Cloud summit demystifying cloud securityDavid De Vos
During this session we’ll cover the key solutions and steps to securing a cloud environment.
We’ll cover policy creation, security posture management & cybersecurity incident analysis. You’ll see how compliance is made easy in the cloud and how continuous monitoring works. We’ll explain how multi-cloud security works as well!
As we walk through the solutions, we’ll share some best practices and use cases from our experience.
Securing Servers in Public and Hybrid CloudsRightScale
RightScale Webinar: Security and compliance remain major challenges to adoption of public cloud infrastructure hosting. Technical differences in public cloud environments render many established security models and controls inoperable. Understanding these differences and the options available to you are key to running a secure cloud environment.
Join Carson Sweet, co-founder and CEO of CloudPassage and Uri Budnik, Director, ISV Partner Program of RightScale for a free webinar where industry experts discuss why security and compliance are different in the cloud, outline a model for securing cloud-based hosting environments, and explain best practices for implementing a secure cloud infrastructure.
We will discuss:
- What's different about security in the cloud
- Shared responsibility
- Architectural challenges
- Key features to secure your cloud servers
- Secure deployment via RightScripts
Don't miss out on this opportunity to find out about all you need to secure your cloud servers!
There are many threats to cloud security. The main treats arise from account hijacking, data breaches, inadequate cloud security architecture and strategy, insecure interfaces and APIs, insider threats, limited visibility with regard to cloud usage etc.
Virtualization security for the cloud computing technologyDeep Ranjan Deb
Virtualization reduces the number of physical servers, reducing the energy required to power and cool them and save time. It's also much faster to deploy a virtual machine than it is to deploy a new physical server. It also reduces desktop management headaches.
Cloud Security or Cloud Computing Security refers to a set of policies, procedures, and controls to safeguard cloud-based systems, infrastructure, and data.
Cloud Security involves the policies and procedures that safeguard cloud computing environments against cyberattacks.
Cloud summit demystifying cloud securityDavid De Vos
During this session we’ll cover the key solutions and steps to securing a cloud environment.
We’ll cover policy creation, security posture management & cybersecurity incident analysis. You’ll see how compliance is made easy in the cloud and how continuous monitoring works. We’ll explain how multi-cloud security works as well!
As we walk through the solutions, we’ll share some best practices and use cases from our experience.
Securing Servers in Public and Hybrid CloudsRightScale
RightScale Webinar: Security and compliance remain major challenges to adoption of public cloud infrastructure hosting. Technical differences in public cloud environments render many established security models and controls inoperable. Understanding these differences and the options available to you are key to running a secure cloud environment.
Join Carson Sweet, co-founder and CEO of CloudPassage and Uri Budnik, Director, ISV Partner Program of RightScale for a free webinar where industry experts discuss why security and compliance are different in the cloud, outline a model for securing cloud-based hosting environments, and explain best practices for implementing a secure cloud infrastructure.
We will discuss:
- What's different about security in the cloud
- Shared responsibility
- Architectural challenges
- Key features to secure your cloud servers
- Secure deployment via RightScripts
Don't miss out on this opportunity to find out about all you need to secure your cloud servers!
There are many threats to cloud security. The main treats arise from account hijacking, data breaches, inadequate cloud security architecture and strategy, insecure interfaces and APIs, insider threats, limited visibility with regard to cloud usage etc.
Virtualization security for the cloud computing technologyDeep Ranjan Deb
Virtualization reduces the number of physical servers, reducing the energy required to power and cool them and save time. It's also much faster to deploy a virtual machine than it is to deploy a new physical server. It also reduces desktop management headaches.
Cloud Security or Cloud Computing Security refers to a set of policies, procedures, and controls to safeguard cloud-based systems, infrastructure, and data.
Cloud Security involves the policies and procedures that safeguard cloud computing environments against cyberattacks.
Cloud computing is becoming increasingly important for provision of services and storage of data in the Internet. However there are several significant challenges in securing cloud infrastructures from different types of attacks.
The focus of thisPaper is on the security services that a cloud provider can offer as part of its infrastructure to its customers (tenants) to counteract these attacks.
Our main contribution is a security architecture that provides a flexible security as a service model that a cloud provider can offer to its tenants and customers of its tenants.
Our security as a service model while offering a baseline security to the provider to protect its own cloud infrastructure also provides flexibility to tenants to have additional security functionalities that suit their security requirements.
The paper describes the design of the security architecture and discusses how different
types of attacks are counteracted by the proposed architecture.
We have implemented the security architecture and the paper discusses analysis and performance evaluation results.
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Can Cloud Solutions Transform Network SecurityEC-Council
Cloud computing today has become an integral part of network security. In fact, cloud computing has benefited businesses in many ways. Read more on 7 Ways Cloud Computing Transforms Network Security.
https://www.eccouncil.org/programs/certified-network-security-course/
#cloudcomputing #networksecurity #cybersecurity #eccouncil
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
Until recently, major public cloud providers have offered relatively basic toolsets for identifying suspicious activity occurring inside customer accounts that may indicate a compromise. Some organizations have invested significant resources to build their own tools or have leveraged industry vendor offerings to provide this visibility. The reality is, that barrier has meant that a large number of organizations haven't dedicated those resources to this problem and therefore operate without sufficient detection and response capabilities that monitor their cloud accounts for compromise.
Amazon Web Services, Google Cloud Platform, and Microsoft Azure have recently launched a new set of native platform threat and anomalous behavior detection services to help their customers better identify and respond to certain issues and activities occurring inside their cloud accounts. From detecting crypto-currency mining to identifying bot-infected systems to alerting on suspicious cloud credential usage to triggering on cloud-specific methods of data exfiltration, these new services aim to make these kinds of detections much easier and simpler to centrally manage.
But what new and unique insights do they offer? What configuration is required to achieve the full benefits of these detections? What types of activities are not yet covered? What attack methods and techniques can avoid detection by these systems and still be successful? What practical guidelines can be followed to make the best use of these services in an organization?
Follow along as we attempt to answer these questions using practical demonstrations that highlight the real threats facing cloud account owners and how the new threat detection capabilities perform in reducing the risks of operating workloads in the public cloud.
Tsvi Korren,
VP of Product Strategy at Aqua Security CISSP, has been an IT security professional for over 25 years. In previous positions at DEC and CA Inc., he consulted with various industry verticals on the process and organizational aspects of security. As the VP of Product Strategy at Aqua, he is tasked with delivering commercial and open source solutions that make Cloud Native workloads the most secure, compliant and resilient application delivery platform.
Find out more about:
-How the cloud is changing the technological landscape for businesses
-The benefits of cloud-based software
-Security tips to protect yourself, your company, and your clients
-What to look for when choosing a provider
Security automation in virtual and cloud environments v2rpark31
Virtualization security must be as dynamic as the environment it is protecting. Learn how to build security automation into your virtual and cloud computing environments by using VMware's vShield API.
In this webinar, you will learn:
1. An introduction to security automation and why it matters
2. An overview of VMware's vShield and its API
3. Real world cloud examples of how to use the vShield API for security automation
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
Replay the live event: http://cs.co/90008z2Ar
Learn how your existing Cisco network can help you to know exactly who is doing what on the network with end-to-end visibility, differentiate anomalies from normal behavior with contextual threat intelligence and stop threats and mitigate risk with one-click containment of users and devices.
It’s time for the network to protect itself. Please make time for this important workshop.
Resources:
Watch the Cisco Stealthwatch and ISE full episode: http://cs.co/90008z24M
Network as a Sensor-Enforcer on CCO:
http://www.cisco.com/c/en/us/solutions/enterprise-networks/enterprise-network-security/net-sensor.html
Cisco ISE Community
http://cs.co/ise-community
Everything visible. Everything secure.
Unparalleled 2-second visibility across all of your global IT assets – on premises, endpoints and Private or Public Clouds.
Cloud computing is becoming increasingly important for provision of services and storage of data in the Internet. However there are several significant challenges in securing cloud infrastructures from different types of attacks.
The focus of thisPaper is on the security services that a cloud provider can offer as part of its infrastructure to its customers (tenants) to counteract these attacks.
Our main contribution is a security architecture that provides a flexible security as a service model that a cloud provider can offer to its tenants and customers of its tenants.
Our security as a service model while offering a baseline security to the provider to protect its own cloud infrastructure also provides flexibility to tenants to have additional security functionalities that suit their security requirements.
The paper describes the design of the security architecture and discusses how different
types of attacks are counteracted by the proposed architecture.
We have implemented the security architecture and the paper discusses analysis and performance evaluation results.
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Can Cloud Solutions Transform Network SecurityEC-Council
Cloud computing today has become an integral part of network security. In fact, cloud computing has benefited businesses in many ways. Read more on 7 Ways Cloud Computing Transforms Network Security.
https://www.eccouncil.org/programs/certified-network-security-course/
#cloudcomputing #networksecurity #cybersecurity #eccouncil
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
Until recently, major public cloud providers have offered relatively basic toolsets for identifying suspicious activity occurring inside customer accounts that may indicate a compromise. Some organizations have invested significant resources to build their own tools or have leveraged industry vendor offerings to provide this visibility. The reality is, that barrier has meant that a large number of organizations haven't dedicated those resources to this problem and therefore operate without sufficient detection and response capabilities that monitor their cloud accounts for compromise.
Amazon Web Services, Google Cloud Platform, and Microsoft Azure have recently launched a new set of native platform threat and anomalous behavior detection services to help their customers better identify and respond to certain issues and activities occurring inside their cloud accounts. From detecting crypto-currency mining to identifying bot-infected systems to alerting on suspicious cloud credential usage to triggering on cloud-specific methods of data exfiltration, these new services aim to make these kinds of detections much easier and simpler to centrally manage.
But what new and unique insights do they offer? What configuration is required to achieve the full benefits of these detections? What types of activities are not yet covered? What attack methods and techniques can avoid detection by these systems and still be successful? What practical guidelines can be followed to make the best use of these services in an organization?
Follow along as we attempt to answer these questions using practical demonstrations that highlight the real threats facing cloud account owners and how the new threat detection capabilities perform in reducing the risks of operating workloads in the public cloud.
Tsvi Korren,
VP of Product Strategy at Aqua Security CISSP, has been an IT security professional for over 25 years. In previous positions at DEC and CA Inc., he consulted with various industry verticals on the process and organizational aspects of security. As the VP of Product Strategy at Aqua, he is tasked with delivering commercial and open source solutions that make Cloud Native workloads the most secure, compliant and resilient application delivery platform.
Find out more about:
-How the cloud is changing the technological landscape for businesses
-The benefits of cloud-based software
-Security tips to protect yourself, your company, and your clients
-What to look for when choosing a provider
Security automation in virtual and cloud environments v2rpark31
Virtualization security must be as dynamic as the environment it is protecting. Learn how to build security automation into your virtual and cloud computing environments by using VMware's vShield API.
In this webinar, you will learn:
1. An introduction to security automation and why it matters
2. An overview of VMware's vShield and its API
3. Real world cloud examples of how to use the vShield API for security automation
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
Replay the live event: http://cs.co/90008z2Ar
Learn how your existing Cisco network can help you to know exactly who is doing what on the network with end-to-end visibility, differentiate anomalies from normal behavior with contextual threat intelligence and stop threats and mitigate risk with one-click containment of users and devices.
It’s time for the network to protect itself. Please make time for this important workshop.
Resources:
Watch the Cisco Stealthwatch and ISE full episode: http://cs.co/90008z24M
Network as a Sensor-Enforcer on CCO:
http://www.cisco.com/c/en/us/solutions/enterprise-networks/enterprise-network-security/net-sensor.html
Cisco ISE Community
http://cs.co/ise-community
Everything visible. Everything secure.
Unparalleled 2-second visibility across all of your global IT assets – on premises, endpoints and Private or Public Clouds.
Learning to Build Distributed Systems the Hard WayTheo Hultberg
I’ve learned how to build distributed systems the hard way; I’ve failed, and failed again. I’ve made many of the common mistakes and tried a few other things that turned out to be a disappointment. You shouldn't have to make those mistakes too. In this talk I'll tell the story of how I built a real time advertising analytics platform that tracks and reports on millions of impressions every day, and all the things I did wrong before I got it to work. I’ll also tell you what I did right, and the choices I don’t regret.
How to Become a Thought Leader in Your NicheLeslie Samuel
Are bloggers thought leaders? Here are some tips on how you can become one. Provide great value, put awesome content out there on a regular basis, and help others.
SMBs are fast at adapting to innovation and change, cloud computing has grabbed the spotlight for safer business with data security solutions. Know how today's business can reap and adopt cloud security features for public cloud.
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera Technologies
Learn how to remove operational complexity from achieving secure – and easily auditable – user access to your AWS systems. Automate tightly controlled user access in highly dynamic AWS environments. Painlessly report exactly who accessed which resources, from where, and when – in near real-time – and save your teams thousands of hours in audit prep work.
The session will be focusing how cloud-native security platform can continuously discovers workloads, identifies risk, and enforces security policies in any multi-cloud environment. Additionally it will also cover the Automated policy generation through agent-less security controls makes protecting data and applications the easiest thing to do in the cloud.
The Speaker of the session will be Dr. Ratinder Paul Singh Ahuja, Founder and Chief Research and Development Officer, Shield X, USA
Dr. Ratinder leads ShieldX and its mission as its central pivot point. Drawing from a career as a successful serial entrepreneur and corporate leader, he brings his unique blend of business acumen, industry network and deep technical knowledge.
At his previous start-ups, Internet Junction, Webstacks and Reconnex he served as Chief Technology Officer and Vice President of the Mobile and Network Security Business Units. His knowledge of innovation and emerging trends in networking, network security, and data-loss prevention are derived from years of industry experience. Dr. Ahuja holds a BS in Electronics & Electrical Engineering from Thapar University, in India, and a Masters and Ph.D. in Computer Engineering from Iowa State University. Dr. Ahuja has been granted 61 patents for security-based technologies, and has presented in many public forums, including the Content Protection Summit, IC3, IEEE Computer Society, McAfee FOCUS, and the Cloud Expo.
CloudPassage Best Practices for Automatic Security ScalingAmazon Web Services
Organizations that are transitioning from a traditional data center to an on-demand IT environment, such as AWS, are quickly finding that automating and scaling legacy security services for comprehensive workload security can be challenging. In light of these challenges, it is necessary to deploy a security solution that employs the same versatility and elasticity as the cloud workloads it is meant to protect. CloudPassage® Halo® provides virtually instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds like AWS. Join Xero and CloudPassage to learn about best practices for migrating your security workloads to the cloud.
Join us to learn:
- Best practices for maintaining workload security
- How you can align cloud security deployment methods with on-premises deployment methods
- Key considerations for architecting your infrastructure to scale quickly and securely
Who should attend: CTOs, CIOs, CISOs, Directors and Managers of Security, IT Administers, IT Architects and IT Security Engineers
Remote connectivity is crucial for enterprise productivity and SSL has gained fast popularity as a remote access
tool. In fact, SSL VPNs as a technology have shown promise in eliminating many of the client side issues associated
with IPSec, and other forms of remote access. Furthermore, SSL VPNs offer a smooth migration to a more costeffective,
easier to deploy remote access solution than IPSec. SSL VPN’s combination of flexibility and functionality
makes it competitive with IPSec even when deployed for enterprise’s “power users.”
In today’s crowded SSL VPN market, it’s easy to become overwhelmed by the wide range of solutions available.
Obviously, there are many factors to consider when purchasing an SSL VPN product, and you want to make the
best choice possible. This SSL VPN Evaluation Guide serves as an important resource in identifying, describing, and
prioritizing the criteria you should consider when selecting an SSL VPN provider that best fits the needs of your
organization.
Selection Criteria
In coming up with a selection criteria, the functions offered by SSL VPNs have to be evaluated against two key
aspects: security and user experience. A truly successful deployment of a secure access solution cannot be achieved
without taking both aspects into consideration. Look for an SSL VPN that can also serve the organization’s longterm
needs, integrates seamlessly with the network architecture, and provides powerful management tools. The
optimal provider will exceed in these key areas:
n Performance and scalability
n Security
n Ease of use
n Company reputation
n Technology leadership
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
Simon Wong and Chris Cram, Scalar security experts, discuss how Palo Alto Networks technology disrupts the entire malware kill chain. Attendees will also gain insight on flexible deployment options to better serve their mobile users, and how to get the most out of their Palo Alto Networks deployment.
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
Managing tightly-controlled user access in AWS is complex. And complexity leads to errors and sloppiness. There are six main reasons why this operational complexity is the biggest security threat to your AWS Environment. Paul Campaniello at Cryptzone discusses in this eBook.
The transition to cloud services provides many advantages to the organization, including scalability, flexibility, efficiency, reducing cost and enjoying an enterprise grade level of security that meets the highest standards. However, cloud services also entail various risks that the organization must recognize and mitigate before the transition to the cloud.
The transition to cloud services contain many advantages to the organization such as, scalability, flexibility, efficiency, reducing cost and enjoying an enterprise grade level of security that meets the highest standards. However, cloud services also entail various risks that the organization must recognize and mitigate before the transition to the cloud.
Steve Porter : cloud Computing SecurityGurbir Singh
A recording of the Northwest Regional meeting of the Institute of Information Security Professionals in Manchester on 5th July 2012. Stephen Porter from Trend Mirco Limited was on the theme of cloud computing security. Copyright of this presentation is held by the author, Stephen Porter.
Enterprise IT is transitioning from the use of traditional on-premise data centers to hybrid cloud environments. As a result, we’re experiencing a paradigm shift in the way we must think about and manage enterprise security. From Four Walls to No Walls Until now, the conventional view on IT security has been that applications and data are safe because they’re physically housed within the confines of a company’s data center walls using company-owned equipment. So, it’s not surprising that many decision makers perceive greater risks as they trade physical assets for cloud-based solutions.
Through our partnerships with leading cloud providers, we are able to offer hybrid, private and public cloud solutions. At Epoch Universal, we supply cloud the way you want it with deep control, extreme performance, and broad customization capabilities. When you join the Epoch Universal fold, you take back the keys to your kingdom. Reign as supreme commander in chief of your cloud. No compromises. No exceptions.
Security Considerations When Using Cloud Infrastructure Services.pdfCiente
Vast amounts of data, massive networks of virtual machines, and the limitless potential of the cloud — are the hallmarks of cloud infrastructure services.
Read this Article here: https://ciente.io/blogs/security-considerations-when-using-cloud-infrastructure-services/
Learn more: https://ciente.io/blog/
Follow for more Articles here: https://ciente.io/
Let us understand some of the infrastructural and
security challenges that every organization faces today
before delving into the concept of securing the cloud
data lake platform. Though Data lakes provide scalability,
agility, and cost-effective features, it possesses a unique
infrastructure and security challenges.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
8. Who Has Control? Servers Virtualization & Private Cloud Public Cloud PaaS Public Cloud IaaS Public Cloud SaaS End-User (Enterprise) Service Provider
9. Amazon Web Services™Customer Agreement 7.2. Security. We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet. Accordingly, without limitation to Section 4.3 above and Section 11.5 below, you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications. We strongly encourage you, where available and appropriate, to (a) use encryption technology to protect Your Content from unauthorized access, (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications. http://aws.amazon.com/agreement/#7 (3 March 2010) The cloud customer has responsibility for security and needs to plan for protection.
10. The Evolving Datacentre Stage 1 Consolidation Stage 2 Expansion & Desktop Stage 3 Private > Public Cloud Cost-efficiency + Quality of Service + Business Agility Servers 85% 70% 30% Virtualization Adoption Rate Desktops 15% Datacentres are evolving to drive down costs and increase business flexibility
12. The Enterprise Cloud Conundrum:The Cloud is Fantastic, but… How can I maintain control of my data in the cloud? What if I want to change cloud vendors? How can I verify my data is “destroyed” when terminating a service provider? What happens if my service provider goes out of business? How can I comply with security best practices, internal governance and compliance rules in the cloud? How can I guarantee only I have access to my data?
13. Challenges for Public Cloud Multiple customers on one physical server – potential for attacks via the hypervisor Shared network inside the firewall Internet Shared Storage Shared Firewall Shared firewall – Lowest common denominator – less fine grained control Easily copied machine images – who else has your server? Shared storage – is customer segmentation secure against attack? Virtual Servers
14. Data Security Challenges in the Cloud Encryption rarely used: - Who can see your information? Storage volumes and servers are mobile: - Where is your data? Has it moved? Rogue servers might access data: - Who is attaching to your storage? Audit and alerting modules lacking: - What happened when you weren’t looking? Encryption keys tied to vendor: - Are you locked into a single security solution? Who has access to your keys? Storage volumes contain residual data: - Are your storage devices recycled securely? Name: John Doe SSN: 425-79-0053 Visa #: 4456-8732… Name: John Doe SSN: 425-79-0053 Visa #: 4456-8732… 11 Classification 2/7/2011
15. Physical layer Could retool New Shared Storage systems Designed to segment multiple hostile tenants Dynamic firewall policies Different and flexible for every customer Strongly segmented networks Hardened switches that can’t be hacked from the inside
16. The security arms race Existing infrastructure hits EOL too early Every customer wants to inspect and audit They have to for their compliance Always someone demanding the latest security feature More frequent swap out cycle Lower ROI Need permission from every customer to make a change Your kit has become part of their security audit You end up stuck in an impossible position where you make less money and still can’t keep the customers happy
17. Logical Layer Customer has responsibility for their data Give them a solution to help them deliver on that Let them segment their data Away from other customers (may be the bad guy) Away from you (don’t inherit a liability) Look for something that runs on top of any hardware You run your own swap out programmes without interference
18. Challenge of Securing Data Datacenter Public Cloud Perimeter Company 1 Company 2 Company 3 Company 4 Company 5 Company n App 1 App 2 App 3 … App 2 App 1 App 3 App 4 App 5 App n Hypervisor Hypervisor Strong perimeter security No shared CPU No shared network No shared storage Weak perimeter security Shared CPU Shared network Shared storage Traditional “outside-in” approach is inadequate in an “inside-out” cloud world full of strangers
19. Protection at the OS levelServer & application protection for: PHYSICAL VIRTUAL & PRIVATE CLOUD PUBLIC CLOUD Deep Packet Inspection Firewall Integrity Monitoring Log Inspection Malware Protection IDS / IPS Web App. Protection Application Control
20. Protection at the Data LevelEncryption designed to secure the cloud Cloud Service Provider Enterprise Datacenter or SaaS Offering VM CorporateApp Hypervisor Enterprise Key SharedStorage Cloud SecurityConsole MyEnterprise Data
21. Protection Coverage Data at rest Encrypted while stored Data in motion Encrypted on internal network Encrypted while passing through hypervisor Data in use Data must ultimately be decrypted at the point of use SecureCloud ensures that happens in a secure way
22. Challenges for Public Cloud:The Private Security Answer Multiple customers on one physical server – potential for attacks via the hypervisor Shared network inside the firewall Doesn’t matter – the edge of my virtual machine is protected Doesn’t matter – treat the LAN as public Internet Shared Storage Shared Firewall Shared firewall – Lowest common denominator – less fine grained control Shared storage – is customer segmentation secure against attack? Easily copied machine images – who else has your server? Virtual Servers Doesn’t matter – They can start my server but only I can unlock my data Doesn’t matter – My data is encrypted Doesn’t matter – treat the LAN as public
This is a depiction of a customer’s typical virtualization journey put together by Vmware.In stage 1, orgs have begun virtualization all of their low hanging fruit – web servers, file and print servers, some app servers, and begun to realize the hardware consolidation and operational mgmt benefits that result in lower CAPX and OPEX costs.In stage 2, they have begun virtualizing more of their tier 1 apps and mission critical servers now. They are also leveraging some of the more advanced capabilities of virtualization such as automatic live migration, disaster recovery and software fault tolerance. Many stage 2 orgs have also started deploying virtual desktops as well.Benefits in stage 2 are even more cost efficiencies plus also higher QoS from the higher level virtualization capabilities.In stage 3, organizations have started leveraging private and public clouds. The IT dept has transformed itself into acting as a service provider with charge-back type processes where consumers of IT are in effect renting computing space and time from IT. Benefits are further cost efficiencies, QoS and faster business agility.If we now look at security and how it impacts the virtualization journey:As organizations move to stage 1, they typically employ the same technologies and processes as they did in the virtual world. Forrester survey data showed that 88% of N.A. orgs did have a SPECIFIC virtualization security strategy in place. As they move to stage 2, security starts playing more of a dampening role.A CDW study showed that the majority of organizations that considered themselves fully deployed with virtualization had only virtualized a 3rd of their servers. When asked why they stopped virtualizing, security was the primary barrier. (Other barriers were ISV support, performance concerns etc.)As orgs considered their move to stage 3, security was top of mind – IDC survey data shows that it is the #1 issue why orgs will not move to the cloud.