Securing the Modern Data Centre

Infront

Chris Swan's Cloud World Forum 2015 Presentation: Reperimiterisation in the C...

Cohesive Networks

Securing the modern data centre

Infront

Automate compliance with cloud guard dome9

John Varghese

Cisco Powered Overview

Cisco Powered

Portuguese Cloud Computing Architects - 2nd Meeting

Vitor Domingos

- The document discusses cloud computing and security issues related to cloud computing. It provides definitions of cloud computing and examples of different cloud service models like SaaS, PaaS, and IaaS. - Key security issues mentioned include trust, multi-tenancy, encryption, compliance, loss of physical control, and accountability. Challenges discussed include data privacy laws, isolation management, certification, data ownership, and service outages. - Recommendations provided include using VPNs and VLANs, carefully reading SLA terms, backing up data often, logging out securely, sandboxing, and trusting only after planning, encrypting, backing up, securing, and auditing.

Business Cloud Adoption models in Canada

Cisco Canada

This document discusses business cloud adoption models in Canada. It introduces various cloud service models like SaaS, IaaS, PaaS and different cloud locations. The document emphasizes selecting the right cloud service based on metrics like cost, security, availability, and compliance. It advises verifying assumptions, evaluating metrics, testing solutions, having migration and backout plans, and getting help from experts rather than going it alone when adopting cloud services.

Zabbix at Netco (Tobias van Hoogen / 12-02-2015)

Nederlandstalige Zabbix Gebruikersgroep

Netco is an IT company that has protected computer systems and networks in the Netherlands since 1996. They provide services like VPNs, load balancing, intrusion prevention, and filtering millions of spam messages daily for customers ranging from telecom companies to small businesses. Netco has been using Zabbix for several years to monitor around 5,000 hosts, including some customer servers that Netco manages. They discuss how Zabbix has helped with tasks like auto discovery, escalation paths, training engineers on triggers and the database model, using aggregates to monitor clusters, and low-level discovery. Integrating Zabbix with their configuration management database and using the API for business metrics reporting are also areas of interest.

CIS13: IDaaS. The Now Big Thing

CloudIDSummit

Nishant Kaushik, Chief Architect, Identropy There is a misconception that IDaaS is simply a cloud-based, less featured, less secure version of traditional Identity Management products that get deployed on-prem. In this session, you will find out that far from being little brother, IDaaS is actually bigger, better and stronger than IDaaI (Identity-as-an-Install) across multiple dimensions, whether it be in capabilities, ability to evolve and most significantly, security and performance. IDaaS is Changing the IdM game right in front of us, and customers are winning.

OpenStack Benelux Conference 2014 | Openstack Iaas and the Future of Applicat...

Guston Remie

cloud Raid

gsmenon1

This document discusses the benefits of a multi-cloud storage model using a technology called cloud-RAID that distributes and encrypts data across multiple cloud storage providers. It provides security benefits like preventing a single point of failure or attack since data is fragmented across providers. It also allows for independence from any one cloud vendor to avoid lock-in issues and gives users full control and ownership of their data.

Keys to success and security in the cloud

Scalar Decisions

Keys-to-Success-and-Security-in-the-Cloud

patmisasi

The document discusses cloud computing and security considerations for moving to the cloud. Some key points: 1) It defines cloud computing based on NIST definitions and emphasizes automation, elasticity, and flexible costing as core benefits of the cloud. 2) It notes that while cost savings are often cited, security and privacy are often overlooked but critical considerations for moving to the cloud. 3) It provides an overview of cloud security elements including identity and access management, data security, encryption, network security, and ensuring secure cloud architecture and design.

cloud computing.pdf

soundaryasellapandia

This document discusses security architecture and data security in cloud computing. It recommends employing proxy and brokerage services to restrict direct client access to shared data. The document also stresses that data in the cloud should be stored in an encrypted form. It describes the Cloud Security Alliance stack model, which defines boundaries of responsibility between cloud service providers and customers.

What's hot

A Secure Searchable Encryption Framework for Privacy-Critical Cloud Storage S...

JAYAPRAKASH JPINFOTECH

A Secure Searchable Encryption Framework for Privacy-Critical Cloud Storage S...

JAYAPRAKASH JPINFOTECH

Cisco Connect 2018 Thailand - Next generation hyperconverged infrastructure-s...

NetworkCollaborators

In Cloud We Trust

Andy Harjanto

Dome9 Public Cloud Security

Sudarshan Srinivasan

Cisco Connect 2018 Indonesia - Building a secure data center

NetworkCollaborators

Cloud security

Alexandra Instituttet

Safe Swiss Cloud: Swiss Enterprise Cloud since 2012

Safe Swiss Cloud

vArmour - Securing the Modern Data Centre

Infront

Chris Swan's Cloud World Forum 2015 Presentation: Reperimiterisation in the C...

Cohesive Networks

Securing the modern data centre

Infront

Automate compliance with cloud guard dome9

John Varghese

Cisco Powered Overview

Cisco Powered

Portuguese Cloud Computing Architects - 2nd Meeting

Vitor Domingos

Business Cloud Adoption models in Canada

Cisco Canada

Zabbix at Netco (Tobias van Hoogen / 12-02-2015)

Nederlandstalige Zabbix Gebruikersgroep

CIS13: IDaaS. The Now Big Thing

CloudIDSummit

OpenStack Benelux Conference 2014 | Openstack Iaas and the Future of Applicat...

Guston Remie

What's hot (18)

A Secure Searchable Encryption Framework for Privacy-Critical Cloud Storage S...

Cisco Connect 2018 Thailand - Next generation hyperconverged infrastructure-s...

In Cloud We Trust

Dome9 Public Cloud Security

Cisco Connect 2018 Indonesia - Building a secure data center

Cloud security

Safe Swiss Cloud: Swiss Enterprise Cloud since 2012

vArmour - Securing the Modern Data Centre

Chris Swan's Cloud World Forum 2015 Presentation: Reperimiterisation in the C...

Securing the modern data centre

Automate compliance with cloud guard dome9

Cisco Powered Overview

Portuguese Cloud Computing Architects - 2nd Meeting

Business Cloud Adoption models in Canada

Zabbix at Netco (Tobias van Hoogen / 12-02-2015)

CIS13: IDaaS. The Now Big Thing

OpenStack Benelux Conference 2014 | Openstack Iaas and the Future of Applicat...

Five things I learned about information security

Major Hayden

I delivered this presentation at the University of the Incarnate Word in San Antonio, Texas, to a group of students studying information security. They're learning plenty about the technical aspects of information security, but I wanted to talk to them about the non-technical aspects as well. This presentation is meant to be a low-tech, more social introduction on how to handle security within a large organization.

Be an inspiration, not an impostor (Texas Linux Fest 2015)

Major Hayden

Be an inspiration, not an impostor (Fedora Flock 2015)

Major Hayden

The New Normal: Managing the constant stream of new vulnerabilities

Major Hayden

Cloud Data Security

Major Hayden

More from Major Hayden (19)

Continuous Kernel Integration

I was too burned out to name this talk

Cookies for kernel developers

Deploying Kubernetes without scaring off your security team - KubeCon 2017

Securing OpenStack and Beyond with Ansible

Grow your community: Inspire an Impostor

Holistic Security for OpenStack Clouds

When flexibility met simplicity: the friendship of OpenStack and Ansible

Flexible, simple deployments with OpenStack-Ansible

Automated Security Hardening with OpenStack-Ansible

Taming the Technical Talk - OWASP San Antonio

OpenStack-Ansible Security

Taming the Technical Talk

The New Normal - Rackspace Solve 2015

Five things I learned about information security

Be an inspiration, not an impostor (Texas Linux Fest 2015)

Be an inspiration, not an impostor (Fedora Flock 2015)

The New Normal: Managing the constant stream of new vulnerabilities

Cloud Data Security

Recently uploaded

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

Artificial Intelligence for XMLDevelopment

Octavian Nadolu

In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject. We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup. Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved. The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring. The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise. By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.

20 Comprehensive Checklist of Designing and Developing a Website

Pixlogix Infotech

Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack

shyamraj55

“I’m still / I’m still / Chaining from the Block”

Claudio Di Ciccio

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Microsoft - Power Platform_G.Aspiotis.pdf

Uni Systems S.M.S.A.

“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...

Edge AI and Vision Alliance

For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/ Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit. In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing. van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

Mind map of terminologies used in context of Generative AI

Kumud Singh

Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...

Zilliz

20240605 QFM017 Machine Intelligence Reading List May 2024

Matthew Sinclair

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Neo4j

Leonard Jayamohan, Partner & Generative AI Lead, Deloitte This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.

Full-RAG: A modern architecture for hyper-personalization

Zilliz

Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.

20240607 QFM018 Elixir Reading List May 2024

Matthew Sinclair

Data structures and Algorithms in Python.pdf

TIPNGVN2

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

Vladimir Iglovikov, Ph.D.

Presented by Vladimir Iglovikov: - https://www.linkedin.com/in/iglovikov/ - https://x.com/viglovikov - https://www.instagram.com/ternaus/ This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation. Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners. This case study covers various aspects, including: People: The contributors and community that have supported Albumentations. Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions. Challenges: The hurdles in monetizing open-source projects and measuring user engagement. Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration. Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community. Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations. Mental Health: Maintaining balance and not feeling pressured by user demands. Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth. Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects. Explore more about Albumentations and join the community at: GitHub: https://github.com/albumentations-team/albumentations Website: https://albumentations.ai/ LinkedIn: https://www.linkedin.com/company/100504475 Twitter: https://x.com/albumentations

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

Recently uploaded (20)

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Artificial Intelligence for XMLDevelopment

20 Comprehensive Checklist of Designing and Developing a Website

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack

“I’m still / I’m still / Chaining from the Block”

Pushing the limits of ePRTC: 100ns holdover for 100 days

Securing your Kubernetes cluster_ a step-by-step guide to success !

Microsoft - Power Platform_G.Aspiotis.pdf

“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

Mind map of terminologies used in context of Generative AI

Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...

20240605 QFM017 Machine Intelligence Reading List May 2024

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Full-RAG: A modern architecture for hyper-personalization

20240607 QFM018 Elixir Reading List May 2024

Data structures and Algorithms in Python.pdf

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

20240609 QFM020 Irresponsible AI Reading List May 2024

ISACA Cloud Security Presentation 2013-09-24

1. Cloud Security Major Hayden, Rackspace

2. Why are we here today? Cloud Security // ISACA San Antonio 2013-09-24 2

3. Who am I?  Chief Security Architect at Rackspace  Red Hat Certified Architect and MySQL DBA  Five years of cloud operations experience  Integrated Slicehost with Rackspace  Launched Rackspace’s Cloud Servers product based on Slicehost technology  Launched Rackspace’s Open Cloud Servers powered by OpenStack Cloud Security // ISACA San Antonio 2013-09-24 3

4. Today’s big three 1. An understandable and repeatable definition of cloud really does exist (and I’ll help you learn it) 2. There are different cloud deployment strategies and you can secure each of them 3. Cloud hosting risks are very similar to the risks from other IT hosting methods Cloud Security // ISACA San Antonio 2013-09-24 4

5. What is cloud hosting? Cloud Security // ISACA San Antonio 2013-09-24 5

6. Cloud hosting is a shift from managing computers to utilizing computing resources Cloud Security // ISACA San Antonio 2013-09-24 6

7. Cloud Security // ISACA San Antonio 2013-09-24 7

8. Cloud Security // ISACA San Antonio 2013-09-24 8 Colocation Dedicated Managed Cloud

9. Cloud Security // ISACA San Antonio 2013-09-24 9 Colocation Dedicated Managed Cloud

10. Cloud Security // ISACA San Antonio 2013-09-24 10 Colocation Dedicated Managed Cloud

11. Cloud Security // ISACA San Antonio 2013-09-24 11 Colocation Dedicated Managed Cloud

12. Key points  Resources are always available  Pay for what you use  Fewer fixed costs, more variable costs  Maintain business focus Cloud Security // ISACA San Antonio 2013-09-24 12

13. Cloud hosting brings new challenges Cloud Security // ISACA San Antonio 2013-09-24 13

14. Homes vs. Apartments Cloud Security // ISACA San Antonio 2013-09-24 14 Flickr: atelier_tee Flickr: oldtasty

15. Key points  Can’t choose your neighbors  Fluctuating performance  Stay within the confines of the system  Service providers can touch your data* Cloud Security // ISACA San Antonio 2013-09-24 15

16. Cattle vs. Pets (Credit goes to Gavin McCance at CERN for this analogy) Cloud Security // ISACA San Antonio 2013-09-24 16

17. Key points  Rely on automation  Use configuration management  Build in redundancy based on business needs Cloud Security // ISACA San Antonio 2013-09-24 17

18. Cloud types: Public, Private, and Hybrid Cloud Security // ISACA San Antonio 2013-09-24 18

19. Benefits  Public: easily expandable and cheap  Private: host with provider or host internally, fewer noisy neighbor issues, compliance is easier  Hybrid: helpful for bridging into cloud, allows for the workloads to run where they run best Cloud Security // ISACA San Antonio 2013-09-24 19

20. Let’s go through your questions Cloud Security // ISACA San Antonio 2013-09-24 20

21. What due diligence should a company perform when selecting cloud services? Cloud Security // ISACA San Antonio 2013-09-24 21

22. Due diligence  Easy answer: Assess a cloud provider just as you would any other provider of IT services  Look for business practice and security maturity  Test the provider thoroughly ahead of time  Monitor the provider’s actions closely around outages or when receiving support Cloud Security // ISACA San Antonio 2013-09-24 22

23. What are some good contractual agreement clauses? Cloud Security // ISACA San Antonio 2013-09-24 23

24. Contractual agreements  Confidentiality and security requirements  Encryption standards*  Service description and SLA’s  Indemnification Cloud Security // ISACA San Antonio 2013-09-24 24

25. What are the risks if the company owns the servers? Cloud Security // ISACA San Antonio 2013-09-24 25

26. Company-owned server risks  Similar to self-hosted or vendor-hosted IT services on dedicated equipment  IT staff that maintain the servers will have some level of access to virtual machine data Cloud Security // ISACA San Antonio 2013-09-24 26

27. Does the internet-facing nature of public cloud create additional risks? Cloud Security // ISACA San Antonio 2013-09-24 27

28. Public cloud networking risks  About the same as internet-facing dedicated hardware  Some public clouds may have hardware networking devices such as firewalls or load balancers  Other providers might provide a shared firewall or load balancer environment to use Cloud Security // ISACA San Antonio 2013-09-24 28

29. How do I securely store data in cloud services? Cloud Security // ISACA San Antonio 2013-09-24 29

30. Storing data in cloud  Your data is never fully safe in any storage  Understand your most probable threats first  Make your data less useful to others  Encryption with digital signatures  Sharding  Tokenization (can help with data transport laws)  Hardware Security Module (HSM) Cloud Security // ISACA San Antonio 2013-09-24 30

31. Thanks for inviting me! Q&A? Cloud Security // ISACA San Antonio 2013-09-24 31 Have more questions later? major.hayden@rackspace.com http://major.io/

32. Cloud Security Major Hayden, Rackspace

Editor's Notes

What is cloud hosting?What changes does it bring?How can you host applications in cloud safely?
Evolution of water utilities is similar to the evolution of cloud
Assemble your own buckets, maintain themSpend time dragging buckets to the river and backAdding water-carrying capacity is hard workAll costs fixed
Rent buckets, no maintenanceStill spend time dragging buckets to the river and backAdding water-carrying capacity is slightly less difficultAlmost all costs fixed
Rent buckets, no maintenanceSomeone else hauls your buckets to the river and back for youAdding water-carrying capacity depends on bucket vendor’s capacityAlmost all costs variable
No more buckets neededWater is transported to a place very close to your homeAdding capacity is quick – just pull more waterAll costs variable

ISACA Cloud Security Presentation 2013-09-24

Recommended

Recommended

More Related Content

What's hot

What's hot (18)

Similar to ISACA Cloud Security Presentation 2013-09-24

Similar to ISACA Cloud Security Presentation 2013-09-24 (20)

More from Major Hayden

More from Major Hayden (19)

Recently uploaded

Recently uploaded (20)

ISACA Cloud Security Presentation 2013-09-24

Editor's Notes