SlideShare une entreprise Scribd logo

Wall-Street Technology Association (WSTA) Feb-2012

Télécharger en tant que PPTX, PDF
Joshua McKenty
Joshua McKenty
TechnologieBusiness
1  sur  15
―If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.‖ – Bruce Schneier
EVERYTHING OLD IS NEW AGAIN: Risk, Compliance, and Complexity Me: Joshua McKenty Twitter: @jmckenty Email: joshua@pistoncloud.com Former Chief Architect, NASA Nebula Founding Member, OpenStack OpenStack Project Policy Board CEO, Piston Cloud Computing, Inc.
Step 1: Define Cloud ―Self-service provisioning of multi-tenant IT infrastructure and applications via HTTP.‖ Step 2: Consider Your Cloud Options Public Cloud Community Cloud Hosted Private Cloud On-premise Private cloud
Step 3: Examine the risks Increased Insider Threat Complexity Risk Compliance Challenges Liability and Forensics ―…security and compliance costs continue to grow at a rate three times faster than that of IT budgets.‖ - IBM
Five-Actor Model Vendor End-User Operator DevOps Auditor User
Off Premise IT: A Matrix of Insiders Physical Host Access Guest Access Application Access Access Your Employees X X Your Contractors X X Managed Services ? X Provider Cloud Service X X X Providers External Auditor X X X Other Cloud ? ? Users DC Operators X ?
Complexity Risk ―If we don’t understand the cross-cutting effects and inherent contradictions in all of the stringent standards now being written into final form, we risk doing real damage to the sound, stable and — yes — profitable financial industry regulators say they support and the economies sorely need.‖ - Karen Petrou, Federal Financial Analytics ―Complexity is holding our industry back right now. A lot of what is bought and paid for doesn't get implemented because of complexity. Maybe this is the industry's biggest challenge.‖ - Ray Lane, Kleiner Perkins Caufield & Byers
YOUR VENDOR IS THE ENEMY Trivial Solution: Add a root kit Guest Agent == Root Kit SaaS Logging == Root Kit Cloud Orchestration Agent == Root Kit Monitoring Agent == Root Kit Real Solution: Attack Complexity Cloud can be evolutionary (not revolutionary) Fight sprawl with strong standards Use automation and standards to reduce the number of privileged users and applications Limit choice – one hypervisor, two base O/S, three application stacks
Logging in Depth Network Host Operating System Guest Operating System User and application events Cloud Orchestration Application Layer
Audit in Depth, with Standards Audit at all layers Host Environment Cloud Management Guest Environment Orchestration Trust no one – even in Test and Dev Data-at-rest encryption Data integrity validation Hardened base O/S images
The Stack of Concerns Application DevOps Application Server Guest OS Hypervisor Operator Storage Infrastructure Host OS Physical Server
Key Takeaways Complexity is the enemy Adding rootkits is the wrong solution Use automation to limit access Simplify services using Pareto’s Law
Piston Enterprise OS Secure Cloud Operating System Designed for Enterprise Private Clouds Built on OpenStack Piston Cloud Computing, Inc. Former NASA Researchers Developed first FISMA-certified Cloud Founders of OpenStack
Opinionated Software One hypervisor No host OS access One reference architecture
Questions? ―We can only see a short distance ahead, but we can see plenty there that needs to be done.‖ – Alan Turing

Recommandé

Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
CloudExpoEurope
 
Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2
rpark31
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
acijjournal
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
Open Source and Security: Engineering Security by Design - Prague, December 2011
Open Source and Security: Engineering Security by Design - Prague, December 2011Open Source and Security: Engineering Security by Design - Prague, December 2011
Open Source and Security: Engineering Security by Design - Prague, December 2011
Jeremy Brown
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Rashmi Agale
 
Can Cloud Solutions Transform Network Security
Can Cloud Solutions Transform Network SecurityCan Cloud Solutions Transform Network Security
Can Cloud Solutions Transform Network Security
EC-Council
 
Collaborative Contingency in the Cloud
Collaborative Contingency in the CloudCollaborative Contingency in the Cloud
Collaborative Contingency in the Cloud
Glen Roberts, CISSP
 

Recommandé

Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
CloudExpoEurope
 
Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2
rpark31
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURE
acijjournal
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
Open Source and Security: Engineering Security by Design - Prague, December 2011
Open Source and Security: Engineering Security by Design - Prague, December 2011Open Source and Security: Engineering Security by Design - Prague, December 2011
Open Source and Security: Engineering Security by Design - Prague, December 2011
Jeremy Brown
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
Rashmi Agale
 
Can Cloud Solutions Transform Network Security
Can Cloud Solutions Transform Network SecurityCan Cloud Solutions Transform Network Security
Can Cloud Solutions Transform Network Security
EC-Council
 
Collaborative Contingency in the Cloud
Collaborative Contingency in the CloudCollaborative Contingency in the Cloud
Collaborative Contingency in the Cloud
Glen Roberts, CISSP
 
Cisco's 2016 Annual Security report
Cisco's 2016 Annual Security reportCisco's 2016 Annual Security report
Cisco's 2016 Annual Security report
Cisco Canada
 
Twistlock: 7 Experts on Cloud-Native Security
Twistlock: 7 Experts on Cloud-Native SecurityTwistlock: 7 Experts on Cloud-Native Security
Twistlock: 7 Experts on Cloud-Native Security
Mighty Guides, Inc.
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
George Fares
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Qualys
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
NJVC, LLC
 
Dressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDressing up the ICS Kill Chain
Dressing up the ICS Kill Chain
Dragos, Inc.
 
HOW TO TROUBLESHOOT SECURITY INCIDENTS IN A CLOUD ENVIRONMENT?
HOW TO TROUBLESHOOT SECURITY INCIDENTS IN A CLOUD ENVIRONMENT?HOW TO TROUBLESHOOT SECURITY INCIDENTS IN A CLOUD ENVIRONMENT?
HOW TO TROUBLESHOOT SECURITY INCIDENTS IN A CLOUD ENVIRONMENT?
EC-Council
 
Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015
John White
 
Sharing the Cloud
Sharing the CloudSharing the Cloud
Sharing the Cloud
Glen Roberts, CISSP
 
VMware Technical Overview (2012)
VMware Technical Overview (2012)VMware Technical Overview (2012)
VMware Technical Overview (2012)
Steven Aiello
 
Kaspersky security for virtualization light agent launch presentation
Kaspersky security for virtualization light agent launch presentationKaspersky security for virtualization light agent launch presentation
Kaspersky security for virtualization light agent launch presentation
ShapeBlue
 
Threats and risks to cloud computing
Threats and risks to cloud computingThreats and risks to cloud computing
Threats and risks to cloud computing
Ryo Matsumoto
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Nazish Mohammed
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to Cloud
Cisco Security
 
Cloud Computing Security Threats and Responses
Cloud Computing Security Threats and ResponsesCloud Computing Security Threats and Responses
Cloud Computing Security Threats and Responses
shafzonly
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
fanc1985
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATION
GS CHO
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
Ajay p
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the Application
Cisco Security
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Qualys
 
The Psychology Of Security Bruce Schneier
The Psychology Of Security Bruce SchneierThe Psychology Of Security Bruce Schneier
The Psychology Of Security Bruce Schneier
Larry Taylor Ph.D.
 
What is Email Header - Understanding Email Anatomy
What is Email Header - Understanding Email AnatomyWhat is Email Header - Understanding Email Anatomy
What is Email Header - Understanding Email Anatomy
email_header
 

Contenu connexe

Tendances

Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Qualys
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
NJVC, LLC
 
Dressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDressing up the ICS Kill Chain
Dressing up the ICS Kill Chain
Dragos, Inc.
 
Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015
John White
 
Threats and risks to cloud computing
Threats and risks to cloud computingThreats and risks to cloud computing
Threats and risks to cloud computing
Ryo Matsumoto
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
fanc1985
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATION
GS CHO
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Qualys
 

Tendances (20)

Cisco's 2016 Annual Security report
Cisco's 2016 Annual Security reportCisco's 2016 Annual Security report
Cisco's 2016 Annual Security report
 
Twistlock: 7 Experts on Cloud-Native Security
Twistlock: 7 Experts on Cloud-Native SecurityTwistlock: 7 Experts on Cloud-Native Security
Twistlock: 7 Experts on Cloud-Native Security
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediation
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
 
Dressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDressing up the ICS Kill Chain
Dressing up the ICS Kill Chain
 
HOW TO TROUBLESHOOT SECURITY INCIDENTS IN A CLOUD ENVIRONMENT?
HOW TO TROUBLESHOOT SECURITY INCIDENTS IN A CLOUD ENVIRONMENT?HOW TO TROUBLESHOOT SECURITY INCIDENTS IN A CLOUD ENVIRONMENT?
HOW TO TROUBLESHOOT SECURITY INCIDENTS IN A CLOUD ENVIRONMENT?
 
Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015Case_Study__Juniper_Expedient_2015
Case_Study__Juniper_Expedient_2015
 
Sharing the Cloud
Sharing the CloudSharing the Cloud
Sharing the Cloud
 
VMware Technical Overview (2012)
VMware Technical Overview (2012)VMware Technical Overview (2012)
VMware Technical Overview (2012)
 
Kaspersky security for virtualization light agent launch presentation
Kaspersky security for virtualization light agent launch presentationKaspersky security for virtualization light agent launch presentation
Kaspersky security for virtualization light agent launch presentation
 
Threats and risks to cloud computing
Threats and risks to cloud computingThreats and risks to cloud computing
Threats and risks to cloud computing
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
From Physical to Virtual to Cloud
From Physical to Virtual to CloudFrom Physical to Virtual to Cloud
From Physical to Virtual to Cloud
 
Cloud Computing Security Threats and Responses
Cloud Computing Security Threats and ResponsesCloud Computing Security Threats and Responses
Cloud Computing Security Threats and Responses
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATION
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 
Defending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the ApplicationDefending the Data Center: Managing Users from the Edge to the Application
Defending the Data Center: Managing Users from the Edge to the Application
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
 

En vedette

Ch03 Ch06 Des And Others
Ch03 Ch06 Des And OthersCh03 Ch06 Des And Others
Ch03 Ch06 Des And Others
nathanurag
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
mmubashirkhan
 

En vedette (10)

The Psychology Of Security Bruce Schneier
The Psychology Of Security Bruce SchneierThe Psychology Of Security Bruce Schneier
The Psychology Of Security Bruce Schneier
 
What is Email Header - Understanding Email Anatomy
What is Email Header - Understanding Email AnatomyWhat is Email Header - Understanding Email Anatomy
What is Email Header - Understanding Email Anatomy
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Collision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsCollision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platforms
 
Hash DoS Attack
Hash DoS AttackHash DoS Attack
Hash DoS Attack
 
Ch03 Ch06 Des And Others
Ch03 Ch06 Des And OthersCh03 Ch06 Des And Others
Ch03 Ch06 Des And Others
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & Analysis
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
 

Similaire à Wall-Street Technology Association (WSTA) Feb-2012

Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak
 
Declare Victory with Big Data
Declare Victory with Big DataDeclare Victory with Big Data
Declare Victory with Big Data
J On The Beach
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - final
Andrew White
 
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Phil Copperwheat
 
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
Amazon Web Services
 
Wicsa2011 cloud tutorial
Wicsa2011 cloud tutorialWicsa2011 cloud tutorial
Wicsa2011 cloud tutorial
Anna Liu
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?
doan_slideshares
 

Similaire à Wall-Street Technology Association (WSTA) Feb-2012 (20)

Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
Secure Foundations: Why Red Hat Enterprise Linux is not just another Linux di...
 
Moving Beyond Migration: Reinventing Process in the Cloud
Moving Beyond Migration: Reinventing Process in the CloudMoving Beyond Migration: Reinventing Process in the Cloud
Moving Beyond Migration: Reinventing Process in the Cloud
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
 
Declare Victory with Big Data
Declare Victory with Big DataDeclare Victory with Big Data
Declare Victory with Big Data
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - final
 
VAS - VMware CMP
VAS - VMware CMPVAS - VMware CMP
VAS - VMware CMP
 
htcia-5-2015
htcia-5-2015htcia-5-2015
htcia-5-2015
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Secure design best practices and design patterns
Secure design best practices and design patternsSecure design best practices and design patterns
Secure design best practices and design patterns
 
Why the Cloud can be Compliant and Secure
Why the Cloud can be Compliant and SecureWhy the Cloud can be Compliant and Secure
Why the Cloud can be Compliant and Secure
 
Evolving Infrastructure and Management for Business Agility
Evolving Infrastructure and Management for Business AgilityEvolving Infrastructure and Management for Business Agility
Evolving Infrastructure and Management for Business Agility
 
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
 
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)
 
Elastic Security Brochure
Elastic Security BrochureElastic Security Brochure
Elastic Security Brochure
 
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
 
Wicsa2011 cloud tutorial
Wicsa2011 cloud tutorialWicsa2011 cloud tutorial
Wicsa2011 cloud tutorial
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?
 
Predicting the Future of Endpoint Management in a Mobile World
Predicting the Future of Endpoint Management in a Mobile WorldPredicting the Future of Endpoint Management in a Mobile World
Predicting the Future of Endpoint Management in a Mobile World
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
 
[Cloud Summit 2010] Peter Coffee - Sales Force
[Cloud Summit 2010] Peter Coffee - Sales Force[Cloud Summit 2010] Peter Coffee - Sales Force
[Cloud Summit 2010] Peter Coffee - Sales Force
 

Plus de Joshua McKenty

OpenStackDC and Cloud Foundry Meetup -
OpenStackDC and Cloud Foundry Meetup -OpenStackDC and Cloud Foundry Meetup -
OpenStackDC and Cloud Foundry Meetup -
Joshua McKenty
 
MSST-2013 Openstack in the Land of Guilder
MSST-2013 Openstack in the Land of GuilderMSST-2013 Openstack in the Land of Guilder
MSST-2013 Openstack in the Land of Guilder
Joshua McKenty
 
vGeek 2013 Tech Talk: Openstack-101
vGeek 2013 Tech Talk: Openstack-101vGeek 2013 Tech Talk: Openstack-101
vGeek 2013 Tech Talk: Openstack-101
Joshua McKenty
 
OpenStack: The evolution of computing (Credit Suisse Technology Summit)
OpenStack: The evolution of computing (Credit Suisse Technology Summit)OpenStack: The evolution of computing (Credit Suisse Technology Summit)
OpenStack: The evolution of computing (Credit Suisse Technology Summit)
Joshua McKenty
 
WSTA Breakfast Seminar
WSTA Breakfast SeminarWSTA Breakfast Seminar
WSTA Breakfast Seminar
Joshua McKenty
 
The Power of the Cloud, and Global Risk Modelling in the Open
The Power of the Cloud, and Global Risk Modelling in the OpenThe Power of the Cloud, and Global Risk Modelling in the Open
The Power of the Cloud, and Global Risk Modelling in the Open
Joshua McKenty
 
Open stack security emea launch
Open stack security emea launchOpen stack security emea launch
Open stack security emea launch
Joshua McKenty
 
OpenStack: Cloud's Big Tent
OpenStack: Cloud's Big TentOpenStack: Cloud's Big Tent
OpenStack: Cloud's Big Tent
Joshua McKenty
 
Cloud Security - GSFC Presentation, Sept 23 2009
Cloud Security - GSFC Presentation, Sept 23 2009Cloud Security - GSFC Presentation, Sept 23 2009
Cloud Security - GSFC Presentation, Sept 23 2009
Joshua McKenty
 

Plus de Joshua McKenty (19)

Open stack + Cloud Foundry: Palo Alto Meetup February 2015
Open stack + Cloud Foundry: Palo Alto Meetup February 2015Open stack + Cloud Foundry: Palo Alto Meetup February 2015
Open stack + Cloud Foundry: Palo Alto Meetup February 2015
 
OpenStackDC and Cloud Foundry Meetup -
OpenStackDC and Cloud Foundry Meetup -OpenStackDC and Cloud Foundry Meetup -
OpenStackDC and Cloud Foundry Meetup -
 
OpenStack Foundation Transparency Committee Update - January 2014
OpenStack Foundation Transparency Committee Update - January 2014OpenStack Foundation Transparency Committee Update - January 2014
OpenStack Foundation Transparency Committee Update - January 2014
 
But What About Docker?
But What About Docker?But What About Docker?
But What About Docker?
 
Scale-out Community: Lessons from OpenStack
Scale-out Community: Lessons from OpenStackScale-out Community: Lessons from OpenStack
Scale-out Community: Lessons from OpenStack
 
Cloud Power - The Early OpenStack Architecture
Cloud Power - The Early OpenStack ArchitectureCloud Power - The Early OpenStack Architecture
Cloud Power - The Early OpenStack Architecture
 
MSST-2013 Openstack in the Land of Guilder
MSST-2013 Openstack in the Land of GuilderMSST-2013 Openstack in the Land of Guilder
MSST-2013 Openstack in the Land of Guilder
 
vGeek 2013 Tech Talk: Openstack-101
vGeek 2013 Tech Talk: Openstack-101vGeek 2013 Tech Talk: Openstack-101
vGeek 2013 Tech Talk: Openstack-101
 
OpenStack: The evolution of computing (Credit Suisse Technology Summit)
OpenStack: The evolution of computing (Credit Suisse Technology Summit)OpenStack: The evolution of computing (Credit Suisse Technology Summit)
OpenStack: The evolution of computing (Credit Suisse Technology Summit)
 
WSTA Breakfast Seminar
WSTA Breakfast SeminarWSTA Breakfast Seminar
WSTA Breakfast Seminar
 
Arista Piston Webinar
Arista Piston WebinarArista Piston Webinar
Arista Piston Webinar
 
Open Stack DC
Open Stack DCOpen Stack DC
Open Stack DC
 
OpenStack DC - Kickoff Keynote
OpenStack DC - Kickoff KeynoteOpenStack DC - Kickoff Keynote
OpenStack DC - Kickoff Keynote
 
The Power of the Cloud, and Global Risk Modelling in the Open
The Power of the Cloud, and Global Risk Modelling in the OpenThe Power of the Cloud, and Global Risk Modelling in the Open
The Power of the Cloud, and Global Risk Modelling in the Open
 
Open stack security emea launch
Open stack security emea launchOpen stack security emea launch
Open stack security emea launch
 
OpenStack Swift - MSST 2011 Tutorial Day
OpenStack Swift - MSST 2011 Tutorial DayOpenStack Swift - MSST 2011 Tutorial Day
OpenStack Swift - MSST 2011 Tutorial Day
 
OpenStack: Cloud's Big Tent
OpenStack: Cloud's Big TentOpenStack: Cloud's Big Tent
OpenStack: Cloud's Big Tent
 
The Space Penguin Odyssey
The Space Penguin OdysseyThe Space Penguin Odyssey
The Space Penguin Odyssey
 
Cloud Security - GSFC Presentation, Sept 23 2009
Cloud Security - GSFC Presentation, Sept 23 2009Cloud Security - GSFC Presentation, Sept 23 2009
Cloud Security - GSFC Presentation, Sept 23 2009
 

Dernier

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Dernier (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 

Wall-Street Technology Association (WSTA) Feb-2012

  • 1. ―If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.‖ – Bruce Schneier
  • 2. EVERYTHING OLD IS NEW AGAIN: Risk, Compliance, and Complexity Me: Joshua McKenty Twitter: @jmckenty Email: joshua@pistoncloud.com Former Chief Architect, NASA Nebula Founding Member, OpenStack OpenStack Project Policy Board CEO, Piston Cloud Computing, Inc.
  • 3. Step 1: Define Cloud ―Self-service provisioning of multi-tenant IT infrastructure and applications via HTTP.‖ Step 2: Consider Your Cloud Options Public Cloud Community Cloud Hosted Private Cloud On-premise Private cloud
  • 4. Step 3: Examine the risks Increased Insider Threat Complexity Risk Compliance Challenges Liability and Forensics ―…security and compliance costs continue to grow at a rate three times faster than that of IT budgets.‖ - IBM
  • 5. Five-Actor Model Vendor End-User Operator DevOps Auditor User
  • 6. Off Premise IT: A Matrix of Insiders Physical Host Access Guest Access Application Access Access Your Employees X X Your Contractors X X Managed Services ? X Provider Cloud Service X X X Providers External Auditor X X X Other Cloud ? ? Users DC Operators X ?
  • 7. Complexity Risk ―If we don’t understand the cross-cutting effects and inherent contradictions in all of the stringent standards now being written into final form, we risk doing real damage to the sound, stable and — yes — profitable financial industry regulators say they support and the economies sorely need.‖ - Karen Petrou, Federal Financial Analytics ―Complexity is holding our industry back right now. A lot of what is bought and paid for doesn't get implemented because of complexity. Maybe this is the industry's biggest challenge.‖ - Ray Lane, Kleiner Perkins Caufield & Byers
  • 8. YOUR VENDOR IS THE ENEMY Trivial Solution: Add a root kit Guest Agent == Root Kit SaaS Logging == Root Kit Cloud Orchestration Agent == Root Kit Monitoring Agent == Root Kit Real Solution: Attack Complexity Cloud can be evolutionary (not revolutionary) Fight sprawl with strong standards Use automation and standards to reduce the number of privileged users and applications Limit choice – one hypervisor, two base O/S, three application stacks
  • 9. Logging in Depth Network Host Operating System Guest Operating System User and application events Cloud Orchestration Application Layer
  • 10. Audit in Depth, with Standards Audit at all layers Host Environment Cloud Management Guest Environment Orchestration Trust no one – even in Test and Dev Data-at-rest encryption Data integrity validation Hardened base O/S images
  • 11. The Stack of Concerns Application DevOps Application Server Guest OS Hypervisor Operator Storage Infrastructure Host OS Physical Server
  • 12. Key Takeaways Complexity is the enemy Adding rootkits is the wrong solution Use automation to limit access Simplify services using Pareto’s Law
  • 13. Piston Enterprise OS Secure Cloud Operating System Designed for Enterprise Private Clouds Built on OpenStack Piston Cloud Computing, Inc. Former NASA Researchers Developed first FISMA-certified Cloud Founders of OpenStack
  • 14. Opinionated Software One hypervisor No host OS access One reference architecture
  • 15. Questions? ―We can only see a short distance ahead, but we can see plenty there that needs to be done.‖ – Alan Turing

Notes de l'éditeur

  1. I have 30 minutes for a 2 hour talk, so I’ll cover this at a high level, and I’ll make myself available for more detailed questions afterwards.