SlideShare une entreprise Scribd logo

BayThreat Why The Cloud Changes Everything

Télécharger en tant que PPTX, PDF
CloudPassage
CloudPassage

Subtitle: How I Learned to Stop Worrying and Get DevOps to Love Security These slides are from a talk delivered by Rand Wacker at BayThreat 2011. ABSTRACT: Take a look around, you might be surprised who is running servers in the cloud; you might be even more surprised about what they are running. Unfortunately, these people rarely if ever thought to tell the security teams, and that means big problems for us all. Securing servers in the cloud is different, very different, than in a traditional data center, but all the same risks are there. Lets start by understanding who is using the cloud, why it is so different, and what works and doesn't work from our typical security toolbox. Then lets try to solve some of those problems and come up with some best practices to help us and those we work with do what they need…securely.

TechnologieBusiness
1  sur  42
Why The Cloud Changes Everything BayThreat 2011: Building Security Rand Wacker @randwacker © 2011 CloudPassage Inc.
How I Learned to Stop Worrying and Get DevOps to Love Security © 2011 CloudPassage Inc.
whoami Slides available tonight on Rand Wacker community.cloudpassage.com @randwacker rand@cloudpassage.com Security Cloud UC Berkeley ✘ ✘ Oracle ✘ Amazon ✘ Sendmail … IronPort ✘ Cisco ✘ CloudPassage ✘ ✘ © 2011 CloudPassage Inc.
Agenda 1. Who is in the cloud 2. Who secures the cloud 3. Why cloud security is different 4. How to approach the cloud 5. Suggestions and best practices © 2011 CloudPassage Inc.
Cloud Operators Are Different © 2011 CloudPassage Inc.
What is running in the cloud? Who: App-dev shops, integrators, Enterp. BU’s Why: Fast, cheap, agile Development Risks: Code stolen or hacked, live data theft Who: SaaS providers, social media, gaming Why: Scalable, elastic, ties costs to growth Permanent Risks: Compliance, data theft, oper. disruption Application Hosting Who: Big data, social, retail, life-sci, media Why: Agility, speed, scale, “lease the spikes” Temporary Risks: Intellectual property theft Workloads © 2011 CloudPassage Inc.
Who is running in the cloud? IT Server Admins Big Data Analysts © 2011 CloudPassage Inc.
Who is running in the cloud? © 2011 CloudPassage Inc.
Survey: Cloud Security Concerns Question: What security concerns are most important to you regarding public cloud computing? Multiple Choice Lack of perimter defenses and/or 44% network control Multi-tenancy of infrastructure or 40% applications Achieving compliance with PCI or other 26% standards Provider access to guest servers 24% Enterprise security tools don't work in the 23% cloud We have no security concerns 16% Source: CloudPassage CloudSec Community Survey © 2011 CloudPassage Inc.
“We didn’t think we had cloud servers. Then we checked our developers’ expense reports for AWS...” - CISO, Fortune 500 Name withheld upon request © 2011 CloudPassage Inc.
Cloud Responsibility, Not So Different © 2011 CloudPassage Inc.
Shared Responsibility Model Responsibility EC2 Shared Responsibility Model Data Customer “…the customer should assume App Code responsibility and management of, but not limited to, the guest operating system.. and App Framework associated application software...” Operating System “…it is possible for customers to enhance security and/or meet more stringent Virtual Machine compliance requirements with the addition of Responsibility host based firewalls, host based intrusion Hypervisor Provider detection/prevention, encryption and key management.” Compute & Storage Amazon Web Services: Overview of Security Shared Network Processes Physical Facilities © 2011 CloudPassage Inc.
Delineation of Responsibility IaaS PaaS SaaS Interface Interface Interface Application Application Application Solution Stack Solution Stack Solution Stack Customer Responsibility Operating System Operating System Operating System Provider Hypervisor Hypervisor Hypervisor Responsibility Compute & Storage Compute & Storage Compute & Storage Network Network Network Facility Facility Facility Client Virtual/ File Permissions None Segregation: Hypervisor (Client ID in DB) © 2011 CloudPassage Inc.
Provider Customer Virtual Network API Compute Logic Virtual Physical Physical Facilities Network App stack Hypervisor Application Machine/OS GUI App Framework / Storage Authentication Configuration Lockdown Patching NIDS/NIPS HIDS/HIPS Packet Filtering Proxy/Middleware Proxy/Middleware Application White Listing Anti-Virus File/Record Access Control Encryption Encryption DLP NAC SIEM Auditing/Pen Testing Forensics Application of Security in IaaS Secure Development Lifecycle Architecture/Design Physical
Survey: Cloud Security Practices Question: How do you secure your cloud servers today? Wrote my own Commercial tool automation tools Open source or custom tool My provider does it for me Amazon Security Group We're not securing our Manually, using cloud servers a checklist Source: CloudPassage CloudSec Community Survey © 2011 CloudPassage Inc.
Cloud Risk is Different © 2011 CloudPassage Inc.
What’s So Different? © 2011 CloudPassage Inc.
What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 www-4 – Poor configurations were tolerable public cloud © 2011 CloudPassage Inc.
What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door www-4 public cloud © 2011 CloudPassage Inc.
What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door • Sprawling, multiplying exposures – Rapidly growing attack surface area – More servers = more vulnerabilities – More servers ≠ more people www-4 www-5 www-6 www-7 www-8 www-9 www-10 public cloud © 2011 CloudPassage Inc.
What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door • Sprawling, multiplying exposures – Rapidly growing attack surface area – More servers = more vulnerabilities – More servers ≠ more people www-4 www-5 www-6 • Fraudsters target cloud servers www-7 www-8 www-9 www-10 – Softer targets to penetrate – No perimeter defenses to thwart – Elasticity = more botnet to sell public cloud © 2011 CloudPassage Inc.
© 2011 CloudPassage Inc.
© 2011 CloudPassage Inc.
Survey: OS Running in the Cloud Question: Which operating systems do you run on your cloud servers? Windows 78% Running Windows Windows and Linux Running Linux 55% Linux BSD Source: CloudPassage CloudSec Community Survey © 2011 CloudPassage Inc.
Cloud Security Approach © 2011 CloudPassage Inc.
How To Secure Cloud Servers Servers in hybrid and public clouds must be self- defending with highly automated controls like… Dynamic network Server compromise & access control intrusion alerting Configuration and Server forensics and package security security analytics Server account Integration & automation visibility & control capabilities © 2011 CloudPassage Inc.
Architectural Challenges • Inconsistent Control (you don’t own everything) – The only thing you can count on is guest VM ownership • Elasticity (not all servers are steady-state) – Cloudbursting, stale servers, dynamic provisioning • Scalability (handle variable workloads) – May have one dev server or 1,000 number-crunchers • Portability (same controls work anywhere) – Nobody wants multiple tools or IaaS provider lock-in © 2011 CloudPassage Inc.
Portable = “Works Anywhere” Public Cloud Hybrid Cloud Which is hardest to solve? Private Cloud Traditional Hardware © 2011 CloudPassage Inc.
Problem: How can we secure large- scale, dynamic application stacks across clouds we probably don’t control? Proposal: Highly automated, scalable, elastic security at the guest VM level. © 2011 CloudPassage Inc.
The VM is the Unit of Control Data App Code Controlled by App Framework Hosting-User Operating System Virtual Machine Hypervisor Controlled Compute & Storage by Hosting- Provider Shared Network Physical Facilities © 2011 CloudPassage Inc.
The VM is the Unit of Scale Data Data App Code App Code App Framework App Framework Operating System Operating System Virtual Machine Virtual Machine Hypervisor Compute & Storage Shared Network Physical Facilities © 2011 CloudPassage Inc.
The VM is the Unit of Portability Private Cloud IaaS Provider Data Data App Code App Code App Framework App Framework Operating System Operating System Virtual Machine Virtual Machine Hypervisor Hypervisor Compute & Storage Compute & Storage Shared Network Shared Network Physical Facilities Physical Facilities © 2011 CloudPassage Inc.
Thesis In cloud environments, the intersection of control, portability & scale is almost always the guest virtual-machine. © 2011 CloudPassage Inc.
Haven’t We Dealt With This Before? © 2011 CloudPassage Inc.
Déjà vu – Laptops as a Model • We’ve dealt with securing portable assets in the past • Security needed to change from being network-based to host-based • Expect similar to occur with cloud • Dynamic shared resources means host-based technology must be reworked prior to use © 2011 CloudPassage Inc.
Security Hamster Sine Wave of Pain Used with permission, and extended thanks to Andy Jaquith
In Closing © 2011 CloudPassage Inc.
Summary • There are people using cloud in your org… • Cloud users often don’t understand security, and definitely don’t know their responsibility • Cloud security is different, and hard • The bad guys know this! • Cloud has different points of control, leverage them! © 2011 CloudPassage Inc.
Best Practices • Know who is running what, and where • Read and understand what your provider does, and what you are responsible for • Take extra precautions when moving servers outside your data center • Start with public cloud, after that everything is easy! • Focus on securing what you control © 2011 CloudPassage Inc.
Wrapping Up • Continue the discussion – Slides available: community.cloudpassage.com • Contact me – Email: rand@cloudpassage.com – Twitter: @randwacker • We’re hiring! Expert in Security and/or Cloud? – Email: jobs@cloudpassage.com © 2011 CloudPassage Inc.
Thank You
What does CloudPassage do? Security for virtual servers running in public and private clouds Firewall Compromise & Management intrusion alerting Server Security & compliance Configurations auditing Server account Vulnerability Management Management  Cloud adoption without fear  Faster and easier compliance  Repel attacks on your servers  Free Basic version, 5 minutes setup © 2011 CloudPassage Inc.

Recommandé

17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvariaLuiz Gustavo Santos
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the CloudCloudPassage
 
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecSecuring Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecCloudPassage
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemhtdvul
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaEdureka!
 
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayExtending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayAmazon Web Services
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementNishant Kaushik
 
Leverage the security & resiliency of the cloud & IoT for industry use cases ...
Leverage the security & resiliency of the cloud & IoT for industry use cases ...Leverage the security & resiliency of the cloud & IoT for industry use cases ...
Leverage the security & resiliency of the cloud & IoT for industry use cases ...Amazon Web Services
 

Recommandé

17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvariaLuiz Gustavo Santos
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the CloudCloudPassage
 
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecSecuring Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecCloudPassage
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemhtdvul
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaEdureka!
 
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayExtending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayAmazon Web Services
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementNishant Kaushik
 
Leverage the security & resiliency of the cloud & IoT for industry use cases ...
Leverage the security & resiliency of the cloud & IoT for industry use cases ...Leverage the security & resiliency of the cloud & IoT for industry use cases ...
Leverage the security & resiliency of the cloud & IoT for industry use cases ...Amazon Web Services
 
Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019Joseph Holbrook, Chief Learning Officer (CLO)
 
Nebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeNebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeTUESDAY Business Network
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & ComplianceAmazon Web Services
 
IBM CLOUD - PRESENTAZIONE
IBM CLOUD - PRESENTAZIONEIBM CLOUD - PRESENTAZIONE
IBM CLOUD - PRESENTAZIONEFondazione CRUI
 
AWS re:Inforce 2021 re:Cap 1
AWS re:Inforce 2021 re:Cap 1 AWS re:Inforce 2021 re:Cap 1
AWS re:Inforce 2021 re:Cap 1 Hayato Kiriyama
 
Layer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorLayer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorCA API Management
 
CNISP - Platform Introduction 071511pks
CNISP - Platform Introduction 071511pksCNISP - Platform Introduction 071511pks
CNISP - Platform Introduction 071511pkslucpaquin
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsASBIS SK
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
Sonic wall crui presentazione per sito crui
Sonic wall crui presentazione per sito cruiSonic wall crui presentazione per sito crui
Sonic wall crui presentazione per sito cruiFondazione CRUI
 
Unlocking the Cloud Operating Model
Unlocking the Cloud Operating ModelUnlocking the Cloud Operating Model
Unlocking the Cloud Operating ModelMitchell Pronschinske
 
Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7CA API Management
 
Advanced networking on AWS | AWS Floor28
Advanced networking on AWS | AWS Floor28Advanced networking on AWS | AWS Floor28
Advanced networking on AWS | AWS Floor28Amazon Web Services
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to CloudCisco Security
 
Esg lab-validation-check-point-cloud guard-mar-2018
Esg lab-validation-check-point-cloud guard-mar-2018Esg lab-validation-check-point-cloud guard-mar-2018
Esg lab-validation-check-point-cloud guard-mar-2018Alejandro Daricz
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWSAWS Summits
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationCisco Security
 
Programatori cu capul in nori
Programatori cu capul in noriProgramatori cu capul in nori
Programatori cu capul in noriAlex Popescu
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsEucalyptus Systems, Inc.
 

Contenu connexe

Tendances

Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Crew
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & ComplianceAmazon Web Services
 
IBM CLOUD - PRESENTAZIONE
IBM CLOUD - PRESENTAZIONEIBM CLOUD - PRESENTAZIONE
IBM CLOUD - PRESENTAZIONEFondazione CRUI
 
AWS re:Inforce 2021 re:Cap 1
AWS re:Inforce 2021 re:Cap 1 AWS re:Inforce 2021 re:Cap 1
AWS re:Inforce 2021 re:Cap 1 Hayato Kiriyama
 
Layer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorLayer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorCA API Management
 
CNISP - Platform Introduction 071511pks
CNISP - Platform Introduction 071511pksCNISP - Platform Introduction 071511pks
CNISP - Platform Introduction 071511pkslucpaquin
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsASBIS SK
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
Sonic wall crui presentazione per sito crui
Sonic wall crui presentazione per sito cruiSonic wall crui presentazione per sito crui
Sonic wall crui presentazione per sito cruiFondazione CRUI
 
Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7CA API Management
 
Advanced networking on AWS | AWS Floor28
Advanced networking on AWS | AWS Floor28Advanced networking on AWS | AWS Floor28
Advanced networking on AWS | AWS Floor28Amazon Web Services
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to CloudCisco Security
 
Esg lab-validation-check-point-cloud guard-mar-2018
Esg lab-validation-check-point-cloud guard-mar-2018Esg lab-validation-check-point-cloud guard-mar-2018
Esg lab-validation-check-point-cloud guard-mar-2018Alejandro Daricz
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWSAWS Summits
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationCisco Security
 

Tendances (20)

Risk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the CloudRisk Factory: PCI Compliance in the Cloud
Risk Factory: PCI Compliance in the Cloud
 
Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019
 
Nebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeNebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi Verze
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
 
IBM CLOUD - PRESENTAZIONE
IBM CLOUD - PRESENTAZIONEIBM CLOUD - PRESENTAZIONE
IBM CLOUD - PRESENTAZIONE
 
AWS re:Inforce 2021 re:Cap 1
AWS re:Inforce 2021 re:Cap 1 AWS re:Inforce 2021 re:Cap 1
AWS re:Inforce 2021 re:Cap 1
 
Layer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorLayer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public Sector
 
CNISP - Platform Introduction 071511pks
CNISP - Platform Introduction 071511pksCNISP - Platform Introduction 071511pks
CNISP - Platform Introduction 071511pks
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Safe Net: Cloud Security Solutions
Safe Net: Cloud Security SolutionsSafe Net: Cloud Security Solutions
Safe Net: Cloud Security Solutions
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the Future
 
Sonic wall crui presentazione per sito crui
Sonic wall crui presentazione per sito cruiSonic wall crui presentazione per sito crui
Sonic wall crui presentazione per sito crui
 
Unlocking the Cloud Operating Model
Unlocking the Cloud Operating ModelUnlocking the Cloud Operating Model
Unlocking the Cloud Operating Model
 
Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7Bridging the Enterprise and the Cloud from Layer 7
Bridging the Enterprise and the Cloud from Layer 7
 
Advanced networking on AWS | AWS Floor28
Advanced networking on AWS | AWS Floor28Advanced networking on AWS | AWS Floor28
Advanced networking on AWS | AWS Floor28
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to Cloud
 
Esg lab-validation-check-point-cloud guard-mar-2018
Esg lab-validation-check-point-cloud guard-mar-2018Esg lab-validation-check-point-cloud guard-mar-2018
Esg lab-validation-check-point-cloud guard-mar-2018
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the Application
 

Similaire à BayThreat Why The Cloud Changes Everything

Programatori cu capul in nori
Programatori cu capul in noriProgramatori cu capul in nori
Programatori cu capul in noriAlex Popescu
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsEucalyptus Systems, Inc.
 
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid CloudsEucalyptus Systems, Inc.
 
Making of a Successful Cloud Business
Making of a Successful Cloud BusinessMaking of a Successful Cloud Business
Making of a Successful Cloud BusinessACMBangalore
 
Cloud Tools for Connected Communities
Cloud Tools for Connected CommunitiesCloud Tools for Connected Communities
Cloud Tools for Connected CommunitiesPeter Coffee
 
Wavefront by vmware june 2019 - legraswindow
Wavefront by vmware june 2019 - legraswindowWavefront by vmware june 2019 - legraswindow
Wavefront by vmware june 2019 - legraswindowAnil Gupta (AJ) - vExpert
 
Ppt on cloud computing
Ppt on cloud computingPpt on cloud computing
Ppt on cloud computingPradeep Bhatia
 
Rackforce the cloud
Rackforce the cloudRackforce the cloud
Rackforce the cloudsdeconf
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage OverviewCloudPassage
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsGovind Maheswaran
 
Mon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrixMon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrixeurocloud
 
VMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell GroupwiseVMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell GroupwiseMike K
 
Vincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleVincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleEwa Stepien
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
Secure and Govern Integration between the Enterprise & the Cloud
Secure and Govern Integration between the Enterprise & the CloudSecure and Govern Integration between the Enterprise & the Cloud
Secure and Govern Integration between the Enterprise & the CloudCA API Management
 

Similaire à BayThreat Why The Cloud Changes Everything (20)

Programatori cu capul in nori
Programatori cu capul in noriProgramatori cu capul in nori
Programatori cu capul in nori
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
 
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
 
Making of a Successful Cloud Business
Making of a Successful Cloud BusinessMaking of a Successful Cloud Business
Making of a Successful Cloud Business
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 
Cloud Tools for Connected Communities
Cloud Tools for Connected CommunitiesCloud Tools for Connected Communities
Cloud Tools for Connected Communities
 
Wavefront by vmware june 2019 - legraswindow
Wavefront by vmware june 2019 - legraswindowWavefront by vmware june 2019 - legraswindow
Wavefront by vmware june 2019 - legraswindow
 
Ppt on cloud computing
Ppt on cloud computingPpt on cloud computing
Ppt on cloud computing
 
An enterprise journey in the Cloud
An enterprise journey in the CloudAn enterprise journey in the Cloud
An enterprise journey in the Cloud
 
Rackforce the cloud
Rackforce the cloudRackforce the cloud
Rackforce the cloud
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
 
Building a Hybrid Cloud
Building a Hybrid CloudBuilding a Hybrid Cloud
Building a Hybrid Cloud
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
 
Mon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrixMon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrix
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
VMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell GroupwiseVMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell Groupwise
 
Vincent Desveronnieres, Oracle
Vincent Desveronnieres, OracleVincent Desveronnieres, Oracle
Vincent Desveronnieres, Oracle
 
V fabric overview
V fabric overviewV fabric overview
V fabric overview
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
 
Secure and Govern Integration between the Enterprise & the Cloud
Secure and Govern Integration between the Enterprise & the CloudSecure and Govern Integration between the Enterprise & the Cloud
Secure and Govern Integration between the Enterprise & the Cloud
 

Plus de CloudPassage

Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage CareersCloudPassage
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerCloudPassage
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectCloudPassage
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of ITCloudPassage
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloudPassage
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsCloudPassage
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the CloudCloudPassage
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachCloudPassage
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessCloudPassage
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOpsCloudPassage
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesCloudPassage
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityCloudPassage
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageCloudPassage
 
Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsDelivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsCloudPassage
 
Halo Installfest Slides
Halo Installfest SlidesHalo Installfest Slides
Halo Installfest SlidesCloudPassage
 
Automating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeAutomating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeCloudPassage
 

Plus de CloudPassage (20)

Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
 
CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage Careers
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated Approach
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud Security
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
 
Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsDelivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS Products
 
Halo Installfest Slides
Halo Installfest SlidesHalo Installfest Slides
Halo Installfest Slides
 
Automating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeAutomating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it Safe
 

Dernier

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Dernier (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

BayThreat Why The Cloud Changes Everything

  • 1. Why The Cloud Changes Everything BayThreat 2011: Building Security Rand Wacker @randwacker © 2011 CloudPassage Inc.
  • 2. How I Learned to Stop Worrying and Get DevOps to Love Security © 2011 CloudPassage Inc.
  • 3. whoami Slides available tonight on Rand Wacker community.cloudpassage.com @randwacker rand@cloudpassage.com Security Cloud UC Berkeley ✘ ✘ Oracle ✘ Amazon ✘ Sendmail … IronPort ✘ Cisco ✘ CloudPassage ✘ ✘ © 2011 CloudPassage Inc.
  • 4. Agenda 1. Who is in the cloud 2. Who secures the cloud 3. Why cloud security is different 4. How to approach the cloud 5. Suggestions and best practices © 2011 CloudPassage Inc.
  • 5. Cloud Operators Are Different © 2011 CloudPassage Inc.
  • 6. What is running in the cloud? Who: App-dev shops, integrators, Enterp. BU’s Why: Fast, cheap, agile Development Risks: Code stolen or hacked, live data theft Who: SaaS providers, social media, gaming Why: Scalable, elastic, ties costs to growth Permanent Risks: Compliance, data theft, oper. disruption Application Hosting Who: Big data, social, retail, life-sci, media Why: Agility, speed, scale, “lease the spikes” Temporary Risks: Intellectual property theft Workloads © 2011 CloudPassage Inc.
  • 7. Who is running in the cloud? IT Server Admins Big Data Analysts © 2011 CloudPassage Inc.
  • 8. Who is running in the cloud? © 2011 CloudPassage Inc.
  • 9. Survey: Cloud Security Concerns Question: What security concerns are most important to you regarding public cloud computing? Multiple Choice Lack of perimter defenses and/or 44% network control Multi-tenancy of infrastructure or 40% applications Achieving compliance with PCI or other 26% standards Provider access to guest servers 24% Enterprise security tools don't work in the 23% cloud We have no security concerns 16% Source: CloudPassage CloudSec Community Survey © 2011 CloudPassage Inc.
  • 10. “We didn’t think we had cloud servers. Then we checked our developers’ expense reports for AWS...” - CISO, Fortune 500 Name withheld upon request © 2011 CloudPassage Inc.
  • 11. Cloud Responsibility, Not So Different © 2011 CloudPassage Inc.
  • 12. Shared Responsibility Model Responsibility EC2 Shared Responsibility Model Data Customer “…the customer should assume App Code responsibility and management of, but not limited to, the guest operating system.. and App Framework associated application software...” Operating System “…it is possible for customers to enhance security and/or meet more stringent Virtual Machine compliance requirements with the addition of Responsibility host based firewalls, host based intrusion Hypervisor Provider detection/prevention, encryption and key management.” Compute & Storage Amazon Web Services: Overview of Security Shared Network Processes Physical Facilities © 2011 CloudPassage Inc.
  • 13. Delineation of Responsibility IaaS PaaS SaaS Interface Interface Interface Application Application Application Solution Stack Solution Stack Solution Stack Customer Responsibility Operating System Operating System Operating System Provider Hypervisor Hypervisor Hypervisor Responsibility Compute & Storage Compute & Storage Compute & Storage Network Network Network Facility Facility Facility Client Virtual/ File Permissions None Segregation: Hypervisor (Client ID in DB) © 2011 CloudPassage Inc.
  • 14. Provider Customer Virtual Network API Compute Logic Virtual Physical Physical Facilities Network App stack Hypervisor Application Machine/OS GUI App Framework / Storage Authentication Configuration Lockdown Patching NIDS/NIPS HIDS/HIPS Packet Filtering Proxy/Middleware Proxy/Middleware Application White Listing Anti-Virus File/Record Access Control Encryption Encryption DLP NAC SIEM Auditing/Pen Testing Forensics Application of Security in IaaS Secure Development Lifecycle Architecture/Design Physical
  • 15. Survey: Cloud Security Practices Question: How do you secure your cloud servers today? Wrote my own Commercial tool automation tools Open source or custom tool My provider does it for me Amazon Security Group We're not securing our Manually, using cloud servers a checklist Source: CloudPassage CloudSec Community Survey © 2011 CloudPassage Inc.
  • 16. Cloud Risk is Different © 2011 CloudPassage Inc.
  • 17. What’s So Different? © 2011 CloudPassage Inc.
  • 18. What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 www-4 – Poor configurations were tolerable public cloud © 2011 CloudPassage Inc.
  • 19. What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door www-4 public cloud © 2011 CloudPassage Inc.
  • 20. What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door • Sprawling, multiplying exposures – Rapidly growing attack surface area – More servers = more vulnerabilities – More servers ≠ more people www-4 www-5 www-6 www-7 www-8 www-9 www-10 public cloud © 2011 CloudPassage Inc.
  • 21. What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door • Sprawling, multiplying exposures – Rapidly growing attack surface area – More servers = more vulnerabilities – More servers ≠ more people www-4 www-5 www-6 • Fraudsters target cloud servers www-7 www-8 www-9 www-10 – Softer targets to penetrate – No perimeter defenses to thwart – Elasticity = more botnet to sell public cloud © 2011 CloudPassage Inc.
  • 24. Survey: OS Running in the Cloud Question: Which operating systems do you run on your cloud servers? Windows 78% Running Windows Windows and Linux Running Linux 55% Linux BSD Source: CloudPassage CloudSec Community Survey © 2011 CloudPassage Inc.
  • 25. Cloud Security Approach © 2011 CloudPassage Inc.
  • 26. How To Secure Cloud Servers Servers in hybrid and public clouds must be self- defending with highly automated controls like… Dynamic network Server compromise & access control intrusion alerting Configuration and Server forensics and package security security analytics Server account Integration & automation visibility & control capabilities © 2011 CloudPassage Inc.
  • 27. Architectural Challenges • Inconsistent Control (you don’t own everything) – The only thing you can count on is guest VM ownership • Elasticity (not all servers are steady-state) – Cloudbursting, stale servers, dynamic provisioning • Scalability (handle variable workloads) – May have one dev server or 1,000 number-crunchers • Portability (same controls work anywhere) – Nobody wants multiple tools or IaaS provider lock-in © 2011 CloudPassage Inc.
  • 28. Portable = “Works Anywhere” Public Cloud Hybrid Cloud Which is hardest to solve? Private Cloud Traditional Hardware © 2011 CloudPassage Inc.
  • 29. Problem: How can we secure large- scale, dynamic application stacks across clouds we probably don’t control? Proposal: Highly automated, scalable, elastic security at the guest VM level. © 2011 CloudPassage Inc.
  • 30. The VM is the Unit of Control Data App Code Controlled by App Framework Hosting-User Operating System Virtual Machine Hypervisor Controlled Compute & Storage by Hosting- Provider Shared Network Physical Facilities © 2011 CloudPassage Inc.
  • 31. The VM is the Unit of Scale Data Data App Code App Code App Framework App Framework Operating System Operating System Virtual Machine Virtual Machine Hypervisor Compute & Storage Shared Network Physical Facilities © 2011 CloudPassage Inc.
  • 32. The VM is the Unit of Portability Private Cloud IaaS Provider Data Data App Code App Code App Framework App Framework Operating System Operating System Virtual Machine Virtual Machine Hypervisor Hypervisor Compute & Storage Compute & Storage Shared Network Shared Network Physical Facilities Physical Facilities © 2011 CloudPassage Inc.
  • 33. Thesis In cloud environments, the intersection of control, portability & scale is almost always the guest virtual-machine. © 2011 CloudPassage Inc.
  • 34. Haven’t We Dealt With This Before? © 2011 CloudPassage Inc.
  • 35. Déjà vu – Laptops as a Model • We’ve dealt with securing portable assets in the past • Security needed to change from being network-based to host-based • Expect similar to occur with cloud • Dynamic shared resources means host-based technology must be reworked prior to use © 2011 CloudPassage Inc.
  • 36. Security Hamster Sine Wave of Pain Used with permission, and extended thanks to Andy Jaquith
  • 37. In Closing © 2011 CloudPassage Inc.
  • 38. Summary • There are people using cloud in your org… • Cloud users often don’t understand security, and definitely don’t know their responsibility • Cloud security is different, and hard • The bad guys know this! • Cloud has different points of control, leverage them! © 2011 CloudPassage Inc.
  • 39. Best Practices • Know who is running what, and where • Read and understand what your provider does, and what you are responsible for • Take extra precautions when moving servers outside your data center • Start with public cloud, after that everything is easy! • Focus on securing what you control © 2011 CloudPassage Inc.
  • 40. Wrapping Up • Continue the discussion – Slides available: community.cloudpassage.com • Contact me – Email: rand@cloudpassage.com – Twitter: @randwacker • We’re hiring! Expert in Security and/or Cloud? – Email: jobs@cloudpassage.com © 2011 CloudPassage Inc.
  • 42. What does CloudPassage do? Security for virtual servers running in public and private clouds Firewall Compromise & Management intrusion alerting Server Security & compliance Configurations auditing Server account Vulnerability Management Management  Cloud adoption without fear  Faster and easier compliance  Repel attacks on your servers  Free Basic version, 5 minutes setup © 2011 CloudPassage Inc.

Notes de l'éditeur

  1. 1. Zappos is creating apps for their unique corporate culture2. Foursquare is a great example in social media – scaling up & down over the weekend.3, Ebayxmas - Highway into the city expand from 3 to 7 lanes in rush hour
  2. SAASFast and easyThe only cloud security platform built for the cloud