SlideShare a Scribd company logo

Security in the Cloud

Prabath Siriwardena
Prabath Siriwardena

The document discusses cloud computing and platforms as a service (PaaS). It notes that PaaS can provide departments their own isolated environments while sharing hardware resources, reducing costs. Multi-tenancy in PaaS faces challenges around data and logic isolation, and security. Techniques for data isolation include separate databases/schemas and views, while access security uses trusted connections and secure database objects.

1 of 51
Download to read offline
Prabath  Siriwardena  –  Software  Architect,  WSO2  
WHY  ?  
Cloud  Computing  
Cloud  Computing  
As  a  Service  ?  
As  a  Service  ?   Pay  per  use   Resource  Sharing   Self  service  provisioning   Unlimited  Resource  
•  In  public   –  IaaS,  PaaS,  SaaS  available  on  the  Internet   –  Use  one  of  the  cloud  service  providers   –  Information  is  stored  and  managed  by  provider  under  SLA   •  In  Private   –  Have  a  cloud,  in-­‐house   –  IaaS  provides  by  hardware  on  your  data  centers   –  PaaS  running  on  your  IaaS   –  SaaS  executing  on  your  PaaS   •  Or  use  both   –  Hybrid  Cloud  
Enterprise  IT  in  2010  
Enterprise  IT  in  2015+  
What  do  you  expect  from  a  platform  ?  
•  Public  Cloud   –  Fast  time  to  market   –  Makes  it  easier  to  write  scalable  code   •  Private  Cloud   –  Give  each  team  their  own  instant  infrastructure   –  Govern  centrally  but  code  and  deploy  by  team   –  Automated  governance,  registry,  identity   –  Instant  BAM  
•  Distributed  /  Dynamically  Wired  (works  properly  in  the  cloud)   –  Finds  services  across  applications     –  Reuse  services  from  other  departments  e.g.  People  information  required  by  all  of  Finance,   Engineering  and  Sales   •  Elastic  (uses  the  cloud  efficiently)   –  Scales  up  and  down  as  needed   –  Some  departments  might  want  varying  resources  with  varying  bandwidth  with  varying   priority   •  Multi-­‐tenant  (only  costs  when  you  use  it)   –  Virtual  isolated  instances  to  facilitate  isolation  between  departments  etc.   –  e.g.  Sales  vs.  Finance  tenants.  Finance  want  complete  isolation  for  some  sensitive  services   •  Self-­‐service  (in  the  hands  of  users)   –  De-­‐centralized  creation  and  management  of  tenants   –  No  need  to  come  to  IT  department  to  gain  access  –  served  via  portal  –  no  need  to  be  on  the   queue  or  waiting  list   •  Granularly  Billed  and  Metered  (pay  for  just  what  you  use)   –  Allocate  costs  to  exactly  who  uses  them   –  Bill  and  cost  various  departments  per  use     –  Get  rid  of  the  situations  where  unused  computing  assets  lying  in  one  department  while  the   other  departments  are  starving  for  the  same   •  Incrementally  Deployed  and  Tested  (supports  seamless  live  upgrade)   –  Not  disrupt  other  operations  
Provider IAAS   N   F   Application   N   F   Middleware   N   F   Guest  OS   F   N   Hypervisor   F   N   Storage   F   N   Hardware   Organization F   N   Network  
Provider PAAS   M   L   Application   M   L   Middleware   F   N   Guest  OS   F   N   Hypervisor   F   N   Storage   F   N   Hardware   Organization F   N   Network  
Provider SAAS   M   L   Application   F   N   Middleware   F   N   Guest  OS   F   N   Hypervisor   F   N   Storage   F   N   Hardware   Organization F   N   Network  
IaaS   PaaS   SaaS   Data   Organization   Organization   Organization   Applications   Organization   Shared   Service  Provider   Systems   Service  Provider   Service  Provider   Service  Provider   Storage   Service  Provider   Service  Provider   Service  Provider   Network   Service  Provider   Service  Provider   Service  Provider  
SAAS   More  Control   PAAS   IAAS  
Private   Public   Compliance   Organization   Service  Provider   Governance   Organization   Service  Provider   Security   Organization   Service  Provider   Operations   Organization   Service  Provider   Risk   Organization   Shared   Cloud  Owner   Organization   Service  Provider    or  leased   Use  limited  to     Organization   Public  
Public   Ownership   Hybrid   Private  
Multi-­‐tenancy  
•  Can  be  used  to  give  departments  their  own   PaaS  world  to  operate  in   •  Yet  all  share  same  hardware  resources   –  Not  all  departments  need  resources  at  the  same  time   –  Really  pay  per  use   –  Opportunity  to  unify    departmental  level  small  server  pools     •  Drastically  reduce  admin/management  costs   –  One  software  installation  to  maintain   •  Use  differentiated  QoS  
Multi-­‐tenancy   ¡  Three  possible  ways   §  Machine  per  tenant   §  VM  per  tenant   §  Share  machine/VM  across  tenants   ¡  Challenges   §  Data  isolation   §  Logic  isolation     §  Security  
Data  Isolation  –  Separated  DB   Multi-­‐tenancy  
Data  Isolation  –  Shared  DB  /  Separate  Schema   Multi-­‐tenancy  
Data  Isolation  –  Shared  DB  /  Shared  Schema   Multi-­‐tenancy  
Data  Access  -­‐  Security  Patterns   Trusted  Database  Connections  
Data  Access  -­‐  Security  Patterns   Trusted  Database  Connections  
Data  Access  -­‐  Security  Patterns   Trusted  Database  Connections  
Data  Access  -­‐  Security  Patterns   Secure  Database  Tables   GRANT SELECT, UPDATE, INSERT, DELETE ON [TableName] FOR [UserName]
Data  Access  -­‐  Security  Patterns   Tenant  View  Filter   CREATE  VIEW  TenantEmployees  AS     SELECT  *  FROM  Employees  WHERE  TenantID  =   SUSER_SID()
•  Data  Confidentiality/Integrity/Availability   •  Data  Lineage   •  Data  Provenance   •  Data  Remanence  
                     Data  Confidentiality/Integrity/Availability   Storage   Processing   Transmission   Confidentiality   Symmetric   Homomorphic   SSL   Encryption   Encryption   Integrity   MAC   Homomorphic   SSL   Encryption   Availability   Redundancy   Redundancy   Redundancy  
cloud  security     forxg  vhfxulwb     Homomorphic  Encryption   cloud   forxg   security     vhfxulwb     cloud   security     forxg   vhfxulwb    
Vendor   CVE   KVM   32   QEMU   23   VMWare   126   XEN   86   •  VM  Escape  (Host  code  execution)   •  Guest  code  execution  with  privilege  
•  Identity  Management   •  Access  Management   •  Key  Management   •  System  &  Network  Auditing   •  Security  Monitoring   •  Security  Testing  &  Vulnerability  Remediation   •  System  &  Network  Controls  
•  Controls  over  identity  information   Identity  Management   •  Strong  Identity  Management  system  for  cloud   personnel   •  Large  scale  needs  for  authenticating  cloud   tenants  and  users   •  Federated  Identity   •  Audits  for  legal  activities   •  Identity  Recycle?   •  Means  to  verify  assertions  of  identity  by  cloud   provider  personnel  
•  Cloud  personnel  shall  have  restricted  access  to   Access  Management   the  customer  data   •  Multifactor  authentication  for  highly  privileged   operations   •  Large  scale  needs  for  authenticating  cloud   tenants  and  users   •  Least  privileged  principal  and  RBAC   •  White-­‐listed  IPs  for  remote  access  by  cloud   personnel    
•  Encryption  the  key  to  protect  data  in  transit  and   at  rest   Key  Management   •  All  keys  secured  properly   •  Effective  procedures  to  recover  from   compromised  keys   •  Effective  procedures  for  key  revocation      
System  &  Network  Auditing   •  All  security  related  events  must  be  recorded  with   all  relevant  information   •  Generated  audit  events  must  be  logged  in  near   real-­‐time  manner   •  Integrity  &  confidentiality  of  audit  logs  should  be   protected   •  Audit  logs  needs  to  be  securely  archived    
•  Generation  of  alerts  in  recognition  of  a  critical   Security  Monitoring   security  breach   •  Delivery  of  security  alerts  in  deferent  means   securely   •  Cloud  wide  intrusion  and  anomaly  detection   •  Periodic  checks  to  make  sure  monitoring  system   runs  healthy    
•  Well  defined  set  of  security  test  cases   •  Separate  environments  for  development,   Security  Testing   testing,  staging  and  production   •  Patch  management  
System  &  Network    Controls   •  Should  be  implemented  for  infrastructure   systems   •  Network  isolation  in  between  different  functional   areas  in  the  cloud   •  Assure  the  integrity  of  OSes,  VM  images  and   infrastructure  applications   •  Isolation  between  different  VMs    
•  Abuse  &  nefarious  use  of  cloud  computing   •  Password/key  cracking,  DDOS,  CAPTCH   solving  farms,  building  rainbow  tables   •  Insecure  interfaces  and  APIs   •  Malicious  insiders   •  Shared  technology  issues   •  Data  loss  and  leakage   •  Account  or  service  hijacking   •  Unknown  risk  profile  
Security in the Cloud

Recommended

Chris millercloud
Chris millercloudChris millercloud
Chris millercloud
Chris Miller
 
Meta soft corporate profile
Meta soft corporate profileMeta soft corporate profile
Meta soft corporate profile
MetasoftSolutionsPvtLtd
 
Le cloud microsoft - Présentation "fourre-tout" - Base
Le cloud microsoft - Présentation "fourre-tout" - BaseLe cloud microsoft - Présentation "fourre-tout" - Base
Le cloud microsoft - Présentation "fourre-tout" - Base
Nicolas Georgeault
 
Making of a Successful Cloud Business
Making of a Successful Cloud BusinessMaking of a Successful Cloud Business
Making of a Successful Cloud Business
ACMBangalore
 
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Novell
 
Summer School Delivering On-Demand Shared Middleware Services
Summer School Delivering On-Demand Shared Middleware ServicesSummer School Delivering On-Demand Shared Middleware Services
Summer School Delivering On-Demand Shared Middleware Services
WSO2
 
PHP Day 2011 PHP goes to the cloud
PHP Day 2011 PHP goes to the cloudPHP Day 2011 PHP goes to the cloud
PHP Day 2011 PHP goes to the cloud
pietrobr
 
Oracle cloud strategy
Oracle cloud strategyOracle cloud strategy
Oracle cloud strategy
Agora Group
 

Recommended

Chris millercloud
Chris millercloudChris millercloud
Chris millercloud
Chris Miller
 
Meta soft corporate profile
Meta soft corporate profileMeta soft corporate profile
Meta soft corporate profile
MetasoftSolutionsPvtLtd
 
Le cloud microsoft - Présentation "fourre-tout" - Base
Le cloud microsoft - Présentation "fourre-tout" - BaseLe cloud microsoft - Présentation "fourre-tout" - Base
Le cloud microsoft - Présentation "fourre-tout" - Base
Nicolas Georgeault
 
Making of a Successful Cloud Business
Making of a Successful Cloud BusinessMaking of a Successful Cloud Business
Making of a Successful Cloud Business
ACMBangalore
 
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...Implementing Process Controls and Risk Management with Novell Compliance Mana...
Implementing Process Controls and Risk Management with Novell Compliance Mana...
Novell
 
Summer School Delivering On-Demand Shared Middleware Services
Summer School Delivering On-Demand Shared Middleware ServicesSummer School Delivering On-Demand Shared Middleware Services
Summer School Delivering On-Demand Shared Middleware Services
WSO2
 
PHP Day 2011 PHP goes to the cloud
PHP Day 2011 PHP goes to the cloudPHP Day 2011 PHP goes to the cloud
PHP Day 2011 PHP goes to the cloud
pietrobr
 
Oracle cloud strategy
Oracle cloud strategyOracle cloud strategy
Oracle cloud strategy
Agora Group
 
5 dani künzli citrix networking news 1
5 dani künzli citrix networking news 15 dani künzli citrix networking news 1
5 dani künzli citrix networking news 1
Digicomp Academy AG
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure Platform
AsmTrash
 
Aras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the CloudAras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the Cloud
Aras
 
Deja vu.idc.solutions
Deja vu.idc.solutionsDeja vu.idc.solutions
Deja vu.idc.solutions
dejavusolutions
 
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayExtending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Amazon Web Services
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & REST
CA API Management
 
Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs Elite
Jon G. Hall
 
Oracle Cloud Computing
Oracle Cloud ComputingOracle Cloud Computing
Oracle Cloud Computing
Freelance PR
 
Layer 7 and Oracle -
Layer 7 and Oracle - Layer 7 and Oracle -
Layer 7 and Oracle -
CA API Management
 
3 customer presentation
3 customer presentation3 customer presentation
3 customer presentation
StarTeamTVChannel
 
Build Resilient Private Cloud
Build Resilient Private CloudBuild Resilient Private Cloud
Build Resilient Private Cloud
Symantec APJ
 
comparative study of Cloud computing tools
comparative study of Cloud computing tools comparative study of Cloud computing tools
comparative study of Cloud computing tools
Aditya Trivedi
 
GTL RIM Offerings
GTL RIM OfferingsGTL RIM Offerings
GTL RIM Offerings
dheerajkureel
 
Aras Leveraging the Cloud for PLM
Aras Leveraging the Cloud for PLMAras Leveraging the Cloud for PLM
Aras Leveraging the Cloud for PLM
Aras
 
KVH Customer Case Study - Aplix Corporatin
KVH Customer Case Study - Aplix CorporatinKVH Customer Case Study - Aplix Corporatin
KVH Customer Case Study - Aplix Corporatin
KVH Co. Ltd.
 
Towards a Federated Cloud Ecosystem
Towards a Federated Cloud EcosystemTowards a Federated Cloud Ecosystem
Towards a Federated Cloud Ecosystem
Clovis Chapman
 
Rfs4000 spec sheet
Rfs4000 spec sheetRfs4000 spec sheet
Rfs4000 spec sheet
Advantec Distribution
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7
CA API Management
 
Paa s concepts_mod_march11
Paa s concepts_mod_march11Paa s concepts_mod_march11
Paa s concepts_mod_march11
Amir Zipory
 
Securing Single-Page Applications with OAuth 2.0
Securing Single-Page Applications with OAuth 2.0Securing Single-Page Applications with OAuth 2.0
Securing Single-Page Applications with OAuth 2.0
Prabath Siriwardena
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
Prabath Siriwardena
 
Thailand Business with the Cloud Service
Thailand Business with the Cloud ServiceThailand Business with the Cloud Service
Thailand Business with the Cloud Service
IMC Institute
 

More Related Content

What's hot

5 dani künzli citrix networking news 1
5 dani künzli citrix networking news 15 dani künzli citrix networking news 1
5 dani künzli citrix networking news 1
Digicomp Academy AG
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure Platform
AsmTrash
 
Aras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the CloudAras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the Cloud
Aras
 
Deja vu.idc.solutions
Deja vu.idc.solutionsDeja vu.idc.solutions
Deja vu.idc.solutions
dejavusolutions
 
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayExtending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Amazon Web Services
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & REST
CA API Management
 
Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs Elite
Jon G. Hall
 
Oracle Cloud Computing
Oracle Cloud ComputingOracle Cloud Computing
Oracle Cloud Computing
Freelance PR
 
Layer 7 and Oracle -
Layer 7 and Oracle - Layer 7 and Oracle -
Layer 7 and Oracle -
CA API Management
 
3 customer presentation
3 customer presentation3 customer presentation
3 customer presentation
StarTeamTVChannel
 
Build Resilient Private Cloud
Build Resilient Private CloudBuild Resilient Private Cloud
Build Resilient Private Cloud
Symantec APJ
 
comparative study of Cloud computing tools
comparative study of Cloud computing tools comparative study of Cloud computing tools
comparative study of Cloud computing tools
Aditya Trivedi
 
GTL RIM Offerings
GTL RIM OfferingsGTL RIM Offerings
GTL RIM Offerings
dheerajkureel
 
Aras Leveraging the Cloud for PLM
Aras Leveraging the Cloud for PLMAras Leveraging the Cloud for PLM
Aras Leveraging the Cloud for PLM
Aras
 
KVH Customer Case Study - Aplix Corporatin
KVH Customer Case Study - Aplix CorporatinKVH Customer Case Study - Aplix Corporatin
KVH Customer Case Study - Aplix Corporatin
KVH Co. Ltd.
 
Towards a Federated Cloud Ecosystem
Towards a Federated Cloud EcosystemTowards a Federated Cloud Ecosystem
Towards a Federated Cloud Ecosystem
Clovis Chapman
 
Rfs4000 spec sheet
Rfs4000 spec sheetRfs4000 spec sheet
Rfs4000 spec sheet
Advantec Distribution
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7
CA API Management
 

What's hot (18)

5 dani künzli citrix networking news 1
5 dani künzli citrix networking news 15 dani künzli citrix networking news 1
5 dani künzli citrix networking news 1
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure Platform
 
Aras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the CloudAras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the Cloud
 
Deja vu.idc.solutions
Deja vu.idc.solutionsDeja vu.idc.solutions
Deja vu.idc.solutions
 
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayExtending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation Day
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & REST
 
Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs Elite
 
Oracle Cloud Computing
Oracle Cloud ComputingOracle Cloud Computing
Oracle Cloud Computing
 
Layer 7 and Oracle -
Layer 7 and Oracle - Layer 7 and Oracle -
Layer 7 and Oracle -
 
3 customer presentation
3 customer presentation3 customer presentation
3 customer presentation
 
Build Resilient Private Cloud
Build Resilient Private CloudBuild Resilient Private Cloud
Build Resilient Private Cloud
 
comparative study of Cloud computing tools
comparative study of Cloud computing tools comparative study of Cloud computing tools
comparative study of Cloud computing tools
 
GTL RIM Offerings
GTL RIM OfferingsGTL RIM Offerings
GTL RIM Offerings
 
Aras Leveraging the Cloud for PLM
Aras Leveraging the Cloud for PLMAras Leveraging the Cloud for PLM
Aras Leveraging the Cloud for PLM
 
KVH Customer Case Study - Aplix Corporatin
KVH Customer Case Study - Aplix CorporatinKVH Customer Case Study - Aplix Corporatin
KVH Customer Case Study - Aplix Corporatin
 
Towards a Federated Cloud Ecosystem
Towards a Federated Cloud EcosystemTowards a Federated Cloud Ecosystem
Towards a Federated Cloud Ecosystem
 
Rfs4000 spec sheet
Rfs4000 spec sheetRfs4000 spec sheet
Rfs4000 spec sheet
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7
 

Viewers also liked

Paa s concepts_mod_march11
Paa s concepts_mod_march11Paa s concepts_mod_march11
Paa s concepts_mod_march11
Amir Zipory
 
Securing Single-Page Applications with OAuth 2.0
Securing Single-Page Applications with OAuth 2.0Securing Single-Page Applications with OAuth 2.0
Securing Single-Page Applications with OAuth 2.0
Prabath Siriwardena
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
Prabath Siriwardena
 
Thailand Business with the Cloud Service
Thailand Business with the Cloud ServiceThailand Business with the Cloud Service
Thailand Business with the Cloud Service
IMC Institute
 
Open Standards in Identity Management
Open Standards in Identity ManagementOpen Standards in Identity Management
Open Standards in Identity Management
Prabath Siriwardena
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
Prabath Siriwardena
 

Viewers also liked (6)

Paa s concepts_mod_march11
Paa s concepts_mod_march11Paa s concepts_mod_march11
Paa s concepts_mod_march11
 
Securing Single-Page Applications with OAuth 2.0
Securing Single-Page Applications with OAuth 2.0Securing Single-Page Applications with OAuth 2.0
Securing Single-Page Applications with OAuth 2.0
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
 
Thailand Business with the Cloud Service
Thailand Business with the Cloud ServiceThailand Business with the Cloud Service
Thailand Business with the Cloud Service
 
Open Standards in Identity Management
Open Standards in Identity ManagementOpen Standards in Identity Management
Open Standards in Identity Management
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 

Similar to Security in the Cloud

SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
Kannan Subbiah
 
Kentucky gis
Kentucky gisKentucky gis
Kentucky gis
edsai
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
Novell
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
Novell
 
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingBayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes Everything
CloudPassage
 
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityHow Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
Novell
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Eucalyptus Systems, Inc.
 
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Eucalyptus Systems, Inc.
 
The Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated IndustriesThe Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated Industries
dirkbeth
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Michael Noel
 
Windows Azure Overview
Windows Azure OverviewWindows Azure Overview
Windows Azure Overview
Stefano Paluello
 
CLD306 pptx en web
CLD306 pptx en webCLD306 pptx en web
CLD306 pptx en web
Lionbridge International NASDAQ:LIOX
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
CloudPassage
 
Patterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformPatterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services Platform
David Chou
 
Azure Services Platform
Azure Services PlatformAzure Services Platform
Azure Services Platform
David Chou
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS Cloud
Amazon Web Services
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
Govind Maheswaran
 
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012
Eric D. Boyd
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010
Michael Noel
 
Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?
Intergen
 

Similar to Security in the Cloud (20)

SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
 
Kentucky gis
Kentucky gisKentucky gis
Kentucky gis
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
 
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingBayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes Everything
 
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityHow Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
 
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
 
The Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated IndustriesThe Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated Industries
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
 
Windows Azure Overview
Windows Azure OverviewWindows Azure Overview
Windows Azure Overview
 
CLD306 pptx en web
CLD306 pptx en webCLD306 pptx en web
CLD306 pptx en web
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
 
Patterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformPatterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services Platform
 
Azure Services Platform
Azure Services PlatformAzure Services Platform
Azure Services Platform
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS Cloud
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
 
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012
Moving Web Apps to the Cloud - Iowa User Group Tour, Feb 2012
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010
 
Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?
 

More from Prabath Siriwardena

Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security Landscape
Prabath Siriwardena
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFE
Prabath Siriwardena
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
Prabath Siriwardena
 
Identity is Eating the World!
Identity is Eating the World!Identity is Eating the World!
Identity is Eating the World!
Prabath Siriwardena
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security Landscape
Prabath Siriwardena
 
OAuth 2.0 Threat Landscape
OAuth 2.0 Threat LandscapeOAuth 2.0 Threat Landscape
OAuth 2.0 Threat Landscape
Prabath Siriwardena
 
GDPR for Identity Architects
GDPR for Identity ArchitectsGDPR for Identity Architects
GDPR for Identity Architects
Prabath Siriwardena
 
Blockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access ManagementBlockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access Management
Prabath Siriwardena
 
OAuth 2.0 Threat Landscapes
OAuth 2.0 Threat LandscapesOAuth 2.0 Threat Landscapes
OAuth 2.0 Threat Landscapes
Prabath Siriwardena
 
OAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App DevelopersOAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App Developers
Prabath Siriwardena
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application Developers
Prabath Siriwardena
 
Best Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemBest Practices in Building an API Security Ecosystem
Best Practices in Building an API Security Ecosystem
Prabath Siriwardena
 
Connected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity BusConnected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity Bus
Prabath Siriwardena
 
Connected Identity : Benefits, Risks & Challenges
Connected Identity : Benefits, Risks & ChallengesConnected Identity : Benefits, Risks & Challenges
Connected Identity : Benefits, Risks & Challenges
Prabath Siriwardena
 
The Evolution of Internet Identity
The Evolution of Internet IdentityThe Evolution of Internet Identity
The Evolution of Internet Identity
Prabath Siriwardena
 
Next-Gen Apps with IoT and Cloud
Next-Gen Apps with IoT and CloudNext-Gen Apps with IoT and Cloud
Next-Gen Apps with IoT and Cloud
Prabath Siriwardena
 
Securing Insecure
Securing InsecureSecuring Insecure
Securing Insecure
Prabath Siriwardena
 
Evolution of Internet Identity
Evolution of Internet IdentityEvolution of Internet Identity
Evolution of Internet Identity
Prabath Siriwardena
 
Securing the Insecure
Securing the InsecureSecuring the Insecure
Securing the Insecure
Prabath Siriwardena
 
WSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialWSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server Tutorial
Prabath Siriwardena
 

More from Prabath Siriwardena (20)

Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security Landscape
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFE
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
Identity is Eating the World!
Identity is Eating the World!Identity is Eating the World!
Identity is Eating the World!
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security Landscape
 
OAuth 2.0 Threat Landscape
OAuth 2.0 Threat LandscapeOAuth 2.0 Threat Landscape
OAuth 2.0 Threat Landscape
 
GDPR for Identity Architects
GDPR for Identity ArchitectsGDPR for Identity Architects
GDPR for Identity Architects
 
Blockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access ManagementBlockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access Management
 
OAuth 2.0 Threat Landscapes
OAuth 2.0 Threat LandscapesOAuth 2.0 Threat Landscapes
OAuth 2.0 Threat Landscapes
 
OAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App DevelopersOAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App Developers
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application Developers
 
Best Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemBest Practices in Building an API Security Ecosystem
Best Practices in Building an API Security Ecosystem
 
Connected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity BusConnected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity Bus
 
Connected Identity : Benefits, Risks & Challenges
Connected Identity : Benefits, Risks & ChallengesConnected Identity : Benefits, Risks & Challenges
Connected Identity : Benefits, Risks & Challenges
 
The Evolution of Internet Identity
The Evolution of Internet IdentityThe Evolution of Internet Identity
The Evolution of Internet Identity
 
Next-Gen Apps with IoT and Cloud
Next-Gen Apps with IoT and CloudNext-Gen Apps with IoT and Cloud
Next-Gen Apps with IoT and Cloud
 
Securing Insecure
Securing InsecureSecuring Insecure
Securing Insecure
 
Evolution of Internet Identity
Evolution of Internet IdentityEvolution of Internet Identity
Evolution of Internet Identity
 
Securing the Insecure
Securing the InsecureSecuring the Insecure
Securing the Insecure
 
WSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialWSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server Tutorial
 

Recently uploaded

Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
LucaBarbaro3
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
Pravash Chandra Das
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
saastr
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
GDSC PJATK
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 

Recently uploaded (20)

Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 

Security in the Cloud

  • 1. Prabath  Siriwardena  –  Software  Architect,  WSO2  
  • 6. As  a  Service  ?   Pay  per  use   Resource  Sharing   Self  service  provisioning   Unlimited  Resource  
  • 7. •  In  public   –  IaaS,  PaaS,  SaaS  available  on  the  Internet   –  Use  one  of  the  cloud  service  providers   –  Information  is  stored  and  managed  by  provider  under  SLA   •  In  Private   –  Have  a  cloud,  in-­‐house   –  IaaS  provides  by  hardware  on  your  data  centers   –  PaaS  running  on  your  IaaS   –  SaaS  executing  on  your  PaaS   •  Or  use  both   –  Hybrid  Cloud  
  • 9. Enterprise  IT  in  2015+  
  • 10. What  do  you  expect  from  a  platform  ?  
  • 11. •  Public  Cloud   –  Fast  time  to  market   –  Makes  it  easier  to  write  scalable  code   •  Private  Cloud   –  Give  each  team  their  own  instant  infrastructure   –  Govern  centrally  but  code  and  deploy  by  team   –  Automated  governance,  registry,  identity   –  Instant  BAM  
  • 12.
  • 13. •  Distributed  /  Dynamically  Wired  (works  properly  in  the  cloud)   –  Finds  services  across  applications     –  Reuse  services  from  other  departments  e.g.  People  information  required  by  all  of  Finance,   Engineering  and  Sales   •  Elastic  (uses  the  cloud  efficiently)   –  Scales  up  and  down  as  needed   –  Some  departments  might  want  varying  resources  with  varying  bandwidth  with  varying   priority   •  Multi-­‐tenant  (only  costs  when  you  use  it)   –  Virtual  isolated  instances  to  facilitate  isolation  between  departments  etc.   –  e.g.  Sales  vs.  Finance  tenants.  Finance  want  complete  isolation  for  some  sensitive  services   •  Self-­‐service  (in  the  hands  of  users)   –  De-­‐centralized  creation  and  management  of  tenants   –  No  need  to  come  to  IT  department  to  gain  access  –  served  via  portal  –  no  need  to  be  on  the   queue  or  waiting  list   •  Granularly  Billed  and  Metered  (pay  for  just  what  you  use)   –  Allocate  costs  to  exactly  who  uses  them   –  Bill  and  cost  various  departments  per  use     –  Get  rid  of  the  situations  where  unused  computing  assets  lying  in  one  department  while  the   other  departments  are  starving  for  the  same   •  Incrementally  Deployed  and  Tested  (supports  seamless  live  upgrade)   –  Not  disrupt  other  operations  
  • 14.
  • 15.
  • 16. Provider IAAS   N   F   Application   N   F   Middleware   N   F   Guest  OS   F   N   Hypervisor   F   N   Storage   F   N   Hardware   Organization F   N   Network  
  • 17. Provider PAAS   M   L   Application   M   L   Middleware   F   N   Guest  OS   F   N   Hypervisor   F   N   Storage   F   N   Hardware   Organization F   N   Network  
  • 18. Provider SAAS   M   L   Application   F   N   Middleware   F   N   Guest  OS   F   N   Hypervisor   F   N   Storage   F   N   Hardware   Organization F   N   Network  
  • 19. IaaS   PaaS   SaaS   Data   Organization   Organization   Organization   Applications   Organization   Shared   Service  Provider   Systems   Service  Provider   Service  Provider   Service  Provider   Storage   Service  Provider   Service  Provider   Service  Provider   Network   Service  Provider   Service  Provider   Service  Provider  
  • 20. SAAS   More  Control   PAAS   IAAS  
  • 21. Private   Public   Compliance   Organization   Service  Provider   Governance   Organization   Service  Provider   Security   Organization   Service  Provider   Operations   Organization   Service  Provider   Risk   Organization   Shared   Cloud  Owner   Organization   Service  Provider    or  leased   Use  limited  to     Organization   Public  
  • 22. Public   Ownership   Hybrid   Private  
  • 23.
  • 24.
  • 25.
  • 27. •  Can  be  used  to  give  departments  their  own   PaaS  world  to  operate  in   •  Yet  all  share  same  hardware  resources   –  Not  all  departments  need  resources  at  the  same  time   –  Really  pay  per  use   –  Opportunity  to  unify    departmental  level  small  server  pools     •  Drastically  reduce  admin/management  costs   –  One  software  installation  to  maintain   •  Use  differentiated  QoS  
  • 28. Multi-­‐tenancy   ¡  Three  possible  ways   §  Machine  per  tenant   §  VM  per  tenant   §  Share  machine/VM  across  tenants   ¡  Challenges   §  Data  isolation   §  Logic  isolation     §  Security  
  • 29. Data  Isolation  –  Separated  DB   Multi-­‐tenancy  
  • 30. Data  Isolation  –  Shared  DB  /  Separate  Schema   Multi-­‐tenancy  
  • 31. Data  Isolation  –  Shared  DB  /  Shared  Schema   Multi-­‐tenancy  
  • 32. Data  Access  -­‐  Security  Patterns   Trusted  Database  Connections  
  • 33. Data  Access  -­‐  Security  Patterns   Trusted  Database  Connections  
  • 34. Data  Access  -­‐  Security  Patterns   Trusted  Database  Connections  
  • 35. Data  Access  -­‐  Security  Patterns   Secure  Database  Tables   GRANT SELECT, UPDATE, INSERT, DELETE ON [TableName] FOR [UserName]
  • 36. Data  Access  -­‐  Security  Patterns   Tenant  View  Filter   CREATE  VIEW  TenantEmployees  AS     SELECT  *  FROM  Employees  WHERE  TenantID  =   SUSER_SID()
  • 37. •  Data  Confidentiality/Integrity/Availability   •  Data  Lineage   •  Data  Provenance   •  Data  Remanence  
  • 38.                      Data  Confidentiality/Integrity/Availability   Storage   Processing   Transmission   Confidentiality   Symmetric   Homomorphic   SSL   Encryption   Encryption   Integrity   MAC   Homomorphic   SSL   Encryption   Availability   Redundancy   Redundancy   Redundancy  
  • 39. cloud  security     forxg  vhfxulwb     Homomorphic  Encryption   cloud   forxg   security     vhfxulwb     cloud   security     forxg   vhfxulwb    
  • 40.
  • 41. Vendor   CVE   KVM   32   QEMU   23   VMWare   126   XEN   86   •  VM  Escape  (Host  code  execution)   •  Guest  code  execution  with  privilege  
  • 42. •  Identity  Management   •  Access  Management   •  Key  Management   •  System  &  Network  Auditing   •  Security  Monitoring   •  Security  Testing  &  Vulnerability  Remediation   •  System  &  Network  Controls  
  • 43. •  Controls  over  identity  information   Identity  Management   •  Strong  Identity  Management  system  for  cloud   personnel   •  Large  scale  needs  for  authenticating  cloud   tenants  and  users   •  Federated  Identity   •  Audits  for  legal  activities   •  Identity  Recycle?   •  Means  to  verify  assertions  of  identity  by  cloud   provider  personnel  
  • 44. •  Cloud  personnel  shall  have  restricted  access  to   Access  Management   the  customer  data   •  Multifactor  authentication  for  highly  privileged   operations   •  Large  scale  needs  for  authenticating  cloud   tenants  and  users   •  Least  privileged  principal  and  RBAC   •  White-­‐listed  IPs  for  remote  access  by  cloud   personnel    
  • 45. •  Encryption  the  key  to  protect  data  in  transit  and   at  rest   Key  Management   •  All  keys  secured  properly   •  Effective  procedures  to  recover  from   compromised  keys   •  Effective  procedures  for  key  revocation      
  • 46. System  &  Network  Auditing   •  All  security  related  events  must  be  recorded  with   all  relevant  information   •  Generated  audit  events  must  be  logged  in  near   real-­‐time  manner   •  Integrity  &  confidentiality  of  audit  logs  should  be   protected   •  Audit  logs  needs  to  be  securely  archived    
  • 47. •  Generation  of  alerts  in  recognition  of  a  critical   Security  Monitoring   security  breach   •  Delivery  of  security  alerts  in  deferent  means   securely   •  Cloud  wide  intrusion  and  anomaly  detection   •  Periodic  checks  to  make  sure  monitoring  system   runs  healthy    
  • 48. •  Well  defined  set  of  security  test  cases   •  Separate  environments  for  development,   Security  Testing   testing,  staging  and  production   •  Patch  management  
  • 49. System  &  Network    Controls   •  Should  be  implemented  for  infrastructure   systems   •  Network  isolation  in  between  different  functional   areas  in  the  cloud   •  Assure  the  integrity  of  OSes,  VM  images  and   infrastructure  applications   •  Isolation  between  different  VMs    
  • 50. •  Abuse  &  nefarious  use  of  cloud  computing   •  Password/key  cracking,  DDOS,  CAPTCH   solving  farms,  building  rainbow  tables   •  Insecure  interfaces  and  APIs   •  Malicious  insiders   •  Shared  technology  issues   •  Data  loss  and  leakage   •  Account  or  service  hijacking   •  Unknown  risk  profile