More Related Content
Similar to Cloudy Security
Similar to Cloudy Security (20)
More from Iftach Ian Amit
More from Iftach Ian Amit (20)
Cloudy Security
- 1. Cloudy Security
Bringing Cloud operational benefits to the world of security and privacy
Gilad Parann-Nissany
http://www.porticor.com
contact@porticor.com
DefCon Group 9723 Meetup, December 21st, 2010
12/22/2010 www.porticor.com © PORTICOR 2009, 2010
- 2. Securing
the Cloud
Cloudy
Security
Cloud
Operations
12/22/2010 www.porticor.com © PORTICOR 2009, 2010 2
- 3. “Cloudy” Security
• Focus: public cloud
– Because its in some ways more challenging than
private cloud
• Focus: IaaS/PaaS
– SaaS controlled by vendor
12/22/2010 www.porticor.com © PORTICOR 2009, 2010 3
- 4. Threat Analysis: I/PaaS
PaaS • Shared Technology
IaaS Platform as a Service Vulnerabilities
Infrastructure as a
Service
• Data Loss/Data Leakage
• Malicious Insiders
• Account Service or
Hijacking of Traffic
• Insecure APIs
• Nefarious Use of Service
• Unknown Risk Profile
(*) courtesy “Cloud Security Alliance: Assuring the future of
Cloud Computing”: S. Loureiro, 2010
12/22/2010 www.porticor.com © PORTICOR 2009, 2010 4
- 5. Security in the Cloud
Multi-
layered
Security
Cloud
Ops
Security with
Cloud
Economics
12/22/2010 Confidential ©Porticor
- 6. Concept
Customer
Business
12/22/2010 Confidential ©Porticor
- 7. Elements of Cloud Data Security
Comprehensive
Data Protection
• Virtual Disks
Cloud Ops • DBs
• Deployed in • Distributed Storage
Cloud Key
minutes
• Pay as you go
Management
Fully addresses
Virtual Audit &
Business security Private Compliance
concerns (SIM/SOC)
Data™
12/22/2010 Confidential ©Porticor