confraria security 17 june - cloud security

Cloud ComputingCloud ComputingSecurity Security

by Vitor Domingosintrepid and professional basher

http://vitordomingos.com

* as seen on regular weather channel

Cloud Computing is ?Cloud Computing is ?- Network as a “cloud”

- Network is the computer (SUN moto)

- TCP/IP abstraction (1st cloud)

- www data abstraction (2nd cloud)

- Virtualization (3rd cloud)

Bottom line:

- Virtualization done right, with webservices

Cloud Computing is !Cloud Computing is !- on-demand self-service

- ubiquitous network access

- location independent resource pooling

- rapid elasticity

- measured service

- pay as you go

- abstract resources

CCaaSCCaaS- Software as a Service

- SalesForce

- Platform as a Service

- Google App Engine- Microsoft Azure

- Infrastructure as a Service

- Rackspace Mosso- Amazon Web Services

Cloud Computing leveragesCloud Computing leverages- Virtualization

- Multi-Tenancy

- Massive Scale

- Autonomic Computing

- Distributed Environment

- Security Technologies

- Service Oriented

Security in the CloudSecurity in the Cloud

Only the paranoid survive!Only the paranoid survive!- Key issues

trust, trust, multi-tenancy, trust, encryption, compliance

- Massive complex systems running on functional units

- Certification & Audit

- Loss of physical control

- Interoperability

- Accountability

please, keep in mind thatplease, keep in mind that- Shared hell:

- Hardware- Memory- Disks- NIC's (Virtual)

- Cache Snooping- Hypervisor Attacks- Persistent Root Kits- Password Cracking

- Broken or stolen key rings / authorization federation

- Never ending logs

Great things do comeGreat things do come- Provisioning

- Rapid reconstitution of services

- Storage fragmented

- Security layers (auth, firewall, logging, …)

- Network and Security perimeters

- Virtual Zoning

- Fault tolerance

ChallengesChallenges- Data dispersal and international privacy laws

- Isolation management & Multi-Tenancy

- Certification (SAS 70 Type II audits and ISO 27001)

- Data ownership

- QoS & SLA's garantees

- Secure Hypervisors

ChallengesChallenges- Massive outages

- Service bottle necks; DNS as your best friend

- Encryption needscloud resources, applications, storage, services

- Disaster recovery and contingency plans

- If you have it on Auto mode, you won't see it coming

- Honey for hackers

ToDoToDo- Network with VPN and VLAN's

- SLA's; read the fine prints

- Backup and recover often; Risk assessment

- Log (out of there) as if the world ended tomorrow

- Plan for failure

- YOU secure!!!

- Sandbox, Sandbox, Sandbox

You're not aloneYou're not alone- Security Groups

IBM; SUN; Amazon; ISV

- Cloud Security Alliance (awesome guide!!)

- OpenCloud Manifesto & Amazon Security Paper

- Cloud Computing ML at Google Groups

- Legal Cloud's

- Vivek Kundra, USA CTO, did it, so as Facebook,New York Times and Nasdaq (on AWS)

Wrap upWrap up- Plan

- Encrypt

- Backup

- Secure

- Audit

- Sandbox (check my last year sapo codebits talk)- http://codebits.sapo.pt/files/aws_23.pdf

- Trust

?mail: mail: vd@prt.scvd@prt.scsite: http://vitordomingos.comsite: http://vitordomingos.com