SlideShare a Scribd company logo
Security Challenges in
Cloud Integration




           Pervasive
          DataCloud2

1
Pervasive Software
Global Software Company
    •   Tens of thousands of users across the globe
    •   Operations in Americas, EMEA, Asia
    •   ~250 employees

Strong Financials
    •   $49 million revenue (trailing 12-month)
    •   43 consecutive quarters of profitability
    •   $40 million in the bank
    •   22 consecutive quarters of active share buyback
    •   NASDAQ: PVSW since 1997

Leader in Data Innovation
    • 24% of top-line revenue re-invested in R&D
    • Software to manage, integrate and analyze data, in
      the cloud or on-premises, throughout the entire data
      lifecycle

2
Jason Wagner

Platform Manager
Pervasive DataCloud2
• Management of DataCloud2
  architecture, engineering, and
  operations teams
• 11 years experience in system
  administration, web services and
  integration architectures
• Previously:
    – CRM and Business Intelligence Platforms
      at Roche Tissue Diagnostics
    – Integration Solutions Architecture at
      Pervasive Software


3
Pervasive DataCloud2

    • Integration Platform as a Service (iPaaS)
    • Hosted Design Service to build and test
      integration connectivity and workflows
    • Management Console and API access to deploy,
      schedule, and execute integration jobs
    • Elastic job execution service to scale up and
      down with customer needs and blackbox their
      own SaaS and on-premise integration
      applications


4
Pervasive DataCloud2

    DataCloud2 provides a secure and intuitive way to Design,
    Deploy and Manage both SaaS to SaaS or SaaS to On-
    premise




      SaaS           ISV’s         SI        Enterprise IT


5
SaaS<->SaaS Integration



    Cloud
    Application




Legend

Administration &
Configuration             Integration Developers
(No Customer Data)        & End Users


Customer Data Flow




6
SaaS<->On-Premise Integration


                                              Cloud
                                              Application




Legend

Administration &
Configuration
(No Customer Data)



Customer Data Flow
                     Integration Developers
                     & End Users

7
Industry-Leading Connectivity




8
Our  “Security”  Mission

    1. Protect Customers and Infrastructure from
       External Threats

    2. Protect Customers and Infrastructure from
       Internal Threats

    3. Protect Customers and Infrastructure from
       Each Other



9
Protection from External Threats

     •   Strict Firewall Rules
     •   OS Event Monitoring
     •   API Usage Monitoring
     •   Vulnerability Scanning
     •   Breach Protocol
     •   Disaster Recovery Plan




10
Strict Firewall Rules

     • Make sure firewall changes are not taken lightly –
       challenging for us because our customers expect
       to connect to MANY different endpoints

     • Minimize the number of cloud boxes that are
       exposed – continual audit of WHY? REALLY?

     • Elastically allocated resources are the most
       susceptible, so we are very cautious to lock down
       inbound ports on these – even from our own
       internal network access, e.g. Jump Servers

11
Strict Firewall Rules
(layered security groups)

          Elastic Load     Core Web and        Job Scheduling and        Elastic
            Balancer     Application Servers    Queuing Service       Worker Nodes
                                                                    (Job Processors)
      1                  2                      3
                                                                    4




               5                   6
                                                                       Job
      Data                                                           Execution
     Storage




12
Strict Firewall Rules
 (protecting customer on-prem resources)
                                                     Deploy
                                                     Monitor


                                                               Customers with
                          Onramp                               on-premise apps
                         Framework
                                                                 ERP/CRM




      Load
                                                                 Database
      Analyze
                Data prep         Data collect
                 Aggregate            Schedule

                 Join                 Partner mgmt               Message Q

                 Transform            Reformat

                 Match               Validate

                 Record linkage       Profile                     Reports




                                                                            Firewall




13
OS Event Monitoring

     • Collect and monitor OS events for any changes to
       permissions or alerts

     • Some of the system events we are interested in:

       –   Failed login attempts
       –   Successful login attempts
       –   User access changes
       –   Group access changes



14
API Usage Monitoring

     • Collect and monitor API usage for many kinds of
       statistics

     • Some of the statistics we are interested in:

       –   Failed login attempts
       –   Failed object access attempts
       –   Activity volume by operation
       –   Activity volume by user



15
Other Types of Monitoring

     • Collect and monitor other types of statistics

     • Some of the statistics we are interested in:

        – Web page reads and write attempts
        – Database activity, SQL injection
        – URL modification, XSS




16
Vulnerability Scanning

     • Regular intrusive and DoS attack simulations
       during maintenance windows

     • Include scans as part of SDLC and any significant
       change to staging or production environments

     • We use several popular services for external
       scans,  as  well  as  our  own  “DoS/Brute  Agent”



17
Breach Protocol

     • Have breach protocol well-documented and easy
       to find to prevent knee-jerk or panic reactions

     • Suspected/confirmed breach (red flag)
       – Quarantine/Triage/Investigation
       – Notification/Transparency/Lessons Learned


     • Limiting breach exposure
       – Data Encryption
       – Monitoring/Auditing
       – Contractual Language
18
Disaster Recovery Plan

     • It is important to be well-documented and spelled-
       out contractually (whatever the plan is)

     • Disaster recovery is more than just geographic
       catastrophe and redundancy, but also:
       – How do you recover from significant outage caused by
         malicious activity?
       – How do you recover from a vendor outage? Amazon?
         Rackspace?
       – How do you respond if critical/confidential data is lost
         or compromised?

19
Protection from Internal Threats

     •   Sometimes Well-intentioned
     •   Operational Run Book
     •   Periodic and Spot Check Audits
     •   Access Activation/Deactivation Protocols
     •   Segregation of Duties/Change Control
     •   Shared Passwords




20
Operational Run Book

     • Regular, weekly reports from all security related
       tools:
       –   Cloud Firewall Configurations
       –   OS and API Monitoring Logs
       –   IDS/IPS Reports
       –   Availability and Performance Metrics
       –   Deployment/Patch/Source CM Reports
       –   Incident Reports
       –   Vulnerability Scan Report
     • Good to have when you are auditor or auditee

21
Internal Audits

     • Three types of audits to consider: Scheduled,
       event-driven, and random spot check

     • Some of the things we are interested in:
       – Cloud Firewall changes reconcile with approved
         change log
       – User permissions reconcile with approved change log
       – Approved change log is properly documented (WHY?
         REALLY?)
       – Customer  usage  rates  fall  within  “expected”  range


22
Access Activation/Deactivation
Protocol
     • Work closely with Corporate IT and HR to
       document roles, functions, and who has access to
       what…

     • Build matrices of access/permission changes
       based on role and procedures that must take
       place whenever someone leaves or joins the
       team/company

     • Don’t  forget  to  account  for  contractors….

23
Segregation of Duties/CM

     • Identify conflicts between engineering and
       operations
       – Formal escalation process
       – Protocol for engineering access to production systems


     • Enforce change control for security sensitive
       changes
       – Cloud Firewall modifications
       – User or group access privileges
       – Any kind of software or hardware patch in production


24
Shared Keys/Passwords

     • AVOID, but make sure shared password reset
       events are well-known/documented (Access
       Activation/Deactivation Protocol)

     • There are tools to assist – We have had success
       with LastPass “secretly”  sharing  passwords,  i.e.  
       the end user does not know the password and it
       can be revoked from their LastPass account at
       any time



25
Protecting Our Customers and
Infrastructure from Each Other
     •   Service and Data Availability
     •   Multi-Tenancy on Elastic Resources
     •   Handling Agents and Clients
     •   Alerts and Error Reporting
     •   Contract Language




26
Service and Data Availability

     • Public Trust Site – We try to be as transparent as
       possible with our external monitors, without
       actually publishing the exact checks/procedures

     • Internally make sure we have a pulse on real time
       volumes – if in danger of NOT scaling, that could
       be a security risk to us and our customers

     • Data Integrity – this can get complex when you
       start dealing with highly scalable data stores that
       may not be inherently relational
27
Industry-Leading Connectivity




28
Multi-Tenancy on Elastic Resources

     • This is a challenge for us due to the power and
       flexibility of our product – we have to limit cloud
       functionality vs. on-premise use

     • We encrypt any kind of identifying information –
       that we know about

     • We  spend  a  lot  of  resources  “cleaning”  up  after  
       jobs are executed – we have to plan for some
       loss of concurrency and efficiency because of the
       continual  need  to  prop  up  and  tear  down…
29
Agents and Clients

     • We our own managed clients called agents for
       on-premise connectivity, which typically are
       connecting and communicating to the
       “integrating”  apps  as  well  as  DataCloud2

     • Adds another dimension to what we have to track
       in terms of not only users that are connecting, but
       WHAT and WHERE are they connecting from?

     • What about custom DataCloud2 clients built by
       customers?
30
Alerts and Error Reporting

     • Challenge for us is that our customers have all
       kinds of different projects and metrics they are
       interested in

     • How are customers notified of different events
       they may be interested in?

     • It is possible that integration logs may have
       confidential information – especially if they are
       customized by the user/developer (see contract)

31
Contract Language

     • How we behave is well-documented:
       –   Breach Notification Policy
       –   Backup Policy and Remedies
       –   Data Redundancy Policy
       –   Service Redundancy Policy
       –   History and Log Archival


     • Customer data storage policy
       – Types Allowed, HIPAA?
       – How do you audit that your customers are compliant?
       – Encrypt all? Or just what is necessary? (see contract)

32
Security Challenges in
Cloud Integration


     The
       End

           Questions?
33

More Related Content

What's hot

2009-08-24 Managing your Red Hat Enterprise Linux Guests with RHN Satellite
2009-08-24 Managing your Red Hat Enterprise Linux Guests with RHN Satellite2009-08-24 Managing your Red Hat Enterprise Linux Guests with RHN Satellite
2009-08-24 Managing your Red Hat Enterprise Linux Guests with RHN Satellite
Shawn Wells
 
How Remote infrastructure Management works
How Remote infrastructure Management worksHow Remote infrastructure Management works
How Remote infrastructure Management works
Jayashree Skylark
 
Best practices in deploying IBM Operation Decision Manager Standard 8.8.0
Best practices in deploying IBM Operation Decision Manager Standard 8.8.0Best practices in deploying IBM Operation Decision Manager Standard 8.8.0
Best practices in deploying IBM Operation Decision Manager Standard 8.8.0
Pierre Feillet
 
IT_Security_Service Delivery_Consultant
IT_Security_Service Delivery_Consultant IT_Security_Service Delivery_Consultant
IT_Security_Service Delivery_Consultant
Saravanan Purushothaman
 
ManageEngine Applications Manager Overview
ManageEngine Applications Manager OverviewManageEngine Applications Manager Overview
ManageEngine Applications Manager Overview
ManageEngine
 
The bits bytes and business benefits of securing your mq environment and mess...
The bits bytes and business benefits of securing your mq environment and mess...The bits bytes and business benefits of securing your mq environment and mess...
The bits bytes and business benefits of securing your mq environment and mess...
Leif Davidsen
 
IBM Endpoint Manager V9.0
IBM Endpoint Manager V9.0IBM Endpoint Manager V9.0
IBM Endpoint Manager V9.0
RMayo22
 
Reduce The Risk Critical To Protect Critical To Monitor
Reduce The Risk Critical To Protect Critical To MonitorReduce The Risk Critical To Protect Critical To Monitor
Reduce The Risk Critical To Protect Critical To Monitor
jellobrand
 
IBM Tivoli Endpoint Manager - PCTY 2011
IBM Tivoli Endpoint Manager - PCTY 2011IBM Tivoli Endpoint Manager - PCTY 2011
IBM Tivoli Endpoint Manager - PCTY 2011
IBM Sverige
 
Rajesh Muthu_CA - Oct 2015
Rajesh Muthu_CA - Oct 2015Rajesh Muthu_CA - Oct 2015
Rajesh Muthu_CA - Oct 2015
Rajesh Muthu
 
IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)
Kimber Spradlin
 
Remote IT Infra - lower cost & higher efficiency
Remote IT Infra - lower cost & higher efficiencyRemote IT Infra - lower cost & higher efficiency
Remote IT Infra - lower cost & higher efficiency
Abimanyu V
 
Bausch lomb leverages plant p ax_rev1
Bausch  lomb leverages plant p ax_rev1Bausch  lomb leverages plant p ax_rev1
Bausch lomb leverages plant p ax_rev1
Brian Thomas
 
Manufacturing Performance
Manufacturing PerformanceManufacturing Performance
Manufacturing Performance
Wonderware United Kingdom
 
Visualizing Data for Enterprise OEMs with JReport
Visualizing Data for Enterprise OEMs with JReportVisualizing Data for Enterprise OEMs with JReport
Visualizing Data for Enterprise OEMs with JReport
Mia Yuan Cao
 
Reporter for IBM TSM by PLCS
Reporter for IBM TSM by PLCSReporter for IBM TSM by PLCS
Reporter for IBM TSM by PLCS
peterpijpelink
 
WebSphere DataPower B2B Appliance overview
WebSphere DataPower B2B Appliance overviewWebSphere DataPower B2B Appliance overview
WebSphere DataPower B2B Appliance overview
Sarah Duffy
 
IBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparisonIBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7
Symantec
 
Bc product overview_v2c
Bc product overview_v2cBc product overview_v2c
Bc product overview_v2c
Saurav Aich
 

What's hot (20)

2009-08-24 Managing your Red Hat Enterprise Linux Guests with RHN Satellite
2009-08-24 Managing your Red Hat Enterprise Linux Guests with RHN Satellite2009-08-24 Managing your Red Hat Enterprise Linux Guests with RHN Satellite
2009-08-24 Managing your Red Hat Enterprise Linux Guests with RHN Satellite
 
How Remote infrastructure Management works
How Remote infrastructure Management worksHow Remote infrastructure Management works
How Remote infrastructure Management works
 
Best practices in deploying IBM Operation Decision Manager Standard 8.8.0
Best practices in deploying IBM Operation Decision Manager Standard 8.8.0Best practices in deploying IBM Operation Decision Manager Standard 8.8.0
Best practices in deploying IBM Operation Decision Manager Standard 8.8.0
 
IT_Security_Service Delivery_Consultant
IT_Security_Service Delivery_Consultant IT_Security_Service Delivery_Consultant
IT_Security_Service Delivery_Consultant
 
ManageEngine Applications Manager Overview
ManageEngine Applications Manager OverviewManageEngine Applications Manager Overview
ManageEngine Applications Manager Overview
 
The bits bytes and business benefits of securing your mq environment and mess...
The bits bytes and business benefits of securing your mq environment and mess...The bits bytes and business benefits of securing your mq environment and mess...
The bits bytes and business benefits of securing your mq environment and mess...
 
IBM Endpoint Manager V9.0
IBM Endpoint Manager V9.0IBM Endpoint Manager V9.0
IBM Endpoint Manager V9.0
 
Reduce The Risk Critical To Protect Critical To Monitor
Reduce The Risk Critical To Protect Critical To MonitorReduce The Risk Critical To Protect Critical To Monitor
Reduce The Risk Critical To Protect Critical To Monitor
 
IBM Tivoli Endpoint Manager - PCTY 2011
IBM Tivoli Endpoint Manager - PCTY 2011IBM Tivoli Endpoint Manager - PCTY 2011
IBM Tivoli Endpoint Manager - PCTY 2011
 
Rajesh Muthu_CA - Oct 2015
Rajesh Muthu_CA - Oct 2015Rajesh Muthu_CA - Oct 2015
Rajesh Muthu_CA - Oct 2015
 
IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)
 
Remote IT Infra - lower cost & higher efficiency
Remote IT Infra - lower cost & higher efficiencyRemote IT Infra - lower cost & higher efficiency
Remote IT Infra - lower cost & higher efficiency
 
Bausch lomb leverages plant p ax_rev1
Bausch  lomb leverages plant p ax_rev1Bausch  lomb leverages plant p ax_rev1
Bausch lomb leverages plant p ax_rev1
 
Manufacturing Performance
Manufacturing PerformanceManufacturing Performance
Manufacturing Performance
 
Visualizing Data for Enterprise OEMs with JReport
Visualizing Data for Enterprise OEMs with JReportVisualizing Data for Enterprise OEMs with JReport
Visualizing Data for Enterprise OEMs with JReport
 
Reporter for IBM TSM by PLCS
Reporter for IBM TSM by PLCSReporter for IBM TSM by PLCS
Reporter for IBM TSM by PLCS
 
WebSphere DataPower B2B Appliance overview
WebSphere DataPower B2B Appliance overviewWebSphere DataPower B2B Appliance overview
WebSphere DataPower B2B Appliance overview
 
IBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparisonIBM DataPower Gateway appliances feature & virtual edition comparison
IBM DataPower Gateway appliances feature & virtual edition comparison
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7
 
Bc product overview_v2c
Bc product overview_v2cBc product overview_v2c
Bc product overview_v2c
 

Viewers also liked

INTER-ORGANIZATIONAL TIES AND TOTAL CUSTOMER SOLUTION STRATEGIC POSITIONING F...
INTER-ORGANIZATIONAL TIES AND TOTAL CUSTOMER SOLUTION STRATEGIC POSITIONING F...INTER-ORGANIZATIONAL TIES AND TOTAL CUSTOMER SOLUTION STRATEGIC POSITIONING F...
INTER-ORGANIZATIONAL TIES AND TOTAL CUSTOMER SOLUTION STRATEGIC POSITIONING F...
Mateus Cozer
 
cRevista
cRevistacRevista
cRevista
Yamali Benites
 
Zé pedro
Zé pedroZé pedro
Zé pedro
PrintNetF3
 
Blanquear Tus Dientes De Forma Natural Lo Bueno Y Lo Malo
Blanquear Tus Dientes De Forma Natural Lo Bueno Y Lo Malo
Blanquear Tus Dientes De Forma Natural Lo Bueno Y Lo Malo
Blanquear Tus Dientes De Forma Natural Lo Bueno Y Lo Malo
blanqueamientodentalmadrid
 
12 års succes med e-handel, Hedal Kruse Brohus
12 års succes med e-handel, Hedal Kruse Brohus12 års succes med e-handel, Hedal Kruse Brohus
12 års succes med e-handel, Hedal Kruse BrohusFDIH
 
Rrrrrrrrrrrrrrrrrrr
RrrrrrrrrrrrrrrrrrrRrrrrrrrrrrrrrrrrrr
Rrrrrrrrrrrrrrrrrrr
Ricardo Matos
 
Wsrc hlm district size final 10 2-02
Wsrc hlm district size final 10 2-02Wsrc hlm district size final 10 2-02
Wsrc hlm district size final 10 2-02
lcmsturgis
 
Soft Skills y Hard Skills -Edelberg
Soft Skills y Hard Skills -EdelbergSoft Skills y Hard Skills -Edelberg
Soft Skills y Hard Skills -Edelberg
Jorge Daniel Romo
 
Euclid Green Integrated Planning
Euclid Green Integrated PlanningEuclid Green Integrated Planning
Euclid Green Integrated Planning
Bluestone Heights
 
Electrisol - Proyecto Emprendedor Escuelas SAFA - Écija
Electrisol - Proyecto Emprendedor Escuelas SAFA - ÉcijaElectrisol - Proyecto Emprendedor Escuelas SAFA - Écija
Electrisol - Proyecto Emprendedor Escuelas SAFA - Écija
Juan Pal
 
Proceso De Revalidacion 2009
Proceso De Revalidacion 2009Proceso De Revalidacion 2009
Proceso De Revalidacion 2009
autem autem
 
Web Wednesday Interview - Edit Grid
Web Wednesday Interview  - Edit GridWeb Wednesday Interview  - Edit Grid
Web Wednesday Interview - Edit Grid
Web Wednesday Ventures Limited
 
SharePoint Workflow für die Erstellung von Arbeitszeugnissen
SharePoint Workflow für die Erstellung von ArbeitszeugnissenSharePoint Workflow für die Erstellung von Arbeitszeugnissen
SharePoint Workflow für die Erstellung von Arbeitszeugnissen
IOZ AG
 
Social Media: Analytics, Monitoring und ROI
Social Media: Analytics, Monitoring und ROISocial Media: Analytics, Monitoring und ROI
Social Media: Analytics, Monitoring und ROI
Roger L. Basler de Roca
 
Marketing digital 1
Marketing digital 1Marketing digital 1
Marketing digital 1
HARRY WALT ROSALES PARRA
 
Compro-SDT.compressed
Compro-SDT.compressedCompro-SDT.compressed
Compro-SDT.compressed
Rama Yoga
 
TAG newsletter
TAG newsletterTAG newsletter
TAG newsletter
Shaindel Plumer
 
¿Cómo nos ven y cómo nos vemos en el mundo de la información? Del bibliotecar...
¿Cómo nos ven y cómo nos vemos en el mundo de la información? Del bibliotecar...¿Cómo nos ven y cómo nos vemos en el mundo de la información? Del bibliotecar...
¿Cómo nos ven y cómo nos vemos en el mundo de la información? Del bibliotecar...
Universidad de Belgrano
 
Deja Visite (paramnesia)
Deja Visite (paramnesia)Deja Visite (paramnesia)
Deja Visite (paramnesia)
Jharmando Benavides Arias
 
Exploratory Mobile Testing Webinar_XBOSoft_jean_annharrison
Exploratory Mobile Testing Webinar_XBOSoft_jean_annharrisonExploratory Mobile Testing Webinar_XBOSoft_jean_annharrison
Exploratory Mobile Testing Webinar_XBOSoft_jean_annharrison
XBOSoft
 

Viewers also liked (20)

INTER-ORGANIZATIONAL TIES AND TOTAL CUSTOMER SOLUTION STRATEGIC POSITIONING F...
INTER-ORGANIZATIONAL TIES AND TOTAL CUSTOMER SOLUTION STRATEGIC POSITIONING F...INTER-ORGANIZATIONAL TIES AND TOTAL CUSTOMER SOLUTION STRATEGIC POSITIONING F...
INTER-ORGANIZATIONAL TIES AND TOTAL CUSTOMER SOLUTION STRATEGIC POSITIONING F...
 
cRevista
cRevistacRevista
cRevista
 
Zé pedro
Zé pedroZé pedro
Zé pedro
 
Blanquear Tus Dientes De Forma Natural Lo Bueno Y Lo Malo
Blanquear Tus Dientes De Forma Natural Lo Bueno Y Lo Malo
Blanquear Tus Dientes De Forma Natural Lo Bueno Y Lo Malo
Blanquear Tus Dientes De Forma Natural Lo Bueno Y Lo Malo
 
12 års succes med e-handel, Hedal Kruse Brohus
12 års succes med e-handel, Hedal Kruse Brohus12 års succes med e-handel, Hedal Kruse Brohus
12 års succes med e-handel, Hedal Kruse Brohus
 
Rrrrrrrrrrrrrrrrrrr
RrrrrrrrrrrrrrrrrrrRrrrrrrrrrrrrrrrrrr
Rrrrrrrrrrrrrrrrrrr
 
Wsrc hlm district size final 10 2-02
Wsrc hlm district size final 10 2-02Wsrc hlm district size final 10 2-02
Wsrc hlm district size final 10 2-02
 
Soft Skills y Hard Skills -Edelberg
Soft Skills y Hard Skills -EdelbergSoft Skills y Hard Skills -Edelberg
Soft Skills y Hard Skills -Edelberg
 
Euclid Green Integrated Planning
Euclid Green Integrated PlanningEuclid Green Integrated Planning
Euclid Green Integrated Planning
 
Electrisol - Proyecto Emprendedor Escuelas SAFA - Écija
Electrisol - Proyecto Emprendedor Escuelas SAFA - ÉcijaElectrisol - Proyecto Emprendedor Escuelas SAFA - Écija
Electrisol - Proyecto Emprendedor Escuelas SAFA - Écija
 
Proceso De Revalidacion 2009
Proceso De Revalidacion 2009Proceso De Revalidacion 2009
Proceso De Revalidacion 2009
 
Web Wednesday Interview - Edit Grid
Web Wednesday Interview  - Edit GridWeb Wednesday Interview  - Edit Grid
Web Wednesday Interview - Edit Grid
 
SharePoint Workflow für die Erstellung von Arbeitszeugnissen
SharePoint Workflow für die Erstellung von ArbeitszeugnissenSharePoint Workflow für die Erstellung von Arbeitszeugnissen
SharePoint Workflow für die Erstellung von Arbeitszeugnissen
 
Social Media: Analytics, Monitoring und ROI
Social Media: Analytics, Monitoring und ROISocial Media: Analytics, Monitoring und ROI
Social Media: Analytics, Monitoring und ROI
 
Marketing digital 1
Marketing digital 1Marketing digital 1
Marketing digital 1
 
Compro-SDT.compressed
Compro-SDT.compressedCompro-SDT.compressed
Compro-SDT.compressed
 
TAG newsletter
TAG newsletterTAG newsletter
TAG newsletter
 
¿Cómo nos ven y cómo nos vemos en el mundo de la información? Del bibliotecar...
¿Cómo nos ven y cómo nos vemos en el mundo de la información? Del bibliotecar...¿Cómo nos ven y cómo nos vemos en el mundo de la información? Del bibliotecar...
¿Cómo nos ven y cómo nos vemos en el mundo de la información? Del bibliotecar...
 
Deja Visite (paramnesia)
Deja Visite (paramnesia)Deja Visite (paramnesia)
Deja Visite (paramnesia)
 
Exploratory Mobile Testing Webinar_XBOSoft_jean_annharrison
Exploratory Mobile Testing Webinar_XBOSoft_jean_annharrisonExploratory Mobile Testing Webinar_XBOSoft_jean_annharrison
Exploratory Mobile Testing Webinar_XBOSoft_jean_annharrison
 

Similar to Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Chapter

Sys track customer facing-terminal server-updated
Sys track   customer facing-terminal server-updatedSys track   customer facing-terminal server-updated
Sys track customer facing-terminal server-updated
Syntax Inc.
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
CloudPassage
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower Costs
Imperva
 
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
Dell EMC World
 
A DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleA DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scale
Sanjeev Sharma
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Ryan Hodgin
 
Icinga Camp Bangalore - Enterprise exceptions
Icinga Camp Bangalore - Enterprise exceptions Icinga Camp Bangalore - Enterprise exceptions
Icinga Camp Bangalore - Enterprise exceptions
Icinga
 
The Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous WorldThe Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous World
Maria Colgan
 
Boot camp - Migration to AWS
Boot camp - Migration to AWSBoot camp - Migration to AWS
Boot camp - Migration to AWS
Amazon Web Services
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
Impact 2013 2963 - IBM Business Process Manager Top Practices
Impact 2013 2963 - IBM Business Process Manager Top PracticesImpact 2013 2963 - IBM Business Process Manager Top Practices
Impact 2013 2963 - IBM Business Process Manager Top Practices
Brian Petrini
 
A Big Data Lake Based on Spark for BBVA Bank-(Oscar Mendez, STRATIO)
A Big Data Lake Based on Spark for BBVA Bank-(Oscar Mendez, STRATIO)A Big Data Lake Based on Spark for BBVA Bank-(Oscar Mendez, STRATIO)
A Big Data Lake Based on Spark for BBVA Bank-(Oscar Mendez, STRATIO)
Spark Summit
 
12-Factor Apps
12-Factor Apps12-Factor Apps
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...
DataStax Academy
 
Bluemix Local – Relay Options and Challenges
Bluemix Local – Relay Options and Challenges Bluemix Local – Relay Options and Challenges
Bluemix Local – Relay Options and Challenges
Eduardo Patrocinio
 
Unified Protection for Multi-Cloud Infrastructure
Unified Protection for Multi-Cloud InfrastructureUnified Protection for Multi-Cloud Infrastructure
Unified Protection for Multi-Cloud Infrastructure
MarketingArrowECS_CZ
 
Intel IT Open Cloud - What's under the Hood and How do we Drive it?
Intel IT Open Cloud - What's under the Hood and How do we Drive it?Intel IT Open Cloud - What's under the Hood and How do we Drive it?
Intel IT Open Cloud - What's under the Hood and How do we Drive it?
Odinot Stanislas
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
IBM Security
 
PCTY 2012, Overvågning af forretningssystemer i et virtuelt miljø v. Hans Ped...
PCTY 2012, Overvågning af forretningssystemer i et virtuelt miljø v. Hans Ped...PCTY 2012, Overvågning af forretningssystemer i et virtuelt miljø v. Hans Ped...
PCTY 2012, Overvågning af forretningssystemer i et virtuelt miljø v. Hans Ped...
IBM Danmark
 
Practical SAP pentesting workshop (NullCon Goa)
Practical SAP pentesting workshop (NullCon Goa)Practical SAP pentesting workshop (NullCon Goa)
Practical SAP pentesting workshop (NullCon Goa)
ERPScan
 

Similar to Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Chapter (20)

Sys track customer facing-terminal server-updated
Sys track   customer facing-terminal server-updatedSys track   customer facing-terminal server-updated
Sys track customer facing-terminal server-updated
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower Costs
 
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
 
A DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scaleA DevOps adoption playbook- achieving business value at scale
A DevOps adoption playbook- achieving business value at scale
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...
 
Icinga Camp Bangalore - Enterprise exceptions
Icinga Camp Bangalore - Enterprise exceptions Icinga Camp Bangalore - Enterprise exceptions
Icinga Camp Bangalore - Enterprise exceptions
 
The Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous WorldThe Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous World
 
Boot camp - Migration to AWS
Boot camp - Migration to AWSBoot camp - Migration to AWS
Boot camp - Migration to AWS
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
Impact 2013 2963 - IBM Business Process Manager Top Practices
Impact 2013 2963 - IBM Business Process Manager Top PracticesImpact 2013 2963 - IBM Business Process Manager Top Practices
Impact 2013 2963 - IBM Business Process Manager Top Practices
 
A Big Data Lake Based on Spark for BBVA Bank-(Oscar Mendez, STRATIO)
A Big Data Lake Based on Spark for BBVA Bank-(Oscar Mendez, STRATIO)A Big Data Lake Based on Spark for BBVA Bank-(Oscar Mendez, STRATIO)
A Big Data Lake Based on Spark for BBVA Bank-(Oscar Mendez, STRATIO)
 
12-Factor Apps
12-Factor Apps12-Factor Apps
12-Factor Apps
 
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...
 
Bluemix Local – Relay Options and Challenges
Bluemix Local – Relay Options and Challenges Bluemix Local – Relay Options and Challenges
Bluemix Local – Relay Options and Challenges
 
Unified Protection for Multi-Cloud Infrastructure
Unified Protection for Multi-Cloud InfrastructureUnified Protection for Multi-Cloud Infrastructure
Unified Protection for Multi-Cloud Infrastructure
 
Intel IT Open Cloud - What's under the Hood and How do we Drive it?
Intel IT Open Cloud - What's under the Hood and How do we Drive it?Intel IT Open Cloud - What's under the Hood and How do we Drive it?
Intel IT Open Cloud - What's under the Hood and How do we Drive it?
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
PCTY 2012, Overvågning af forretningssystemer i et virtuelt miljø v. Hans Ped...
PCTY 2012, Overvågning af forretningssystemer i et virtuelt miljø v. Hans Ped...PCTY 2012, Overvågning af forretningssystemer i et virtuelt miljø v. Hans Ped...
PCTY 2012, Overvågning af forretningssystemer i et virtuelt miljø v. Hans Ped...
 
Practical SAP pentesting workshop (NullCon Goa)
Practical SAP pentesting workshop (NullCon Goa)Practical SAP pentesting workshop (NullCon Goa)
Practical SAP pentesting workshop (NullCon Goa)
 

More from Glen Roberts, CISSP

Collaborative Contingency in the Cloud
Collaborative Contingency in the CloudCollaborative Contingency in the Cloud
Collaborative Contingency in the Cloud
Glen Roberts, CISSP
 
Cloud Security Alliance, Austin Chapter Meeting 2012-03-01
Cloud Security Alliance, Austin Chapter Meeting 2012-03-01Cloud Security Alliance, Austin Chapter Meeting 2012-03-01
Cloud Security Alliance, Austin Chapter Meeting 2012-03-01
Glen Roberts, CISSP
 
Security in the Skies
Security in the SkiesSecurity in the Skies
Security in the Skies
Glen Roberts, CISSP
 
Sharing the Cloud
Sharing the CloudSharing the Cloud
Sharing the Cloud
Glen Roberts, CISSP
 
Cloud Security Alliance, Austin Chapter Meeting 2012-02-02
Cloud Security Alliance, Austin Chapter Meeting 2012-02-02Cloud Security Alliance, Austin Chapter Meeting 2012-02-02
Cloud Security Alliance, Austin Chapter Meeting 2012-02-02
Glen Roberts, CISSP
 
Cloud Security Alliance, Austin Chapter - 2012-01-25 Meeting
Cloud Security Alliance, Austin Chapter - 2012-01-25 MeetingCloud Security Alliance, Austin Chapter - 2012-01-25 Meeting
Cloud Security Alliance, Austin Chapter - 2012-01-25 Meeting
Glen Roberts, CISSP
 
Top 10 Cloud Computing Certifications
Top 10 Cloud Computing CertificationsTop 10 Cloud Computing Certifications
Top 10 Cloud Computing Certifications
Glen Roberts, CISSP
 

More from Glen Roberts, CISSP (7)

Collaborative Contingency in the Cloud
Collaborative Contingency in the CloudCollaborative Contingency in the Cloud
Collaborative Contingency in the Cloud
 
Cloud Security Alliance, Austin Chapter Meeting 2012-03-01
Cloud Security Alliance, Austin Chapter Meeting 2012-03-01Cloud Security Alliance, Austin Chapter Meeting 2012-03-01
Cloud Security Alliance, Austin Chapter Meeting 2012-03-01
 
Security in the Skies
Security in the SkiesSecurity in the Skies
Security in the Skies
 
Sharing the Cloud
Sharing the CloudSharing the Cloud
Sharing the Cloud
 
Cloud Security Alliance, Austin Chapter Meeting 2012-02-02
Cloud Security Alliance, Austin Chapter Meeting 2012-02-02Cloud Security Alliance, Austin Chapter Meeting 2012-02-02
Cloud Security Alliance, Austin Chapter Meeting 2012-02-02
 
Cloud Security Alliance, Austin Chapter - 2012-01-25 Meeting
Cloud Security Alliance, Austin Chapter - 2012-01-25 MeetingCloud Security Alliance, Austin Chapter - 2012-01-25 Meeting
Cloud Security Alliance, Austin Chapter - 2012-01-25 Meeting
 
Top 10 Cloud Computing Certifications
Top 10 Cloud Computing CertificationsTop 10 Cloud Computing Certifications
Top 10 Cloud Computing Certifications
 

Recently uploaded

Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 

Recently uploaded (20)

Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 

Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Chapter

  • 1. Security Challenges in Cloud Integration Pervasive DataCloud2 1
  • 2. Pervasive Software Global Software Company • Tens of thousands of users across the globe • Operations in Americas, EMEA, Asia • ~250 employees Strong Financials • $49 million revenue (trailing 12-month) • 43 consecutive quarters of profitability • $40 million in the bank • 22 consecutive quarters of active share buyback • NASDAQ: PVSW since 1997 Leader in Data Innovation • 24% of top-line revenue re-invested in R&D • Software to manage, integrate and analyze data, in the cloud or on-premises, throughout the entire data lifecycle 2
  • 3. Jason Wagner Platform Manager Pervasive DataCloud2 • Management of DataCloud2 architecture, engineering, and operations teams • 11 years experience in system administration, web services and integration architectures • Previously: – CRM and Business Intelligence Platforms at Roche Tissue Diagnostics – Integration Solutions Architecture at Pervasive Software 3
  • 4. Pervasive DataCloud2 • Integration Platform as a Service (iPaaS) • Hosted Design Service to build and test integration connectivity and workflows • Management Console and API access to deploy, schedule, and execute integration jobs • Elastic job execution service to scale up and down with customer needs and blackbox their own SaaS and on-premise integration applications 4
  • 5. Pervasive DataCloud2 DataCloud2 provides a secure and intuitive way to Design, Deploy and Manage both SaaS to SaaS or SaaS to On- premise SaaS ISV’s SI Enterprise IT 5
  • 6. SaaS<->SaaS Integration Cloud Application Legend Administration & Configuration Integration Developers (No Customer Data) & End Users Customer Data Flow 6
  • 7. SaaS<->On-Premise Integration Cloud Application Legend Administration & Configuration (No Customer Data) Customer Data Flow Integration Developers & End Users 7
  • 9. Our  “Security”  Mission 1. Protect Customers and Infrastructure from External Threats 2. Protect Customers and Infrastructure from Internal Threats 3. Protect Customers and Infrastructure from Each Other 9
  • 10. Protection from External Threats • Strict Firewall Rules • OS Event Monitoring • API Usage Monitoring • Vulnerability Scanning • Breach Protocol • Disaster Recovery Plan 10
  • 11. Strict Firewall Rules • Make sure firewall changes are not taken lightly – challenging for us because our customers expect to connect to MANY different endpoints • Minimize the number of cloud boxes that are exposed – continual audit of WHY? REALLY? • Elastically allocated resources are the most susceptible, so we are very cautious to lock down inbound ports on these – even from our own internal network access, e.g. Jump Servers 11
  • 12. Strict Firewall Rules (layered security groups) Elastic Load Core Web and Job Scheduling and Elastic Balancer Application Servers Queuing Service Worker Nodes (Job Processors) 1 2 3 4 5 6 Job Data Execution Storage 12
  • 13. Strict Firewall Rules (protecting customer on-prem resources) Deploy Monitor Customers with Onramp on-premise apps Framework ERP/CRM Load Database Analyze Data prep Data collect Aggregate Schedule Join Partner mgmt Message Q Transform Reformat Match  Validate Record linkage Profile Reports Firewall 13
  • 14. OS Event Monitoring • Collect and monitor OS events for any changes to permissions or alerts • Some of the system events we are interested in: – Failed login attempts – Successful login attempts – User access changes – Group access changes 14
  • 15. API Usage Monitoring • Collect and monitor API usage for many kinds of statistics • Some of the statistics we are interested in: – Failed login attempts – Failed object access attempts – Activity volume by operation – Activity volume by user 15
  • 16. Other Types of Monitoring • Collect and monitor other types of statistics • Some of the statistics we are interested in: – Web page reads and write attempts – Database activity, SQL injection – URL modification, XSS 16
  • 17. Vulnerability Scanning • Regular intrusive and DoS attack simulations during maintenance windows • Include scans as part of SDLC and any significant change to staging or production environments • We use several popular services for external scans,  as  well  as  our  own  “DoS/Brute  Agent” 17
  • 18. Breach Protocol • Have breach protocol well-documented and easy to find to prevent knee-jerk or panic reactions • Suspected/confirmed breach (red flag) – Quarantine/Triage/Investigation – Notification/Transparency/Lessons Learned • Limiting breach exposure – Data Encryption – Monitoring/Auditing – Contractual Language 18
  • 19. Disaster Recovery Plan • It is important to be well-documented and spelled- out contractually (whatever the plan is) • Disaster recovery is more than just geographic catastrophe and redundancy, but also: – How do you recover from significant outage caused by malicious activity? – How do you recover from a vendor outage? Amazon? Rackspace? – How do you respond if critical/confidential data is lost or compromised? 19
  • 20. Protection from Internal Threats • Sometimes Well-intentioned • Operational Run Book • Periodic and Spot Check Audits • Access Activation/Deactivation Protocols • Segregation of Duties/Change Control • Shared Passwords 20
  • 21. Operational Run Book • Regular, weekly reports from all security related tools: – Cloud Firewall Configurations – OS and API Monitoring Logs – IDS/IPS Reports – Availability and Performance Metrics – Deployment/Patch/Source CM Reports – Incident Reports – Vulnerability Scan Report • Good to have when you are auditor or auditee 21
  • 22. Internal Audits • Three types of audits to consider: Scheduled, event-driven, and random spot check • Some of the things we are interested in: – Cloud Firewall changes reconcile with approved change log – User permissions reconcile with approved change log – Approved change log is properly documented (WHY? REALLY?) – Customer  usage  rates  fall  within  “expected”  range 22
  • 23. Access Activation/Deactivation Protocol • Work closely with Corporate IT and HR to document roles, functions, and who has access to what… • Build matrices of access/permission changes based on role and procedures that must take place whenever someone leaves or joins the team/company • Don’t  forget  to  account  for  contractors…. 23
  • 24. Segregation of Duties/CM • Identify conflicts between engineering and operations – Formal escalation process – Protocol for engineering access to production systems • Enforce change control for security sensitive changes – Cloud Firewall modifications – User or group access privileges – Any kind of software or hardware patch in production 24
  • 25. Shared Keys/Passwords • AVOID, but make sure shared password reset events are well-known/documented (Access Activation/Deactivation Protocol) • There are tools to assist – We have had success with LastPass “secretly”  sharing  passwords,  i.e.   the end user does not know the password and it can be revoked from their LastPass account at any time 25
  • 26. Protecting Our Customers and Infrastructure from Each Other • Service and Data Availability • Multi-Tenancy on Elastic Resources • Handling Agents and Clients • Alerts and Error Reporting • Contract Language 26
  • 27. Service and Data Availability • Public Trust Site – We try to be as transparent as possible with our external monitors, without actually publishing the exact checks/procedures • Internally make sure we have a pulse on real time volumes – if in danger of NOT scaling, that could be a security risk to us and our customers • Data Integrity – this can get complex when you start dealing with highly scalable data stores that may not be inherently relational 27
  • 29. Multi-Tenancy on Elastic Resources • This is a challenge for us due to the power and flexibility of our product – we have to limit cloud functionality vs. on-premise use • We encrypt any kind of identifying information – that we know about • We  spend  a  lot  of  resources  “cleaning”  up  after   jobs are executed – we have to plan for some loss of concurrency and efficiency because of the continual  need  to  prop  up  and  tear  down… 29
  • 30. Agents and Clients • We our own managed clients called agents for on-premise connectivity, which typically are connecting and communicating to the “integrating”  apps  as  well  as  DataCloud2 • Adds another dimension to what we have to track in terms of not only users that are connecting, but WHAT and WHERE are they connecting from? • What about custom DataCloud2 clients built by customers? 30
  • 31. Alerts and Error Reporting • Challenge for us is that our customers have all kinds of different projects and metrics they are interested in • How are customers notified of different events they may be interested in? • It is possible that integration logs may have confidential information – especially if they are customized by the user/developer (see contract) 31
  • 32. Contract Language • How we behave is well-documented: – Breach Notification Policy – Backup Policy and Remedies – Data Redundancy Policy – Service Redundancy Policy – History and Log Archival • Customer data storage policy – Types Allowed, HIPAA? – How do you audit that your customers are compliant? – Encrypt all? Or just what is necessary? (see contract) 32
  • 33. Security Challenges in Cloud Integration The End Questions? 33