If you're in IT, it's important to understand that your users are fully embracing the cloud. Understanding cloud security including how to utilize API calls safely and securely, the importance of Firewalls (yes, even in the cloud!) as well as ensuring redundancy and availability needs to be kept in the forefront of all cloud deployments. This presentation will help you to talk about cloud security in a non-confrontational way with your users.
9. Top 10 Lists
• Assumes too much
knowledge
• Makes me turn green
with rage
10. Top 10 Lists
• Assumes too much
knowledge
• Makes me turn green
with rage
• However it is an easier
way to break things down
so this is just 10 things
I've learned
11. Top 10 Lists
• Assumes too much
knowledge
• Makes me turn green
with rage
• However it is an easier
way to break things down
so this is just 10 things
I've learned
• I wanted to provide a
basic framework for
discussion
12. Why Cloud? Why?
^^ Very popular question
The #1 reason and
really the only one you
need is that your users
are using it. It doesn't
matter what you think,
what your feelings are,
they're using it and
you better get a grip
on it.
14. Control Panels –
A Tale of Two Techs
• Good / Bad and can be really
really ugly
15. Control Panels –
A Tale of Two Techs
• Good / Bad and can be really
really ugly
• Really depends on the provider
16. Control Panels –
A Tale of Two Techs
• Good / Bad and can be really
really ugly
• Really depends on the provider
• Can be very granular
17. Control Panels –
A Tale of Two Techs
• Good / Bad and can be really
really ugly
• Really depends on the provider
• Can be very granular
• Can be very limiting
21. Uptime/Downtime –
Ouch That Hurts
• This is NOT a problem limited
to the cloud
• This is a computer problem
• Budgetary Considerations
22. Uptime/Downtime –
Ouch That Hurts
• This is NOT a problem limited
to the cloud
• This is a computer problem
• Budgetary Considerations
• Personal Experiences
(Oh Amazon, what have you done?)
24. APIs – The Bars of
The Cloudy Jail
• A brief history of API
25. APIs – The Bars of
The Cloudy Jail
• A brief history of API
• What can an API do for you?
26. APIs – The Bars of
The Cloudy Jail
• A brief history of API
• What can an API do for you?
• Why you should like them
27. APIs – The Bars of
The Cloudy Jail
• A brief history of API
• What can an API do for you?
• Why you should like them
• Why you should hate them
28. APIs – The Bars of
The Cloudy Jail
• A brief history of API
• What can an API do for you?
• Why you should like them
• Why you should hate them
• Why you should strongly
distrust them
29. APIs – The Bars of
The Cloudy Jail
• A brief history of API
• What can an API do for you?
• Why you should like them
• Why you should hate them
• Why you should strongly
distrust them
• You should really get to know
them though, seriously
32. Firewalls Are Dead...
Long Live Firewalls
• Death of firewalls in the cloud
• Rebirth of firewalls in the cloud
33. Firewalls Are Dead...
Long Live Firewalls
• Death of firewalls in the cloud
• Rebirth of firewalls in the cloud
• Benefits
34. Firewalls Are Dead...
Long Live Firewalls
• Death of firewalls in the cloud
• Rebirth of firewalls in the cloud
• Benefits
• Pitfalls
35. Firewalls Are Dead...
Long Live Firewalls
• Death of firewalls in the cloud
• Rebirth of firewalls in the cloud
• Benefits
• Pitfalls
• Cautionary Tales
37. Redundancy –
No The Cloud Isn't Magic
• Yes you still have to plan for
redundancy and availability,
even in the cloud
38. Redundancy –
No The Cloud Isn't Magic
• Yes you still have to plan for
redundancy and availability,
even in the cloud
• Marketing people lie
(are you shocked yet?)
39. Redundancy –
No The Cloud Isn't Magic
• Yes you still have to plan for
redundancy and availability,
even in the cloud
• Marketing people lie
(are you shocked yet?)
• Load Balancing across one
provider is cool
40. Redundancy –
No The Cloud Isn't Magic
• Yes you still have to plan for
redundancy and availability,
even in the cloud
• Marketing people lie
(are you shocked yet?)
• Load Balancing across one
provider is cool
• Load Balancing across
multiple providers would be
mega-awesome-cool
44. Encrypt Early /
Encrypt Often
• Seriously, just encrypt
your stuff
• Logsup experiences
• Multi-tenancy is an
element of the cloud
you cannot control
45. Encrypt Early /
Encrypt Often
• Seriously, just encrypt
your stuff
• Logsup experiences
• Multi-tenancy is an
element of the cloud
you cannot control
• Same can be said of
your VMWare, Xen,
whatever infrastructure
48. Cloud is Cheap!
• Infrastructure as a
Service (IaaS)
• Platform as a Service
(PaaS)
49. Cloud is Cheap!
• Infrastructure as a
Service (IaaS)
• Platform as a Service
(PaaS)
• Software as a Service
(Saas)
50. Cloud is Cheap!
• Infrastructure as a
Service (IaaS)
• Platform as a Service
(PaaS)
• Software as a Service
(Saas)
• Cost vs Benefit vs
Pulling Your Hair Out
(like me)
52. Logs in the Cloud –
Long May it Rain
•YES you can have your logs
from and in the cloud and you
can analyze them too
53. Logs in the Cloud –
Long May it Rain
•YES you can have your logs
from and in the cloud and you
can analyze them too
•www.loggly.com
54. Logs in the Cloud –
Long May it Rain
•YES you can have your logs
from and in the cloud and you
can analyze them too
•www.loggly.com
•www.splunkstorm.com
55. Logs in the Cloud –
Long May it Rain
•YES you can have your logs
from and in the cloud and you
can analyze them too
•www.loggly.com
•www.splunkstorm.com
• Access to your logs
56. Logs in the Cloud –
Long May it Rain
•YES you can have your logs
from and in the cloud and you
can analyze them too
•www.loggly.com
•www.splunkstorm.com
• Access to your logs
• What to expect
57. Logs in the Cloud –
Long May it Rain
•YES you can have your logs
from and in the cloud and you
can analyze them too
•www.loggly.com
•www.splunkstorm.com
• Access to your logs
• What to expect
• What not to expect
67. Random Stuff
• Monitoring in/for the Cloud
• Amazonian Law
• Google App Engine
• Uses for various cloud tech
68. Random Stuff
• Monitoring in/for the Cloud
• Amazonian Law
• Google App Engine
• Uses for various cloud tech
• Password Cracking/Brute Force
69. Random Stuff
• Monitoring in/for the Cloud
• Amazonian Law
• Google App Engine
• Uses for various cloud tech
• Password Cracking/Brute Force
• Penetration Testing
70. Random Stuff
• Monitoring in/for the Cloud
• Amazonian Law
• Google App Engine
• Uses for various cloud tech
• Password Cracking/Brute Force
• Penetration Testing
• QA Testing
71. Random Stuff
• Monitoring in/for the Cloud
• Amazonian Law
• Google App Engine
• Uses for various cloud tech
• Password Cracking/Brute Force
• Penetration Testing
• QA Testing
• Auditing
72. Wrap Up / Q&A
• Wrap Up
• Q&A
• Possible Brawl?
• This Presentation is
Licensed Under
Creative Commons