SlideShare ist ein Scribd-Unternehmen logo

Cloud Security ("securing the cloud")

Als PPTX, PDF herunterladen
Vic Winkler
Vic Winkler

Vic Winkler's 2011 FOSE presentation in Washington DC. The talk was based on the book: "Securing the Cloud" (Elsevier 2011). Highlights: --Top 10 Cloud Security Concerns; --Is organizational control good for cloud security?; --Architectural examples for cloud security

TechnologieBusiness
1 von 38
NGI-4: Cloud The Technical Foundations of Security and Interoperability Overview Vic Winkler July 2011 Washington, DC Booz | Allen | Hamilton
The Technical Foundations of Security and Interoperability This presentation is based on my book: “Securing the Cloud: Cloud Computer Security Techniques and Tactics” Vic Winkler (Elsevier/Syngress May 2011) Graphics are Copywrited by Elsevier/Syngress 2011 My experiences in designing, implementing and operating the security for: “SunGrid” (2004+), “Network.com” (2006+) and “The Sun Public Cloud” (2007+) …And research into best practices in cloud security (2008-2011) Previously, I: Was a pioneer in network and systems based intrusion detection Designed a B1 trusted Unix system Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 2
A Brief, Distorted View of History  Overview Continuing Technology Evolution Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 3
More “Evolution” than “Revolution” So, what is “cloud”? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 4
A Minor Problem With Words… Most common question: Is “cloud” secure? Booz | Allen | Hamilton 5
Booz Allen: Cloud Computing “Quick Look” Assessment The QLA approach analyzes the organization and its potential cloud candidate functions and applications across eight Cloud Computing Factors, providing an in-depth assessment and suitability rating for each. Business/Mission Technology Economics Security Governance & Policy IT Management Organization Change Management Booz | Allen | Hamilton 6
Cloud: A Model for Computing, A Model for Service Delivery • “Cloud Services" – IT model for service delivery: Expressed, delivered and consumed over the Internet or private network – Infrastructure-as-a-Service (IaaS) – Platform-as-a-Service (PaaS) – Software-as-a-Service (SaaS) • “Cloud Computing”– IT model for computing – Environment composed of IT components necessary to develop & deliver "cloud services” Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 7
The Services Stack Two Perspectives What about security? …“Confidentiality”, “Integrity” and “Availability”? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 8
The NIST Cloud Model Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 9
Security Concerns? • 10. Unknown Risks: Concern that cloud computing brings new classes of risks and vulnerabilities • 9. Control over Data: User data may be comingled with data belonging to others. • 8. Legal and Regulatory Compliance: It may be difficult (unrealistic?) to utilize public clouds when data is subject to legal restrictions or regulatory compliance • 7. Disaster Recovery and Business Continuity: Cloud tenants and users require confidence that their operations and services will continue despite a disaster • 6. Security Incidents: Tenants and users need to be informed and supported by a provider • 5. Transparency: Trust in a cloud provider’s security claims entails provider transparency • 4. Cloud Provider Viability: Since cloud providers are relatively new to the business, there are questions about provider viability and commitment • 3. Privacy and Data concerns with public or community clouds: Data may not remain in the same system, raising multiple legal concerns • 2. User Error: A user may inadvertently leak highly sensitive or classified information into a public cloud • 1. Network Availability: The cloud must be available whenever you need it Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 10
Security Concerns Sensitive Data & Regulatory Compliance Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 11
Security Concerns Transparency Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 12
Security Concerns Example of Private Cloud Concerns Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 13
Security Concerns Trade Offs Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 14
Cloud Services are Expressed From Cloud IT Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 15
Virtualization and Elastic Service Expression Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 16
Is Organizational Control Good for Security? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 17
Scope of Control Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 18
IaaS, PaaS and SaaS: Data Ownership Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 19
Organizational Control with Private versus Public Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 20
Cloud Demands Advanced Management Capabilities (This should benefit security) Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 21
Planning for Competitive Pricing (…in other words, “cost-effective security”) Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 22
Planning for Fundamental Changes Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 23
Patterns are Key for Cloud Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 24
…Patterns are Key for Cloud Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 25
…Patterns are Key for Cloud Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 26
Example Separate Paths, Separate Networks Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 27
Example …Separate Paths, Separate Networks Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 28
Assessment: Is it “Correct”, “Secure” and Does it Meet Requirements? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 29
How Much Assurance? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 30
Operationally, How Will you Know? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 31
Security Monitoring A High-Volume Activity Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 32
Monitoring Really Wants To Be A Near-Real-Time Feedback Loop Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 33
Beyond Security Monitoring Integrated Operational Security Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 34
Example Security Use for CMDB Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 35
Defense-in-Depth in Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 36
What are the BIG Lessons? • Provider – Model T approach: Any color the customer wants …as long as it’s “black” • Special requests undercut profits – Plan ahead: Focus on eventual operations costs and on the certainty of change to the infrastructure – Seek to automate almost everything: • Identify procedures/processes to drive down costs • Identify and refine patterns – Segregate information • Don’t mix infrastructure management information • …with security information • …with customer data …etc. – Architect for completely separate paths: • (Public) (Infrastructure control) (Network device control) (Security management) • Entails a differentiated set of networks • Isolate, Isolate, Isolate • Encrypt, Encrypt, Encrypt • Consumer – Who is the provider? – What are you really buying? Transparency, independent verification, indemnification? Booz | Allen | Hamilton 37
Thank You Business: Winkler_Joachim@BAH.Com Personal: Vic@VicWinkler.Com Phone: 703.622.7111 “Securing the Cloud: Cloud Computer Security Techniques and Tactics” Vic Winkler (Elsevier/Syngress 2011) Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 38

Empfohlen

Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarJoseph Holbrook, Chief Learning Officer (CLO)
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingveena venugopal
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityPiyush Mittal
 
Cloud security
Cloud security Cloud security
Cloud security Mohamed Shalash
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTUREacijjournal
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issuesAleem Mohammed
 

Empfohlen

Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarJoseph Holbrook, Chief Learning Officer (CLO)
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingveena venugopal
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityPiyush Mittal
 
Cloud security
Cloud security Cloud security
Cloud security Mohamed Shalash
 
SECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTURESECURE CLOUD ARCHITECTURE
SECURE CLOUD ARCHITECTUREacijjournal
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issuesAleem Mohammed
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
What Everyone Ought To Know About Cloud Security
What Everyone Ought To Know About Cloud SecurityWhat Everyone Ought To Know About Cloud Security
What Everyone Ought To Know About Cloud Securitycraigbalding
 
Cloud Computing security issues
Cloud Computing security issuesCloud Computing security issues
Cloud Computing security issuesPradeepti Kamble
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportVivek Maurya
 
Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019Joseph Holbrook, Chief Learning Officer (CLO)
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityDhaval Dave
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing securityAung Thu Rha Hein
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...SlideTeam
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computingprachupanchal
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwaribhanu krishna
 
Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues Discover Cloud Computing
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksWilliam McBorrough
 
PhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research TopicsPhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research TopicsPhD Services
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security ChallengesYateesh Yadav
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingRohit Buddabathina
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud EncryptionRituparnaNag
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak
 
Booz Allen Hamilton's 100-Year Timeline
Booz Allen Hamilton's 100-Year TimelineBooz Allen Hamilton's 100-Year Timeline
Booz Allen Hamilton's 100-Year TimelineBooz Allen Hamilton
 
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...Boni
 

Weitere ähnliche Inhalte

Was ist angesagt?

Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
What Everyone Ought To Know About Cloud Security
What Everyone Ought To Know About Cloud SecurityWhat Everyone Ought To Know About Cloud Security
What Everyone Ought To Know About Cloud Securitycraigbalding
 
Cloud Computing security issues
Cloud Computing security issuesCloud Computing security issues
Cloud Computing security issuesPradeepti Kamble
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportVivek Maurya
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityDhaval Dave
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...SlideTeam
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computingprachupanchal
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwaribhanu krishna
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksWilliam McBorrough
 
PhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research TopicsPhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research TopicsPhD Services
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security ChallengesYateesh Yadav
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak
 

Was ist angesagt? (20)

Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
What Everyone Ought To Know About Cloud Security
What Everyone Ought To Know About Cloud SecurityWhat Everyone Ought To Know About Cloud Security
What Everyone Ought To Know About Cloud Security
 
Cloud Computing security issues
Cloud Computing security issuesCloud Computing security issues
Cloud Computing security issues
 
Cloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” reportCloud Computing Security Issues in Infrastructure as a Service” report
Cloud Computing Security Issues in Infrastructure as a Service” report
 
Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...Cloud Computing Security Organization Assessments Service Categories Responsi...
Cloud Computing Security Organization Assessments Service Categories Responsi...
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
 
Security issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwariSecurity issue in cloud by himanshu tiwari
Security issue in cloud by himanshu tiwari
 
Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues
 
Cloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and RisksCloud Computing - Security Benefits and Risks
Cloud Computing - Security Benefits and Risks
 
PhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research TopicsPhD Projects in Cloud Computing Security Research Topics
PhD Projects in Cloud Computing Security Research Topics
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, Indonesia
 
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and AuditSukumar Nayak-Detailed-Cloud Risk Management and Audit
Sukumar Nayak-Detailed-Cloud Risk Management and Audit
 

Andere mochten auch

Booz Allen Hamilton's 100-Year Timeline
Booz Allen Hamilton's 100-Year TimelineBooz Allen Hamilton's 100-Year Timeline
Booz Allen Hamilton's 100-Year TimelineBooz Allen Hamilton
 
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...Boni
 
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMOVisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMOVisibleThread
 
Srm And Asset Protection V1.0
Srm And Asset Protection V1.0Srm And Asset Protection V1.0
Srm And Asset Protection V1.0paulcurwell
 
Booz - Allen & Hamilton "Vision 2000"
Booz - Allen & Hamilton "Vision 2000"Booz - Allen & Hamilton "Vision 2000"
Booz - Allen & Hamilton "Vision 2000"TugasMOGkita
 
Booz & co campaigns to capabilities-social-media-and-marketing-2011
Booz & co campaigns to capabilities-social-media-and-marketing-2011Booz & co campaigns to capabilities-social-media-and-marketing-2011
Booz & co campaigns to capabilities-social-media-and-marketing-2011Adam Lewis
 
Booz co 2013-global-innovation-1000-study-navigating-the-digital-future_fact-...
Booz co 2013-global-innovation-1000-study-navigating-the-digital-future_fact-...Booz co 2013-global-innovation-1000-study-navigating-the-digital-future_fact-...
Booz co 2013-global-innovation-1000-study-navigating-the-digital-future_fact-...Dmitry Tseitlin
 
Jon_Katzenbach_Amplify11
Jon_Katzenbach_Amplify11Jon_Katzenbach_Amplify11
Jon_Katzenbach_Amplify11AmplifyFest
 
Booz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey ReportBooz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey ReportBooz Allen Hamilton
 
Express Usability: Conduct Usability in 40 Hours or Less (Sarah Weise)
Express Usability: Conduct Usability in 40 Hours or Less (Sarah Weise)Express Usability: Conduct Usability in 40 Hours or Less (Sarah Weise)
Express Usability: Conduct Usability in 40 Hours or Less (Sarah Weise)Sarah Weise
 
Webinar: Driving Innovation Across an Enterprise with Booz Allen Hamilton
Webinar: Driving Innovation Across an Enterprise with Booz Allen HamiltonWebinar: Driving Innovation Across an Enterprise with Booz Allen Hamilton
Webinar: Driving Innovation Across an Enterprise with Booz Allen HamiltonBadgeville, Inc.
 
Performance Driven Architecture V2 August 2010
Performance Driven Architecture V2 August 2010Performance Driven Architecture V2 August 2010
Performance Driven Architecture V2 August 2010dfnewman
 
Intro To Thought Leadership V5
Intro To Thought Leadership V5Intro To Thought Leadership V5
Intro To Thought Leadership V5Theodore Kinni
 
Social Media strategy - the rise of social apponomics
Social Media strategy - the rise of social apponomicsSocial Media strategy - the rise of social apponomics
Social Media strategy - the rise of social apponomicsTamara Obradov
 
2721 engineering to consulting booz allen hamilton
2721 engineering to consulting booz allen hamilton2721 engineering to consulting booz allen hamilton
2721 engineering to consulting booz allen hamiltonCareer Communications Group
 
Private Investment Opportunities In Education Booz And Company Bfe Mena 2011
Private Investment Opportunities In Education Booz And Company Bfe Mena 2011Private Investment Opportunities In Education Booz And Company Bfe Mena 2011
Private Investment Opportunities In Education Booz And Company Bfe Mena 2011espie77
 
Homeland Threats: Today and Tomorrow
Homeland Threats: Today and TomorrowHomeland Threats: Today and Tomorrow
Homeland Threats: Today and TomorrowBooz Allen Hamilton
 

Andere mochten auch (20)

Booz Allen Hamilton's 100-Year Timeline
Booz Allen Hamilton's 100-Year TimelineBooz Allen Hamilton's 100-Year Timeline
Booz Allen Hamilton's 100-Year Timeline
 
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...
2008 05 - booz allen hamilton - gsma congress - 2-pay-buy-mobile ecosystem – ...
 
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMOVisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
 
Srm And Asset Protection V1.0
Srm And Asset Protection V1.0Srm And Asset Protection V1.0
Srm And Asset Protection V1.0
 
Booz - Allen & Hamilton "Vision 2000"
Booz - Allen & Hamilton "Vision 2000"Booz - Allen & Hamilton "Vision 2000"
Booz - Allen & Hamilton "Vision 2000"
 
Booz & co campaigns to capabilities-social-media-and-marketing-2011
Booz & co campaigns to capabilities-social-media-and-marketing-2011Booz & co campaigns to capabilities-social-media-and-marketing-2011
Booz & co campaigns to capabilities-social-media-and-marketing-2011
 
LQB Busniess plan
LQB Busniess planLQB Busniess plan
LQB Busniess plan
 
Booz co 2013-global-innovation-1000-study-navigating-the-digital-future_fact-...
Booz co 2013-global-innovation-1000-study-navigating-the-digital-future_fact-...Booz co 2013-global-innovation-1000-study-navigating-the-digital-future_fact-...
Booz co 2013-global-innovation-1000-study-navigating-the-digital-future_fact-...
 
Jon_Katzenbach_Amplify11
Jon_Katzenbach_Amplify11Jon_Katzenbach_Amplify11
Jon_Katzenbach_Amplify11
 
Booz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey ReportBooz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey Report
 
Express Usability: Conduct Usability in 40 Hours or Less (Sarah Weise)
Express Usability: Conduct Usability in 40 Hours or Less (Sarah Weise)Express Usability: Conduct Usability in 40 Hours or Less (Sarah Weise)
Express Usability: Conduct Usability in 40 Hours or Less (Sarah Weise)
 
Webinar: Driving Innovation Across an Enterprise with Booz Allen Hamilton
Webinar: Driving Innovation Across an Enterprise with Booz Allen HamiltonWebinar: Driving Innovation Across an Enterprise with Booz Allen Hamilton
Webinar: Driving Innovation Across an Enterprise with Booz Allen Hamilton
 
Booz&co
Booz&coBooz&co
Booz&co
 
Performance Driven Architecture V2 August 2010
Performance Driven Architecture V2 August 2010Performance Driven Architecture V2 August 2010
Performance Driven Architecture V2 August 2010
 
Intro To Thought Leadership V5
Intro To Thought Leadership V5Intro To Thought Leadership V5
Intro To Thought Leadership V5
 
Military Spouse Career Roadmap
Military Spouse Career Roadmap Military Spouse Career Roadmap
Military Spouse Career Roadmap
 
Social Media strategy - the rise of social apponomics
Social Media strategy - the rise of social apponomicsSocial Media strategy - the rise of social apponomics
Social Media strategy - the rise of social apponomics
 
2721 engineering to consulting booz allen hamilton
2721 engineering to consulting booz allen hamilton2721 engineering to consulting booz allen hamilton
2721 engineering to consulting booz allen hamilton
 
Private Investment Opportunities In Education Booz And Company Bfe Mena 2011
Private Investment Opportunities In Education Booz And Company Bfe Mena 2011Private Investment Opportunities In Education Booz And Company Bfe Mena 2011
Private Investment Opportunities In Education Booz And Company Bfe Mena 2011
 
Homeland Threats: Today and Tomorrow
Homeland Threats: Today and TomorrowHomeland Threats: Today and Tomorrow
Homeland Threats: Today and Tomorrow
 

Ähnlich wie Cloud Security ("securing the cloud")

glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)Glenn Ambler
 
Cloud Computing: What it Means for Libraries, Library Staff, Training and Skills
Cloud Computing: What it Means for Libraries, Library Staff, Training and SkillsCloud Computing: What it Means for Libraries, Library Staff, Training and Skills
Cloud Computing: What it Means for Libraries, Library Staff, Training and Skillssherif user group
 
Creating and Managing a Private or Hybrid Cloud: A Strategy Session
Creating and Managing a Private or Hybrid Cloud: A Strategy SessionCreating and Managing a Private or Hybrid Cloud: A Strategy Session
Creating and Managing a Private or Hybrid Cloud: A Strategy SessionRightScale
 
Cloud 122 building the perfect cloud
Cloud 122 building the perfect cloudCloud 122 building the perfect cloud
Cloud 122 building the perfect cloudScott Simmons
 
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013STO STRATEGY
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013STO STRATEGY
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudnooralmousa
 
(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013STO STRATEGY
 
Cloud Computing Introduction
Cloud Computing IntroductionCloud Computing Introduction
Cloud Computing IntroductionCraig Dickson
 
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...IBM India Smarter Computing
 
Elastic stack and cloud native architecture
Elastic stack and cloud native architectureElastic stack and cloud native architecture
Elastic stack and cloud native architectureHisham El-breky
 
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017Deborah Schalm
 
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017 EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017 DevOps.com
 
HP - Seminário Computação em Nuvem 2011
HP - Seminário Computação em Nuvem 2011HP - Seminário Computação em Nuvem 2011
HP - Seminário Computação em Nuvem 2011Teque Eventos
 
Tutorial 4 peter kustor
Tutorial 4 peter kustorTutorial 4 peter kustor
Tutorial 4 peter kustoregovernment
 
TUW-ASE Summer 2015: IoT Cloud Systems
TUW-ASE Summer 2015: IoT Cloud SystemsTUW-ASE Summer 2015: IoT Cloud Systems
TUW-ASE Summer 2015: IoT Cloud SystemsHong-Linh Truong
 
Steve Mills - Dispelling the Vapor Around Cloud Computing
Steve Mills - Dispelling the Vapor Around Cloud ComputingSteve Mills - Dispelling the Vapor Around Cloud Computing
Steve Mills - Dispelling the Vapor Around Cloud ComputingMauricio Godoy
 
Fearing the cloud: why the life sciences shouldn't fret
Fearing the cloud: why the life sciences shouldn't fretFearing the cloud: why the life sciences shouldn't fret
Fearing the cloud: why the life sciences shouldn't fretCornerstone OnDemand
 

Ähnlich wie Cloud Security ("securing the cloud") (20)

glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)
 
CSA & GRC Stack
CSA & GRC StackCSA & GRC Stack
CSA & GRC Stack
 
Cloud Computing: What it Means for Libraries, Library Staff, Training and Skills
Cloud Computing: What it Means for Libraries, Library Staff, Training and SkillsCloud Computing: What it Means for Libraries, Library Staff, Training and Skills
Cloud Computing: What it Means for Libraries, Library Staff, Training and Skills
 
Creating and Managing a Private or Hybrid Cloud: A Strategy Session
Creating and Managing a Private or Hybrid Cloud: A Strategy SessionCreating and Managing a Private or Hybrid Cloud: A Strategy Session
Creating and Managing a Private or Hybrid Cloud: A Strategy Session
 
Cloud 122 building the perfect cloud
Cloud 122 building the perfect cloudCloud 122 building the perfect cloud
Cloud 122 building the perfect cloud
 
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloud
 
(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013
 
Cloud Computing Introduction
Cloud Computing IntroductionCloud Computing Introduction
Cloud Computing Introduction
 
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
Cloud Security Guidance: IBM Recommendations For The Implementation Of Cloud ...
 
Elastic stack and cloud native architecture
Elastic stack and cloud native architectureElastic stack and cloud native architecture
Elastic stack and cloud native architecture
 
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
 
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017 EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
EMA: Ten Priorities for Hybrid Cloud, Containers and DevOps in 2017
 
HP - Seminário Computação em Nuvem 2011
HP - Seminário Computação em Nuvem 2011HP - Seminário Computação em Nuvem 2011
HP - Seminário Computação em Nuvem 2011
 
Tutorial 4 peter kustor
Tutorial 4 peter kustorTutorial 4 peter kustor
Tutorial 4 peter kustor
 
TUW-ASE Summer 2015: IoT Cloud Systems
TUW-ASE Summer 2015: IoT Cloud SystemsTUW-ASE Summer 2015: IoT Cloud Systems
TUW-ASE Summer 2015: IoT Cloud Systems
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Steve Mills - Dispelling the Vapor Around Cloud Computing
Steve Mills - Dispelling the Vapor Around Cloud ComputingSteve Mills - Dispelling the Vapor Around Cloud Computing
Steve Mills - Dispelling the Vapor Around Cloud Computing
 
Fearing the cloud: why the life sciences shouldn't fret
Fearing the cloud: why the life sciences shouldn't fretFearing the cloud: why the life sciences shouldn't fret
Fearing the cloud: why the life sciences shouldn't fret
 

Kürzlich hochgeladen

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Kürzlich hochgeladen (20)

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

Cloud Security ("securing the cloud")

  • 1. NGI-4: Cloud The Technical Foundations of Security and Interoperability Overview Vic Winkler July 2011 Washington, DC Booz | Allen | Hamilton
  • 2. The Technical Foundations of Security and Interoperability This presentation is based on my book: “Securing the Cloud: Cloud Computer Security Techniques and Tactics” Vic Winkler (Elsevier/Syngress May 2011) Graphics are Copywrited by Elsevier/Syngress 2011 My experiences in designing, implementing and operating the security for: “SunGrid” (2004+), “Network.com” (2006+) and “The Sun Public Cloud” (2007+) …And research into best practices in cloud security (2008-2011) Previously, I: Was a pioneer in network and systems based intrusion detection Designed a B1 trusted Unix system Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 2
  • 3. A Brief, Distorted View of History  Overview Continuing Technology Evolution Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 3
  • 4. More “Evolution” than “Revolution” So, what is “cloud”? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 4
  • 5. A Minor Problem With Words… Most common question: Is “cloud” secure? Booz | Allen | Hamilton 5
  • 6. Booz Allen: Cloud Computing “Quick Look” Assessment The QLA approach analyzes the organization and its potential cloud candidate functions and applications across eight Cloud Computing Factors, providing an in-depth assessment and suitability rating for each. Business/Mission Technology Economics Security Governance & Policy IT Management Organization Change Management Booz | Allen | Hamilton 6
  • 7. Cloud: A Model for Computing, A Model for Service Delivery • “Cloud Services" – IT model for service delivery: Expressed, delivered and consumed over the Internet or private network – Infrastructure-as-a-Service (IaaS) – Platform-as-a-Service (PaaS) – Software-as-a-Service (SaaS) • “Cloud Computing”– IT model for computing – Environment composed of IT components necessary to develop & deliver "cloud services” Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 7
  • 8. The Services Stack Two Perspectives What about security? …“Confidentiality”, “Integrity” and “Availability”? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 8
  • 9. The NIST Cloud Model Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 9
  • 10. Security Concerns? • 10. Unknown Risks: Concern that cloud computing brings new classes of risks and vulnerabilities • 9. Control over Data: User data may be comingled with data belonging to others. • 8. Legal and Regulatory Compliance: It may be difficult (unrealistic?) to utilize public clouds when data is subject to legal restrictions or regulatory compliance • 7. Disaster Recovery and Business Continuity: Cloud tenants and users require confidence that their operations and services will continue despite a disaster • 6. Security Incidents: Tenants and users need to be informed and supported by a provider • 5. Transparency: Trust in a cloud provider’s security claims entails provider transparency • 4. Cloud Provider Viability: Since cloud providers are relatively new to the business, there are questions about provider viability and commitment • 3. Privacy and Data concerns with public or community clouds: Data may not remain in the same system, raising multiple legal concerns • 2. User Error: A user may inadvertently leak highly sensitive or classified information into a public cloud • 1. Network Availability: The cloud must be available whenever you need it Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 10
  • 11. Security Concerns Sensitive Data & Regulatory Compliance Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 11
  • 12. Security Concerns Transparency Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 12
  • 13. Security Concerns Example of Private Cloud Concerns Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 13
  • 14. Security Concerns Trade Offs Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 14
  • 15. Cloud Services are Expressed From Cloud IT Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 15
  • 16. Virtualization and Elastic Service Expression Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 16
  • 17. Is Organizational Control Good for Security? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 17
  • 18. Scope of Control Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 18
  • 19. IaaS, PaaS and SaaS: Data Ownership Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 19
  • 20. Organizational Control with Private versus Public Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 20
  • 21. Cloud Demands Advanced Management Capabilities (This should benefit security) Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 21
  • 22. Planning for Competitive Pricing (…in other words, “cost-effective security”) Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 22
  • 23. Planning for Fundamental Changes Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 23
  • 24. Patterns are Key for Cloud Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 24
  • 25. …Patterns are Key for Cloud Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 25
  • 26. …Patterns are Key for Cloud Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 26
  • 27. Example Separate Paths, Separate Networks Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 27
  • 28. Example …Separate Paths, Separate Networks Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 28
  • 29. Assessment: Is it “Correct”, “Secure” and Does it Meet Requirements? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 29
  • 30. How Much Assurance? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 30
  • 31. Operationally, How Will you Know? Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 31
  • 32. Security Monitoring A High-Volume Activity Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 32
  • 33. Monitoring Really Wants To Be A Near-Real-Time Feedback Loop Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 33
  • 34. Beyond Security Monitoring Integrated Operational Security Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 34
  • 35. Example Security Use for CMDB Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 35
  • 36. Defense-in-Depth in Infrastructure Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 36
  • 37. What are the BIG Lessons? • Provider – Model T approach: Any color the customer wants …as long as it’s “black” • Special requests undercut profits – Plan ahead: Focus on eventual operations costs and on the certainty of change to the infrastructure – Seek to automate almost everything: • Identify procedures/processes to drive down costs • Identify and refine patterns – Segregate information • Don’t mix infrastructure management information • …with security information • …with customer data …etc. – Architect for completely separate paths: • (Public) (Infrastructure control) (Network device control) (Security management) • Entails a differentiated set of networks • Isolate, Isolate, Isolate • Encrypt, Encrypt, Encrypt • Consumer – Who is the provider? – What are you really buying? Transparency, independent verification, indemnification? Booz | Allen | Hamilton 37
  • 38. Thank You Business: Winkler_Joachim@BAH.Com Personal: Vic@VicWinkler.Com Phone: 703.622.7111 “Securing the Cloud: Cloud Computer Security Techniques and Tactics” Vic Winkler (Elsevier/Syngress 2011) Graphics copyright Elsevier/Syngress 2011 Booz | Allen | Hamilton 38