SlideShare a Scribd company logo

Cloudy Security

Iftach Ian Amit
Iftach Ian Amit
TechnologyBusiness
1 of 8
Download to read offline
Cloudy Security Bringing Cloud operational benefits to the world of security and privacy Gilad Parann-Nissany http://www.porticor.com contact@porticor.com DefCon Group 9723 Meetup, December 21st, 2010 12/22/2010 www.porticor.com © PORTICOR 2009, 2010
Securing the Cloud Cloudy Security Cloud Operations 12/22/2010 www.porticor.com © PORTICOR 2009, 2010 2
“Cloudy” Security • Focus: public cloud – Because its in some ways more challenging than private cloud • Focus: IaaS/PaaS – SaaS controlled by vendor 12/22/2010 www.porticor.com © PORTICOR 2009, 2010 3
Threat Analysis: I/PaaS PaaS • Shared Technology IaaS Platform as a Service Vulnerabilities Infrastructure as a Service • Data Loss/Data Leakage • Malicious Insiders • Account Service or Hijacking of Traffic • Insecure APIs • Nefarious Use of Service • Unknown Risk Profile (*) courtesy “Cloud Security Alliance: Assuring the future of Cloud Computing”: S. Loureiro, 2010 12/22/2010 www.porticor.com © PORTICOR 2009, 2010 4
Security in the Cloud Multi- layered Security Cloud Ops Security with Cloud Economics 12/22/2010 Confidential ©Porticor
Concept Customer Business 12/22/2010 Confidential ©Porticor
Elements of Cloud Data Security Comprehensive Data Protection • Virtual Disks Cloud Ops • DBs • Deployed in • Distributed Storage Cloud Key minutes • Pay as you go Management Fully addresses Virtual Audit & Business security Private Compliance concerns (SIM/SOC) Data™ 12/22/2010 Confidential ©Porticor
12/22/2010 Confidential ©Porticor

Recommended

20100925 cloudy security - porticor
20100925 cloudy security - porticor20100925 cloudy security - porticor
20100925 cloudy security - porticorgiladpn
 
What is cloud
What is cloudWhat is cloud
What is cloudmaxminhaj1
 
uk identity assurance programme - IDA draft principles
uk identity assurance programme - IDA draft principlesuk identity assurance programme - IDA draft principles
uk identity assurance programme - IDA draft principlesJerry Fishenden
 
WidSets for MIW Boston
WidSets for MIW BostonWidSets for MIW Boston
WidSets for MIW BostonTuomo Sihvola
 
Belgacom - Cloud Computing-Meer business met minder IT
Belgacom - Cloud Computing-Meer business met minder ITBelgacom - Cloud Computing-Meer business met minder IT
Belgacom - Cloud Computing-Meer business met minder ITPLATOVlaanderen
 
Fujitsu Managed Mobile. How to mobilise your business
Fujitsu Managed Mobile. How to mobilise your businessFujitsu Managed Mobile. How to mobilise your business
Fujitsu Managed Mobile. How to mobilise your businessFujitsu Russia
 
Akvavit Meeting
Akvavit MeetingAkvavit Meeting
Akvavit Meetinghagero
 
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's ProblemsDevil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problemsscoopnewsgroup
 

Recommended

20100925 cloudy security - porticor
20100925 cloudy security - porticor20100925 cloudy security - porticor
20100925 cloudy security - porticorgiladpn
 
What is cloud
What is cloudWhat is cloud
What is cloudmaxminhaj1
 
uk identity assurance programme - IDA draft principles
uk identity assurance programme - IDA draft principlesuk identity assurance programme - IDA draft principles
uk identity assurance programme - IDA draft principlesJerry Fishenden
 
WidSets for MIW Boston
WidSets for MIW BostonWidSets for MIW Boston
WidSets for MIW BostonTuomo Sihvola
 
Belgacom - Cloud Computing-Meer business met minder IT
Belgacom - Cloud Computing-Meer business met minder ITBelgacom - Cloud Computing-Meer business met minder IT
Belgacom - Cloud Computing-Meer business met minder ITPLATOVlaanderen
 
Fujitsu Managed Mobile. How to mobilise your business
Fujitsu Managed Mobile. How to mobilise your businessFujitsu Managed Mobile. How to mobilise your business
Fujitsu Managed Mobile. How to mobilise your businessFujitsu Russia
 
Akvavit Meeting
Akvavit MeetingAkvavit Meeting
Akvavit Meetinghagero
 
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's ProblemsDevil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems
Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problemsscoopnewsgroup
 
Creative motivator: Creative leaders motivate effectively
Creative motivator: Creative leaders motivate effectivelyCreative motivator: Creative leaders motivate effectively
Creative motivator: Creative leaders motivate effectivelyLearningade
 
LEITURA BÍBLICA DIÁRIA - Calendário referente Leitura Bíblica Diária - (DAILY...
LEITURA BÍBLICA DIÁRIA - Calendário referente Leitura Bíblica Diária - (DAILY...LEITURA BÍBLICA DIÁRIA - Calendário referente Leitura Bíblica Diária - (DAILY...
LEITURA BÍBLICA DIÁRIA - Calendário referente Leitura Bíblica Diária - (DAILY...Osvaldo Gomes Cruz
 
Def con 9723 April Meeting
Def con 9723 April MeetingDef con 9723 April Meeting
Def con 9723 April MeetingIftach Ian Amit
 
LEVÍTICO - HINOS - (LEVITICUS - HYMNS)
LEVÍTICO - HINOS - (LEVITICUS - HYMNS)LEVÍTICO - HINOS - (LEVITICUS - HYMNS)
LEVÍTICO - HINOS - (LEVITICUS - HYMNS)Osvaldo Gomes Cruz
 
Our school
Our schoolOur school
Our schoolAlfredo Caseiro
 
Social engineering - DC9723
Social engineering - DC9723Social engineering - DC9723
Social engineering - DC9723Iftach Ian Amit
 
Cyber state
Cyber stateCyber state
Cyber stateIftach Ian Amit
 
Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012itandlaw
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youGlobal Business Events
 
DaaS/IaaS Forum Moscow - Najat Messaoud
DaaS/IaaS Forum Moscow - Najat MessaoudDaaS/IaaS Forum Moscow - Najat Messaoud
DaaS/IaaS Forum Moscow - Najat MessaoudDenis Gundarev
 
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012Amazon Web Services
 
Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud Emulex Corporation
 
Cloud Deployment Models
Cloud Deployment ModelsCloud Deployment Models
Cloud Deployment ModelsStanton Jones
 
Porticor - Can Data be safe in Public Clouds, in Compliance with Standards
Porticor - Can Data be safe in Public Clouds, in Compliance with StandardsPorticor - Can Data be safe in Public Clouds, in Compliance with Standards
Porticor - Can Data be safe in Public Clouds, in Compliance with Standardsgiladpn
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraTrend Micro (EMEA) Limited
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceUNIT4 IT Solutions
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Cloud Computing - a legal view from Bird & Bird
Cloud Computing - a legal view from Bird & BirdCloud Computing - a legal view from Bird & Bird
Cloud Computing - a legal view from Bird & BirdEduserv
 
Intalio Cloud V4 ロードマップ
Intalio Cloud V4 ロードマップIntalio Cloud V4 ロードマップ
Intalio Cloud V4 ロードマップTomoaki Sawada
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksCisco Service Provider Mobility
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Brian K. Dickard
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementNishant Kaushik
 

More Related Content

Viewers also liked

Creative motivator: Creative leaders motivate effectively
Creative motivator: Creative leaders motivate effectivelyCreative motivator: Creative leaders motivate effectively
Creative motivator: Creative leaders motivate effectivelyLearningade
 
LEITURA BÍBLICA DIÁRIA - Calendário referente Leitura Bíblica Diária - (DAILY...
LEITURA BÍBLICA DIÁRIA - Calendário referente Leitura Bíblica Diária - (DAILY...LEITURA BÍBLICA DIÁRIA - Calendário referente Leitura Bíblica Diária - (DAILY...
LEITURA BÍBLICA DIÁRIA - Calendário referente Leitura Bíblica Diária - (DAILY...Osvaldo Gomes Cruz
 
Def con 9723 April Meeting
Def con 9723 April MeetingDef con 9723 April Meeting
Def con 9723 April MeetingIftach Ian Amit
 
LEVÍTICO - HINOS - (LEVITICUS - HYMNS)
LEVÍTICO - HINOS - (LEVITICUS - HYMNS)LEVÍTICO - HINOS - (LEVITICUS - HYMNS)
LEVÍTICO - HINOS - (LEVITICUS - HYMNS)Osvaldo Gomes Cruz
 
Social engineering - DC9723
Social engineering - DC9723Social engineering - DC9723
Social engineering - DC9723Iftach Ian Amit
 

Viewers also liked (7)

Creative motivator: Creative leaders motivate effectively
Creative motivator: Creative leaders motivate effectivelyCreative motivator: Creative leaders motivate effectively
Creative motivator: Creative leaders motivate effectively
 
LEITURA BÍBLICA DIÁRIA - Calendário referente Leitura Bíblica Diária - (DAILY...
LEITURA BÍBLICA DIÁRIA - Calendário referente Leitura Bíblica Diária - (DAILY...LEITURA BÍBLICA DIÁRIA - Calendário referente Leitura Bíblica Diária - (DAILY...
LEITURA BÍBLICA DIÁRIA - Calendário referente Leitura Bíblica Diária - (DAILY...
 
Def con 9723 April Meeting
Def con 9723 April MeetingDef con 9723 April Meeting
Def con 9723 April Meeting
 
LEVÍTICO - HINOS - (LEVITICUS - HYMNS)
LEVÍTICO - HINOS - (LEVITICUS - HYMNS)LEVÍTICO - HINOS - (LEVITICUS - HYMNS)
LEVÍTICO - HINOS - (LEVITICUS - HYMNS)
 
Our school
Our schoolOur school
Our school
 
Social engineering - DC9723
Social engineering - DC9723Social engineering - DC9723
Social engineering - DC9723
 
Cyber state
Cyber stateCyber state
Cyber state
 

Similar to Cloudy Security

Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012itandlaw
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youGlobal Business Events
 
DaaS/IaaS Forum Moscow - Najat Messaoud
DaaS/IaaS Forum Moscow - Najat MessaoudDaaS/IaaS Forum Moscow - Najat Messaoud
DaaS/IaaS Forum Moscow - Najat MessaoudDenis Gundarev
 
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012Amazon Web Services
 
Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud Emulex Corporation
 
Cloud Deployment Models
Cloud Deployment ModelsCloud Deployment Models
Cloud Deployment ModelsStanton Jones
 
Porticor - Can Data be safe in Public Clouds, in Compliance with Standards
Porticor - Can Data be safe in Public Clouds, in Compliance with StandardsPorticor - Can Data be safe in Public Clouds, in Compliance with Standards
Porticor - Can Data be safe in Public Clouds, in Compliance with Standardsgiladpn
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraTrend Micro (EMEA) Limited
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceUNIT4 IT Solutions
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Cloud Computing - a legal view from Bird & Bird
Cloud Computing - a legal view from Bird & BirdCloud Computing - a legal view from Bird & Bird
Cloud Computing - a legal view from Bird & BirdEduserv
 
Intalio Cloud V4 ロードマップ
Intalio Cloud V4 ロードマップIntalio Cloud V4 ロードマップ
Intalio Cloud V4 ロードマップTomoaki Sawada
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Brian K. Dickard
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementNishant Kaushik
 
Security in a Cloudy Architecture
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy ArchitectureBob Rhubart
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage OverviewCloudPassage
 
Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the CloudNeil Readshaw
 
Webinar: eFolder Expert Series: Five Technologies from AppAssure to Boost You...
Webinar: eFolder Expert Series: Five Technologies from AppAssure to Boost You...Webinar: eFolder Expert Series: Five Technologies from AppAssure to Boost You...
Webinar: eFolder Expert Series: Five Technologies from AppAssure to Boost You...Dropbox
 
Financial Analyst Day 2013
Financial Analyst Day 2013Financial Analyst Day 2013
Financial Analyst Day 2013avelinakauffman
 

Similar to Cloudy Security (20)

Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012
 
Trend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are youTrend micro - Your journey to the cloud, where are you
Trend micro - Your journey to the cloud, where are you
 
DaaS/IaaS Forum Moscow - Najat Messaoud
DaaS/IaaS Forum Moscow - Najat MessaoudDaaS/IaaS Forum Moscow - Najat Messaoud
DaaS/IaaS Forum Moscow - Najat Messaoud
 
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
 
Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud Emulex and IDC Present Why I/O is Strategic for the Cloud
Emulex and IDC Present Why I/O is Strategic for the Cloud
 
Cloud Deployment Models
Cloud Deployment ModelsCloud Deployment Models
Cloud Deployment Models
 
Porticor - Can Data be safe in Public Clouds, in Compliance with Standards
Porticor - Can Data be safe in Public Clouds, in Compliance with StandardsPorticor - Can Data be safe in Public Clouds, in Compliance with Standards
Porticor - Can Data be safe in Public Clouds, in Compliance with Standards
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC Era
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
Cloud Computing - a legal view from Bird & Bird
Cloud Computing - a legal view from Bird & BirdCloud Computing - a legal view from Bird & Bird
Cloud Computing - a legal view from Bird & Bird
 
Intalio Cloud V4 ロードマップ
Intalio Cloud V4 ロードマップIntalio Cloud V4 ロードマップ
Intalio Cloud V4 ロードマップ
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless Networks
 
Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)Cloud Computing Risk Management (Multi Venue)
Cloud Computing Risk Management (Multi Venue)
 
Building a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity ManagementBuilding a Strong Foundation for Your Cloud with Identity Management
Building a Strong Foundation for Your Cloud with Identity Management
 
Security in a Cloudy Architecture
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy Architecture
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
 
Protecting Data in the Cloud
Protecting Data in the CloudProtecting Data in the Cloud
Protecting Data in the Cloud
 
Webinar: eFolder Expert Series: Five Technologies from AppAssure to Boost You...
Webinar: eFolder Expert Series: Five Technologies from AppAssure to Boost You...Webinar: eFolder Expert Series: Five Technologies from AppAssure to Boost You...
Webinar: eFolder Expert Series: Five Technologies from AppAssure to Boost You...
 
Financial Analyst Day 2013
Financial Analyst Day 2013Financial Analyst Day 2013
Financial Analyst Day 2013
 

More from Iftach Ian Amit

Cyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVCyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVIftach Ian Amit
 
BSidesTLV Closing Keynote
BSidesTLV Closing KeynoteBSidesTLV Closing Keynote
BSidesTLV Closing KeynoteIftach Ian Amit
 
Social Media Risk Metrics
Social Media Risk MetricsSocial Media Risk Metrics
Social Media Risk MetricsIftach Ian Amit
 
From your Pocket to your Heart and Back
From your Pocket to your Heart and BackFrom your Pocket to your Heart and Back
From your Pocket to your Heart and BackIftach Ian Amit
 
Painting a Company Red and Blue
Painting a Company Red and BluePainting a Company Red and Blue
Painting a Company Red and BlueIftach Ian Amit
 
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?Iftach Ian Amit
 
Seeing Red In Your Future?
Seeing Red In Your Future?Seeing Red In Your Future?
Seeing Red In Your Future?Iftach Ian Amit
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2Iftach Ian Amit
 
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itAdvanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itIftach Ian Amit
 
Infecting Python Bytecode
Infecting Python BytecodeInfecting Python Bytecode
Infecting Python BytecodeIftach Ian Amit
 
Cheating in Computer Games
Cheating in Computer GamesCheating in Computer Games
Cheating in Computer GamesIftach Ian Amit
 
Telecommunication basics dc9723
Telecommunication basics dc9723Telecommunication basics dc9723
Telecommunication basics dc9723Iftach Ian Amit
 

More from Iftach Ian Amit (20)

Cyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVCyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLV
 
Devsecops at Cimpress
Devsecops at CimpressDevsecops at Cimpress
Devsecops at Cimpress
 
BSidesTLV Closing Keynote
BSidesTLV Closing KeynoteBSidesTLV Closing Keynote
BSidesTLV Closing Keynote
 
Social Media Risk Metrics
Social Media Risk MetricsSocial Media Risk Metrics
Social Media Risk Metrics
 
ISTS12 Keynote
ISTS12 KeynoteISTS12 Keynote
ISTS12 Keynote
 
From your Pocket to your Heart and Back
From your Pocket to your Heart and BackFrom your Pocket to your Heart and Back
From your Pocket to your Heart and Back
 
Painting a Company Red and Blue
Painting a Company Red and BluePainting a Company Red and Blue
Painting a Company Red and Blue
 
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
 
Armorizing applications
Armorizing applicationsArmorizing applications
Armorizing applications
 
Seeing Red In Your Future?
Seeing Red In Your Future?Seeing Red In Your Future?
Seeing Red In Your Future?
 
Hacking cyber-iamit
Hacking cyber-iamitHacking cyber-iamit
Hacking cyber-iamit
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Sexy defense
Sexy defenseSexy defense
Sexy defense
 
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itAdvanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
 
Infecting Python Bytecode
Infecting Python BytecodeInfecting Python Bytecode
Infecting Python Bytecode
 
Exploiting Second life
Exploiting Second lifeExploiting Second life
Exploiting Second life
 
Dtmf phreaking
Dtmf phreakingDtmf phreaking
Dtmf phreaking
 
Cheating in Computer Games
Cheating in Computer GamesCheating in Computer Games
Cheating in Computer Games
 
Telecommunication basics dc9723
Telecommunication basics dc9723Telecommunication basics dc9723
Telecommunication basics dc9723
 

Recently uploaded

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 

Recently uploaded (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 

Cloudy Security

  • 1. Cloudy Security Bringing Cloud operational benefits to the world of security and privacy Gilad Parann-Nissany http://www.porticor.com contact@porticor.com DefCon Group 9723 Meetup, December 21st, 2010 12/22/2010 www.porticor.com © PORTICOR 2009, 2010
  • 2. Securing the Cloud Cloudy Security Cloud Operations 12/22/2010 www.porticor.com © PORTICOR 2009, 2010 2
  • 3. “Cloudy” Security • Focus: public cloud – Because its in some ways more challenging than private cloud • Focus: IaaS/PaaS – SaaS controlled by vendor 12/22/2010 www.porticor.com © PORTICOR 2009, 2010 3
  • 4. Threat Analysis: I/PaaS PaaS • Shared Technology IaaS Platform as a Service Vulnerabilities Infrastructure as a Service • Data Loss/Data Leakage • Malicious Insiders • Account Service or Hijacking of Traffic • Insecure APIs • Nefarious Use of Service • Unknown Risk Profile (*) courtesy “Cloud Security Alliance: Assuring the future of Cloud Computing”: S. Loureiro, 2010 12/22/2010 www.porticor.com © PORTICOR 2009, 2010 4
  • 5. Security in the Cloud Multi- layered Security Cloud Ops Security with Cloud Economics 12/22/2010 Confidential ©Porticor
  • 6. Concept Customer Business 12/22/2010 Confidential ©Porticor
  • 7. Elements of Cloud Data Security Comprehensive Data Protection • Virtual Disks Cloud Ops • DBs • Deployed in • Distributed Storage Cloud Key minutes • Pay as you go Management Fully addresses Virtual Audit & Business security Private Compliance concerns (SIM/SOC) Data™ 12/22/2010 Confidential ©Porticor
  • 8. 12/22/2010 Confidential ©Porticor