SlideShare a Scribd company logo
Encryption in the public cloud:  Security techniques Dave Asprey •  VP Cloud Security [email_address] @daveasprey (cloud + virtual security tweets)
Your speaker ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Trend Micro Confidential 01/27/11
Data Privacy Concerns in the Cloud ,[object Object],[object Object],[object Object],[object Object],[object Object]
Amazon Web Services™ Customer Agreement 7.2. Security. We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet. Accordingly, without limitation to Section 4.3 above and Section 11.5 below, you acknowledge that  you bear sole responsibility for adequate security, protection and backup of Your Content and Applications . We strongly encourage you, where available and appropriate, to (a)  use encryption technology to protect Your Content from unauthorized access , (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications. Translation: If it gets hacked, it’s your fault. Trend Micro Confidential 01/27/11 http://aws.amazon.com/agreement/#7  (23 November 2010)
Security and privacy higher than  Sum (performance, immaturity, regulatory compliance) Gartner (April 2010) Security: the #1 Cloud Challenge Classification  01/27/11
Use encrypted, self-defending hosts Classification  01/27/11 Shared Storage Shared Firewall Virtual Servers Shared network inside the firewall Shared firewall – Lowest common denominator – less fine grained control Multiple customers on one physical server – potential for attacks via the hypervisor Shared storage – is customer segmentation secure against attack? Easily copied machine images – who else has your server? Doesn’t matter – the edge of my virtual  machine is protected Doesn’t matter – treat the LAN as public Doesn’t matter – treat the LAN as public Doesn’t matter – They can start my server but only I can unlock my data Doesn’t matter – My data is encrypted Internet
Advice ,[object Object],[object Object],[object Object],[object Object],[object Object],Trend Micro Confidential 01/27/11
More advice ,[object Object],[object Object],[object Object],[object Object],Trend Micro Confidential 01/27/11
Even more advice ,[object Object],[object Object],[object Object],[object Object],Trend Micro Confidential 01/27/11
Final advice ,[object Object],[object Object],[object Object],Trend Micro Confidential 01/27/11
Thank You. Questions? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Trend Micro Confidential 01/27/11

More Related Content

What's hot

#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
Alert Logic
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
Teri Radichel
 
The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.
Teri Radichel
 
LIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingLIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud Computing
Robert Herjavec
 
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
Alert Logic
 
Lacework AWS Security Week Presentation
Lacework AWS Security Week PresentationLacework AWS Security Week Presentation
Lacework AWS Security Week Presentation
Lacework
 
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach
Alert Logic
 
Node JS reverse shell
Node JS reverse shellNode JS reverse shell
Node JS reverse shell
Madhu Akula
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
 
Azure for Auditors
Azure for AuditorsAzure for Auditors
Azure for Auditors
Teri Radichel
 
INFOGRAPHIC▶ Protecting Corporate Information In the Cloud
INFOGRAPHIC▶  Protecting Corporate Information In the CloudINFOGRAPHIC▶  Protecting Corporate Information In the Cloud
INFOGRAPHIC▶ Protecting Corporate Information In the Cloud
Symantec
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
Trend Micro
 
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeOpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information Exchange
Cybera Inc.
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
Alert Logic
 
The Importance of Business Data Backups
The Importance of Business Data BackupsThe Importance of Business Data Backups
The Importance of Business Data Backups
SwiftTech Solutions, Inc.
 
Confoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteConfoo 2012 - Web security keynote
Confoo 2012 - Web security keynote
Antonio Fontes
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services
Alert Logic
 
Cisco amp for meraki
Cisco amp for merakiCisco amp for meraki
Cisco amp for meraki
Cisco Canada
 
Security for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeSecurity for AWS: Journey to Least Privilege
Security for AWS: Journey to Least Privilege
Lacework
 
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry RansomwareHow to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
Qualys
 

What's hot (20)

#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
 
The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.
 
LIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingLIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud Computing
 
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
 
Lacework AWS Security Week Presentation
Lacework AWS Security Week PresentationLacework AWS Security Week Presentation
Lacework AWS Security Week Presentation
 
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach
 
Node JS reverse shell
Node JS reverse shellNode JS reverse shell
Node JS reverse shell
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Azure for Auditors
Azure for AuditorsAzure for Auditors
Azure for Auditors
 
INFOGRAPHIC▶ Protecting Corporate Information In the Cloud
INFOGRAPHIC▶  Protecting Corporate Information In the CloudINFOGRAPHIC▶  Protecting Corporate Information In the Cloud
INFOGRAPHIC▶ Protecting Corporate Information In the Cloud
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeOpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information Exchange
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
The Importance of Business Data Backups
The Importance of Business Data BackupsThe Importance of Business Data Backups
The Importance of Business Data Backups
 
Confoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteConfoo 2012 - Web security keynote
Confoo 2012 - Web security keynote
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services
 
Cisco amp for meraki
Cisco amp for merakiCisco amp for meraki
Cisco amp for meraki
 
Security for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeSecurity for AWS: Journey to Least Privilege
Security for AWS: Journey to Least Privilege
 
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry RansomwareHow to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
 

Viewers also liked

Amistad03 arbol de amigos - 08
Amistad03   arbol de amigos - 08Amistad03   arbol de amigos - 08
Amistad03 arbol de amigos - 08
saueso
 
Hybrid Cloud Networking
Hybrid Cloud NetworkingHybrid Cloud Networking
Hybrid Cloud Networking
SVForum Cloud SIG
 
Bogać się kiedy śpisz
Bogać się kiedy śpiszBogać się kiedy śpisz
Bogać się kiedy śpisztaniak21
 
Tanzania project
Tanzania projectTanzania project
Tanzania project
avarosaleda
 
Mazars digtalisation 28062011
Mazars digtalisation 28062011Mazars digtalisation 28062011
Mazars digtalisation 28062011
Gitika Kolli
 
Destination Marrakech
Destination MarrakechDestination Marrakech
Destination Marrakech
avarosaleda
 
Welcome is431 s11
Welcome is431 s11Welcome is431 s11
Welcome is431 s11
Julian Scher
 
Building a Hybrid Cloud
Building a Hybrid CloudBuilding a Hybrid Cloud
Building a Hybrid Cloud
SVForum Cloud SIG
 

Viewers also liked (8)

Amistad03 arbol de amigos - 08
Amistad03   arbol de amigos - 08Amistad03   arbol de amigos - 08
Amistad03 arbol de amigos - 08
 
Hybrid Cloud Networking
Hybrid Cloud NetworkingHybrid Cloud Networking
Hybrid Cloud Networking
 
Bogać się kiedy śpisz
Bogać się kiedy śpiszBogać się kiedy śpisz
Bogać się kiedy śpisz
 
Tanzania project
Tanzania projectTanzania project
Tanzania project
 
Mazars digtalisation 28062011
Mazars digtalisation 28062011Mazars digtalisation 28062011
Mazars digtalisation 28062011
 
Destination Marrakech
Destination MarrakechDestination Marrakech
Destination Marrakech
 
Welcome is431 s11
Welcome is431 s11Welcome is431 s11
Welcome is431 s11
 
Building a Hybrid Cloud
Building a Hybrid CloudBuilding a Hybrid Cloud
Building a Hybrid Cloud
 

Similar to Encryption in the Cloud

Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Trend Micro
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
CloudExpoEurope
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
Amazon Web Services
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Cryptzone
 
UNIT -V.docx
UNIT -V.docxUNIT -V.docx
UNIT -V.docx
Revathiparamanathan
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
Amazon Web Services
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
Procore Technologies
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
Integral university, India
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
fanc1985
 
Cloud computing final show
Cloud computing final   showCloud computing final   show
Cloud computing final show
ahmad abdelhafeez
 
Cloudflare_Everywhere_Security_Solution_Brief (1).pdf
Cloudflare_Everywhere_Security_Solution_Brief (1).pdfCloudflare_Everywhere_Security_Solution_Brief (1).pdf
Cloudflare_Everywhere_Security_Solution_Brief (1).pdf
petchphumsanit40
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
RightScale
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
Revital Lapidot
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
Revital Lapidot
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Scalar Decisions
 
MT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportMT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT Support
Dell EMC World
 
7 cloud security tips
7 cloud security tips7 cloud security tips
7 cloud security tips
United Technology Group (UTG)
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Adnene Guabtni
 
Cloud security
Cloud securityCloud security
Cloud security
Niharika Varshney
 
Cloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfCloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdf
Infosec Train
 

Similar to Encryption in the Cloud (20)

Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
 
UNIT -V.docx
UNIT -V.docxUNIT -V.docx
UNIT -V.docx
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
 
Cloud computing final show
Cloud computing final   showCloud computing final   show
Cloud computing final show
 
Cloudflare_Everywhere_Security_Solution_Brief (1).pdf
Cloudflare_Everywhere_Security_Solution_Brief (1).pdfCloudflare_Everywhere_Security_Solution_Brief (1).pdf
Cloudflare_Everywhere_Security_Solution_Brief (1).pdf
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
MT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportMT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT Support
 
7 cloud security tips
7 cloud security tips7 cloud security tips
7 cloud security tips
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfCloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdf
 

Encryption in the Cloud

  • 1. Encryption in the public cloud: Security techniques Dave Asprey • VP Cloud Security [email_address] @daveasprey (cloud + virtual security tweets)
  • 2.
  • 3.
  • 4. Amazon Web Services™ Customer Agreement 7.2. Security. We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet. Accordingly, without limitation to Section 4.3 above and Section 11.5 below, you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications . We strongly encourage you, where available and appropriate, to (a) use encryption technology to protect Your Content from unauthorized access , (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications. Translation: If it gets hacked, it’s your fault. Trend Micro Confidential 01/27/11 http://aws.amazon.com/agreement/#7 (23 November 2010)
  • 5. Security and privacy higher than Sum (performance, immaturity, regulatory compliance) Gartner (April 2010) Security: the #1 Cloud Challenge Classification 01/27/11
  • 6. Use encrypted, self-defending hosts Classification 01/27/11 Shared Storage Shared Firewall Virtual Servers Shared network inside the firewall Shared firewall – Lowest common denominator – less fine grained control Multiple customers on one physical server – potential for attacks via the hypervisor Shared storage – is customer segmentation secure against attack? Easily copied machine images – who else has your server? Doesn’t matter – the edge of my virtual machine is protected Doesn’t matter – treat the LAN as public Doesn’t matter – treat the LAN as public Doesn’t matter – They can start my server but only I can unlock my data Doesn’t matter – My data is encrypted Internet
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.

Editor's Notes

  1. My name is Todd Thiemann thank you for attending this session on
  2. Data is stored in plain text Who can see my sensitive information? Data stored in a raw format removes confidentiality and allows a savvy attacker an open door to view all of your information. Virtual volumes can be moved without the owners knowledge Has my data been moved offshore, breaking laws or regulations? Privacy laws like Little ability to audit or monitor access resources or data What happened to my data when I was not looking? How can I comply with legislation, security policies and best practices? Hypervisors and storage are shared with other users Is my neighbor trustworthy? How good is my neighbor’s security? Will he get hacked and attack me? Storage devices contain residual data - Is storage recycled securely when I change vendors? What happens if my cloud provider goes out of business?
  3. This is the online Amazon EC2 Customer Agreement. You can read the whole thing, but the bolded part is the key concept. The user of the virtual machine is responsible for security of their virtual machine. You have the responsibility and accountability for security in the IaaS world. You need to plan for protection in the public cloud.