securing your data in the cloud
DESCRIPTION
Introduction to data security in the cloud.TRANSCRIPT
![Page 1: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/1.jpg)
Securing your Data in the Cloud
Omer TrajmanSr. Dir. for Cloud and Virtualization
Vertica [email protected]
![Page 2: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/2.jpg)
Something old…Something new
• Before we jump in what do we mean “Cloud?”
• Oh….and what do we mean “securing?”
• Plus ça change…
• Tools of the trade
• Key takeaways
2
![Page 3: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/3.jpg)
What is….Cloud?
• What are Cloud Services?Other Peoples’ Software
• What are Cloud Platforms?Other Peoples’ Frameworks
• What is Cloud Infrastructure?Other Peoples’ Hardware
3
![Page 4: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/4.jpg)
Security is a Tradeoff
“Security costs money, but it also costs in time, convenience, capabilities,…”
-Bruce Schneier
• Assess how important it is to secure your data
• What are the risks with in-house and cloud?
• Why not keep it under your mattress?
4
![Page 5: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/5.jpg)
Data Security 101
• Confidential and Proprietary
• Secure Communications
• On Disk Encryption
• Private Key Cryptography
• Timeliness of Data
5
![Page 6: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/6.jpg)
History of Keeping Secrets
• Greeks use coded messages during wartime• Manuscript for the Deciphering Cryptographic
Messages was written circa 800 AD• Computer Science was nurtured during the
World Wars to keep communications secure• In 1970 IBM invented DES for the NIST to
support secure financial transactions• In 1976 Diffie and Hellman introduced
asymmetric key exchange
6
![Page 7: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/7.jpg)
What do we keep Secure Today?
• Most Security and Military Information
• Some Financial Data
• Some Personal Information
• Some Business Information
7
![Page 8: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/8.jpg)
Tools of the Trade
• Key AlgorithmsAES, Blowfish, RSA, DH
• Encryption in PlacePGP, FileVault, Firmware
• Secure TransmissionSSL, VPN, SSH
• FirewallsComes with your OS
8
![Page 9: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/9.jpg)
Securing the Cloud
• Create a VPN
• Firewall the host
• Encrypt the disk
Consider where to keep sensitive data
9
![Page 10: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/10.jpg)
Virtual Private Network
• Why– Secure communication between your enterprise and cloud
infrastructure
• What– OpenVPN, Checkpoint, Cisco, CohesiveFT
VPN
10
![Page 11: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/11.jpg)
Virtual Private Network
• How– VPN Server in your enterprise– Cloud machine configure to connect over VPN to a server
in your enterprise – Client keys deployed to cloud machines
• Challenges– Provisioning VPN client software– Key management for Cloud machines– Failover if Cloud machines fail
11
![Page 12: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/12.jpg)
• Why– Guard against intrusion, enforce network policies
• What– IaaS provided, OS Built-in, Checkpoint
Firewall
VPN
12
![Page 13: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/13.jpg)
Firewall
• How– For IaaS there is an API (e.g. Amazon EC2 groups) that
controls network access– Linux Firewall or iptables configuration
• Challenges– Complex port requirements (e.g. ssh internally and
https externally)– Subtleties in configuration files can lead to a
susceptible host
13
![Page 14: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/14.jpg)
Encryption
• Why– Prevent malicious or accidental data leaks
• What– Truecrypt, Encfs, CryptoFS, NTFS Encryption
1, Jonathan2, Susan3, David 03Wea91ab
05841fe1oFVDxa2x99G 14
![Page 15: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/15.jpg)
Encryption
• How– DIY – install an encrypted volume on the host– May come as an IaaS option
• Challenges– Key management– Complicates host setup– Incremental backup/recovery
15
![Page 16: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/16.jpg)
What about Securing Resources?
• Don’t use passwords (use public/private keys)• Open minimal ports (use dedicated servers)
• Monitor your system (tripwire, OSSEC)• Use configuration tools (FireHOL, Bastille)• Keep Backups (and keep them secure)
Client Server Data
16
![Page 17: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/17.jpg)
Future Developments
• Cloud offerings are constantly changing
• Management as a Service providers will
facilitate setup configurations
• Security will become an integrated offering
• Best practices for Cloud security are growing
out of enterprise and web security expertise17
![Page 18: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/18.jpg)
Key Takeaways
• Security is a trade off
• Use the same tools in the cloud
• VPN, Firewall, Encrypt…Detect and Backup
• Look for solutions from your provider
• Check your service agreement
18
![Page 19: Securing Your Data In The Cloud](https://reader036.vdocuments.mx/reader036/viewer/2022082921/555850ead8b42a993b8b4970/html5/thumbnails/19.jpg)
References• Twenty Rules for Amazon Cloud Security
(George Reese, O’Reilly)• Three tools to help you configure iptables
(Chris Lynch, Linux.com)• Disk Encryption Tools for Linux
(Justin Krelc and Ed Tittel, All about Linux)• VPN labs• Amazon Security Whitepaper
thank you – [email protected]