SlideShare ist ein Scribd-Unternehmen logo

ASFWS 2013 - Sécurité et extension d’infrastructure vers le cloud: retour d’expérience par Christophe Sahut

Als PPTX, PDF herunterladen
Cyber Security Alliance
Cyber Security Alliance

Sur fond d’affaire PRISM, lier les mots sécurité et cloud semble de prime abord osé, nous verrons pourquoi cela ne l’est pas forcément. Cette conférence présentera le retour d’expérience concret d’un grand compte sur l’intégration d’infrastructures cloud (IaaS, PaaS et SaaS) dans une architecture existante, ainsi que les différents mécanismes de sécurité qu’il est sage d’utiliser. Nous aborderons techniquement des sujets tels que l’interconnexion de datacenters, les Virtual Private Clouds, l’authentification forte, la segmentation, la défense périmétrique ou la fédération d’identités.

Technologie
1 von 28
Security and cloud migration Christophe Sahut Corporate Infrastructure Architect / SGS Application Security Forum - 2013 Western Switzerland 15-16 octobre 2013 - Y-Parc / Yverdon-les-Bains http://www.appsec-forum.ch
2 SGS in a few words
3 Agenda  SaaS experience  IaaS experience
4 Reminder: your (security) responsibility Application Application Application Data Data Data Runtime Runtime Runtime Middleware Middleware Middleware OS OS OS Virtualization Virtualization Virtualization Servers Servers Servers Storage Storage Storage Networking Networking Networking IaaS PaaS SaaS
5 SaaS experience
6 Use case  Application fulfilling (most?) business needs  Price/user/month – OPEX  Side effect of ignoring this is shadow IT  Hopefully, …
7 … there are authentication requirements
8 Solution: SAML 2.0  In two words – Identity Provider on premise acting as a web proxy to the authentication source (AD, LDAP, SQL…) – Generates and signs authentication tokens – Send them to the SaaS service to prove the user has been authenticated – You’re loggued in  Enable Single Sign-On with SaaS services
9 Nice solution but…  Tricky to setup in multi-forests AD environments  Not always easy to configure depending on SPs  Must be highly available
10 And what about (de)provisionning?  Provisioning can be done on the fly following authentication (and authorization) – Works fine but de-provisioning is still a challenge – Reminder: you pay per user  Resource (user, group…) CRUD via web services not widely deployed yet http://www.simplecloud.info/
11 Other concerns  Data is by definition fully understood by the SaaS provider – Profiling (or worst) : “used for statistics and UX” – Contracts say provider will not if you ask them not to if they say so, it must be true  Data is (sometimes) encrypted on disks But SaaS provider manages the portal to access it (…)
12 IaaS experience
13 Example: AWS
14 Connect to the management console
15 Then  Create Virtual Private Clouds (VPC) – Network, route tables, gateways – Virtual machines – Load balancers – Storage, snapshots – Managed databases –…  In a given location
16 Example Source: http://aws.amazon.com/articles/9982940049271604
17 Use segmentation/filtering  Network ACLs  Security groups  (OS firewalls)  (3rd party network firewalls)
18 VPC created. And then?  Decide how to integrate it in existing infrastructure 1) Keep it external • Completely separate infrastructure 2) Link it to datacenters / WAN • Consider the VPC as a new site on the WAN
19 1) Keep it external Internet Load balancer Corporate Data center Bastion Web Servers Database
20  Use bastion hosts – RDP/SSH from known IPs, strong authentication, logging/auditing  VPC entry point opened only for the service provided
21 2) Link it to datacenters / WAN VPN Load balancer Corporate Data center Bastion Web Servers Database
22  Use a VPN (or leased line) – Decide if you want a public or private VPC One more Internet access vs private datacenter extension – Be careful to the network range and routing VPC part of the WAN – Wizard on AWS to setup dual-VPN to on-premise VPN concentrator – Setup firewall rules on both sides (drop all, then think)
23 What we did on IaaS  VPC in different locations, VPNs – SAML tests (WIF, mod_mellon,…) – New versions of software on isolated networks  S3, load balancing, managed databases, DNS zone delegation, CDN, datawarehouse, PaaS …  More and more providers come with an AWS backend and we can evaluate what they do
24 Example of IaaS security benefit  Launch/rebuild infrastructures in minutes – With code like this:  Configure this way networks, VPN, security groups, create instances, fetch data from a GIT repository, configure load balancers…
25 Code the infrastructure  With specific cloud tools Cloudformation in AWS  With scripting with CLI tools Bash, Powershell …  With SDKs (.net, java,…), cloud API libraries (libcloud…), abstraction tools (Rightscale…) …  And versioning!
26 Example use case  Defacement/intrusion on a IaaS-based website – Fire new infrastructure clone – Enable verbose logging – Redirect traffic (via DNS, load balancers…) to the new infrastructure – Identify attack, implement protection/blackhole – Isolate hacked infrastructure – Run forensic analysis – Get a coffee
27 Questions?
28 Merci/Thank you! Contact: @csahut Slides: http://slideshare.net/ASF-WS/presentations

Empfohlen

The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXScott Lowe
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014Sanjay Basu
 
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...Kristoffer Sheather
 
VMWare NSX Components
VMWare NSX ComponentsVMWare NSX Components
VMWare NSX ComponentsMuhammad Yasir Nawaz
 
Understanding Azure Networking Services
Understanding Azure Networking ServicesUnderstanding Azure Networking Services
Understanding Azure Networking ServicesInCycleSoftware
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld
 
Application Switching Principles with Proxy Load Balancer: (datacenter in a box)
Application Switching Principles with Proxy Load Balancer: (datacenter in a box)Application Switching Principles with Proxy Load Balancer: (datacenter in a box)
Application Switching Principles with Proxy Load Balancer: (datacenter in a box)Luc Wijns
 

Empfohlen

The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXScott Lowe
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014Sanjay Basu
 
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...Kristoffer Sheather
 
VMWare NSX Components
VMWare NSX ComponentsVMWare NSX Components
VMWare NSX ComponentsMuhammad Yasir Nawaz
 
Understanding Azure Networking Services
Understanding Azure Networking ServicesUnderstanding Azure Networking Services
Understanding Azure Networking ServicesInCycleSoftware
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld
 
Application Switching Principles with Proxy Load Balancer: (datacenter in a box)
Application Switching Principles with Proxy Load Balancer: (datacenter in a box)Application Switching Principles with Proxy Load Balancer: (datacenter in a box)
Application Switching Principles with Proxy Load Balancer: (datacenter in a box)Luc Wijns
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
NSX-MH
NSX-MHNSX-MH
NSX-MHsethuraman ramanathan
 
VMWare Networking Basic
VMWare Networking BasicVMWare Networking Basic
VMWare Networking BasicMuhammad Yasir Nawaz
 
Part 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewPart 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewNeeraj Kumar
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
 
Delivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile EdgeDelivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile EdgePLUMgrid
 
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015Dmitri Kalintsev
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld
 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyFilip Verloy
 
VMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQVMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQRichard Common
 
Azure network and infrastructure
Azure network and infrastructureAzure network and infrastructure
Azure network and infrastructurePhi Huynh
 
Microsoft Azure Networking Basics
Microsoft Azure Networking BasicsMicrosoft Azure Networking Basics
Microsoft Azure Networking BasicsSai Kishore Naidu
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
 
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld
 
Implémentation de la norme PCI DSS dans le Cloud (PFE Master Faculté des scie...
Implémentation de la norme PCI DSS dans le Cloud (PFE Master Faculté des scie...Implémentation de la norme PCI DSS dans le Cloud (PFE Master Faculté des scie...
Implémentation de la norme PCI DSS dans le Cloud (PFE Master Faculté des scie...Nouh Droussi
 
CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN ndelannoy
 

Weitere ähnliche Inhalte

Was ist angesagt?

VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
Part 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewPart 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewNeeraj Kumar
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
 
Delivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile EdgeDelivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile EdgePLUMgrid
 
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015Dmitri Kalintsev
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld
 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyFilip Verloy
 
VMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQVMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQRichard Common
 
Azure network and infrastructure
Azure network and infrastructureAzure network and infrastructure
Azure network and infrastructurePhi Huynh
 
Microsoft Azure Networking Basics
Microsoft Azure Networking BasicsMicrosoft Azure Networking Basics
Microsoft Azure Networking BasicsSai Kishore Naidu
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
 
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld
 

Was ist angesagt? (20)

VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
 
NSX-MH
NSX-MHNSX-MH
NSX-MH
 
VMWare Networking Basic
VMWare Networking BasicVMWare Networking Basic
VMWare Networking Basic
 
Part 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewPart 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An Overview
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments
 
Delivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile EdgeDelivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile Edge
 
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip Verloy
 
VMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQVMware vRealize Network Insight Frequently Asked Questions FAQ
VMware vRealize Network Insight Frequently Asked Questions FAQ
 
Azure network and infrastructure
Azure network and infrastructureAzure network and infrastructure
Azure network and infrastructure
 
Microsoft Azure Networking Basics
Microsoft Azure Networking BasicsMicrosoft Azure Networking Basics
Microsoft Azure Networking Basics
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep dive
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
 
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
 

Andere mochten auch

Implémentation de la norme PCI DSS dans le Cloud (PFE Master Faculté des scie...
Implémentation de la norme PCI DSS dans le Cloud (PFE Master Faculté des scie...Implémentation de la norme PCI DSS dans le Cloud (PFE Master Faculté des scie...
Implémentation de la norme PCI DSS dans le Cloud (PFE Master Faculté des scie...Nouh Droussi
 
CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN ndelannoy
 
Sécurité et confidentialité des données sensibles dans le cloud computing une...
Sécurité et confidentialité des données sensibles dans le cloud computing une...Sécurité et confidentialité des données sensibles dans le cloud computing une...
Sécurité et confidentialité des données sensibles dans le cloud computing une...Bilal El Houdaigui
 
Cybersécurité & protection des données personnelles
Cybersécurité & protection des données personnellesCybersécurité & protection des données personnelles
Cybersécurité & protection des données personnellesMohamed MDELLA
 
CESIN - Baromètre de la cyber-sécurité des entreprises - Vague 1 - Par Opinio...
CESIN - Baromètre de la cyber-sécurité des entreprises - Vague 1 - Par Opinio...CESIN - Baromètre de la cyber-sécurité des entreprises - Vague 1 - Par Opinio...
CESIN - Baromètre de la cyber-sécurité des entreprises - Vague 1 - Par Opinio...OpinionWay
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsGovind Maheswaran
 
Presentation pfe ingenieur d etat securite reseau et systemes
Presentation pfe ingenieur d etat securite reseau et systemesPresentation pfe ingenieur d etat securite reseau et systemes
Presentation pfe ingenieur d etat securite reseau et systemesHicham Moujahid
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 

Andere mochten auch (10)

Implémentation de la norme PCI DSS dans le Cloud (PFE Master Faculté des scie...
Implémentation de la norme PCI DSS dans le Cloud (PFE Master Faculté des scie...Implémentation de la norme PCI DSS dans le Cloud (PFE Master Faculté des scie...
Implémentation de la norme PCI DSS dans le Cloud (PFE Master Faculté des scie...
 
CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN
 
Sécurité et confidentialité des données sensibles dans le cloud computing une...
Sécurité et confidentialité des données sensibles dans le cloud computing une...Sécurité et confidentialité des données sensibles dans le cloud computing une...
Sécurité et confidentialité des données sensibles dans le cloud computing une...
 
Cybersécurité & protection des données personnelles
Cybersécurité & protection des données personnellesCybersécurité & protection des données personnelles
Cybersécurité & protection des données personnelles
 
CESIN - Baromètre de la cyber-sécurité des entreprises - Vague 1 - Par Opinio...
CESIN - Baromètre de la cyber-sécurité des entreprises - Vague 1 - Par Opinio...CESIN - Baromètre de la cyber-sécurité des entreprises - Vague 1 - Par Opinio...
CESIN - Baromètre de la cyber-sécurité des entreprises - Vague 1 - Par Opinio...
 
Cloud & Sécurité
Cloud & SécuritéCloud & Sécurité
Cloud & Sécurité
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
 
Presentation pfe ingenieur d etat securite reseau et systemes
Presentation pfe ingenieur d etat securite reseau et systemesPresentation pfe ingenieur d etat securite reseau et systemes
Presentation pfe ingenieur d etat securite reseau et systemes
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 

Ähnlich wie ASFWS 2013 - Sécurité et extension d’infrastructure vers le cloud: retour d’expérience par Christophe Sahut

Deploying couchbaseserverazure cihanbiyikoglu_microsoft
Deploying couchbaseserverazure cihanbiyikoglu_microsoftDeploying couchbaseserverazure cihanbiyikoglu_microsoft
Deploying couchbaseserverazure cihanbiyikoglu_microsoftCihan Biyikoglu
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureK.Mohamed Faizal
 
AWS Webinar: How to architect and deploy a multi tier share point server farm...
AWS Webinar: How to architect and deploy a multi tier share point server farm...AWS Webinar: How to architect and deploy a multi tier share point server farm...
AWS Webinar: How to architect and deploy a multi tier share point server farm...Amazon Web Services
 
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver VankerAWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver VankerAWS Riyadh User Group
 
Mastering the move
Mastering the moveMastering the move
Mastering the moveTrivadis
 
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlayPragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlayAmazon Web Services
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld
 
E2EVC 2014 building clouds with Microsoft Cloud OS and System Center
E2EVC 2014 building clouds with Microsoft Cloud OS and System CenterE2EVC 2014 building clouds with Microsoft Cloud OS and System Center
E2EVC 2014 building clouds with Microsoft Cloud OS and System CenterMichael Rüefli
 
Azure en Nutanix: your journey to the hybrid cloud
Azure en Nutanix: your journey to the hybrid cloudAzure en Nutanix: your journey to the hybrid cloud
Azure en Nutanix: your journey to the hybrid cloudICT-Partners
 
Global Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityGlobal Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityScott Hoag
 
Cloud On-Ramp Project Briefing
Cloud On-Ramp Project BriefingCloud On-Ramp Project Briefing
Cloud On-Ramp Project BriefingRobert McDermott
 
Cloud economics design, capacity and operational concerns
Cloud economics design, capacity and operational concernsCloud economics design, capacity and operational concerns
Cloud economics design, capacity and operational concernsMarcos García
 
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...PROIDEA
 
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...VMworld
 
What is this DevOps thing and why do I need it?
What is this DevOps thing and why do I need it?What is this DevOps thing and why do I need it?
What is this DevOps thing and why do I need it?Safe Swiss Cloud
 
Going to the cloud with Microsoft and ITAdviser_Windows Azure overview for IT...
Going to the cloud with Microsoft and ITAdviser_Windows Azure overview for IT...Going to the cloud with Microsoft and ITAdviser_Windows Azure overview for IT...
Going to the cloud with Microsoft and ITAdviser_Windows Azure overview for IT...Olimpia Oancea
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 

Ähnlich wie ASFWS 2013 - Sécurité et extension d’infrastructure vers le cloud: retour d’expérience par Christophe Sahut (20)

Deploying couchbaseserverazure cihanbiyikoglu_microsoft
Deploying couchbaseserverazure cihanbiyikoglu_microsoftDeploying couchbaseserverazure cihanbiyikoglu_microsoft
Deploying couchbaseserverazure cihanbiyikoglu_microsoft
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft Azure
 
AWS Webinar: How to architect and deploy a multi tier share point server farm...
AWS Webinar: How to architect and deploy a multi tier share point server farm...AWS Webinar: How to architect and deploy a multi tier share point server farm...
AWS Webinar: How to architect and deploy a multi tier share point server farm...
 
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver VankerAWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
 
Mastering the move
Mastering the moveMastering the move
Mastering the move
 
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlayPragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
 
E2EVC 2014 building clouds with Microsoft Cloud OS and System Center
E2EVC 2014 building clouds with Microsoft Cloud OS and System CenterE2EVC 2014 building clouds with Microsoft Cloud OS and System Center
E2EVC 2014 building clouds with Microsoft Cloud OS and System Center
 
Azure en Nutanix: your journey to the hybrid cloud
Azure en Nutanix: your journey to the hybrid cloudAzure en Nutanix: your journey to the hybrid cloud
Azure en Nutanix: your journey to the hybrid cloud
 
Global Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityGlobal Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network Security
 
Cloud On-Ramp Project Briefing
Cloud On-Ramp Project BriefingCloud On-Ramp Project Briefing
Cloud On-Ramp Project Briefing
 
Cloud economics design, capacity and operational concerns
Cloud economics design, capacity and operational concernsCloud economics design, capacity and operational concerns
Cloud economics design, capacity and operational concerns
 
1 App,
1 App, 1 App,
1 App,
 
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
 
cc.pptx
cc.pptxcc.pptx
cc.pptx
 
Datacenter 2014: IPnett - Martin Milnert
Datacenter 2014: IPnett - Martin MilnertDatacenter 2014: IPnett - Martin Milnert
Datacenter 2014: IPnett - Martin Milnert
 
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
 
What is this DevOps thing and why do I need it?
What is this DevOps thing and why do I need it?What is this DevOps thing and why do I need it?
What is this DevOps thing and why do I need it?
 
Going to the cloud with Microsoft and ITAdviser_Windows Azure overview for IT...
Going to the cloud with Microsoft and ITAdviser_Windows Azure overview for IT...Going to the cloud with Microsoft and ITAdviser_Windows Azure overview for IT...
Going to the cloud with Microsoft and ITAdviser_Windows Azure overview for IT...
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 

Mehr von Cyber Security Alliance

Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Cyber Security Alliance
 
iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itCyber Security Alliance
 
Why huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksWhy huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksCyber Security Alliance
 
Corporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCorporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCyber Security Alliance
 
Introducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsIntroducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsCyber Security Alliance
 
Understanding the fundamentals of attacks
Understanding the fundamentals of attacksUnderstanding the fundamentals of attacks
Understanding the fundamentals of attacksCyber Security Alliance
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fCyber Security Alliance
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Cyber Security Alliance
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupCyber Security Alliance
 
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...Cyber Security Alliance
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptWarning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptCyber Security Alliance
 
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureKilling any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureCyber Security Alliance
 

Mehr von Cyber Security Alliance (20)

Bug Bounty @ Swisscom
Bug Bounty @ SwisscomBug Bounty @ Swisscom
Bug Bounty @ Swisscom
 
Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?
 
iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce it
 
Why huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacksWhy huntung IoC fails at protecting against targeted attacks
Why huntung IoC fails at protecting against targeted attacks
 
Corporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCorporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomware
 
Blockchain for Beginners
Blockchain for Beginners Blockchain for Beginners
Blockchain for Beginners
 
Le pentest pour les nuls #cybsec16
Le pentest pour les nuls #cybsec16Le pentest pour les nuls #cybsec16
Le pentest pour les nuls #cybsec16
 
Introducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging appsIntroducing Man in the Contacts attack to trick encrypted messaging apps
Introducing Man in the Contacts attack to trick encrypted messaging apps
 
Understanding the fundamentals of attacks
Understanding the fundamentals of attacksUnderstanding the fundamentals of attacks
Understanding the fundamentals of attacks
 
Rump : iOS patch diffing
Rump : iOS patch diffingRump : iOS patch diffing
Rump : iOS patch diffing
 
An easy way into your sap systems v3.0
An easy way into your sap systems v3.0An easy way into your sap systems v3.0
An easy way into your sap systems v3.0
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 f
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
 
Offline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setupOffline bruteforce attack on wi fi protected setup
Offline bruteforce attack on wi fi protected setup
 
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptWarning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
 
Killing any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented featureKilling any security product … using a Mimikatz undocumented feature
Killing any security product … using a Mimikatz undocumented feature
 
Rump attaque usb_caralinda_fabrice
Rump attaque usb_caralinda_fabriceRump attaque usb_caralinda_fabrice
Rump attaque usb_caralinda_fabrice
 
Operation emmental appsec
Operation emmental appsecOperation emmental appsec
Operation emmental appsec
 

Kürzlich hochgeladen

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 

Kürzlich hochgeladen (20)

Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

ASFWS 2013 - Sécurité et extension d’infrastructure vers le cloud: retour d’expérience par Christophe Sahut

  • 1. Security and cloud migration Christophe Sahut Corporate Infrastructure Architect / SGS Application Security Forum - 2013 Western Switzerland 15-16 octobre 2013 - Y-Parc / Yverdon-les-Bains http://www.appsec-forum.ch
  • 2. 2 SGS in a few words
  • 4. 4 Reminder: your (security) responsibility Application Application Application Data Data Data Runtime Runtime Runtime Middleware Middleware Middleware OS OS OS Virtualization Virtualization Virtualization Servers Servers Servers Storage Storage Storage Networking Networking Networking IaaS PaaS SaaS
  • 6. 6 Use case  Application fulfilling (most?) business needs  Price/user/month – OPEX  Side effect of ignoring this is shadow IT  Hopefully, …
  • 7. 7 … there are authentication requirements
  • 8. 8 Solution: SAML 2.0  In two words – Identity Provider on premise acting as a web proxy to the authentication source (AD, LDAP, SQL…) – Generates and signs authentication tokens – Send them to the SaaS service to prove the user has been authenticated – You’re loggued in  Enable Single Sign-On with SaaS services
  • 9. 9 Nice solution but…  Tricky to setup in multi-forests AD environments  Not always easy to configure depending on SPs  Must be highly available
  • 10. 10 And what about (de)provisionning?  Provisioning can be done on the fly following authentication (and authorization) – Works fine but de-provisioning is still a challenge – Reminder: you pay per user  Resource (user, group…) CRUD via web services not widely deployed yet http://www.simplecloud.info/
  • 11. 11 Other concerns  Data is by definition fully understood by the SaaS provider – Profiling (or worst) : “used for statistics and UX” – Contracts say provider will not if you ask them not to if they say so, it must be true  Data is (sometimes) encrypted on disks But SaaS provider manages the portal to access it (…)
  • 15. 15 Then  Create Virtual Private Clouds (VPC) – Network, route tables, gateways – Virtual machines – Load balancers – Storage, snapshots – Managed databases –…  In a given location
  • 17. 17 Use segmentation/filtering  Network ACLs  Security groups  (OS firewalls)  (3rd party network firewalls)
  • 18. 18 VPC created. And then?  Decide how to integrate it in existing infrastructure 1) Keep it external • Completely separate infrastructure 2) Link it to datacenters / WAN • Consider the VPC as a new site on the WAN
  • 19. 19 1) Keep it external Internet Load balancer Corporate Data center Bastion Web Servers Database
  • 20. 20  Use bastion hosts – RDP/SSH from known IPs, strong authentication, logging/auditing  VPC entry point opened only for the service provided
  • 21. 21 2) Link it to datacenters / WAN VPN Load balancer Corporate Data center Bastion Web Servers Database
  • 22. 22  Use a VPN (or leased line) – Decide if you want a public or private VPC One more Internet access vs private datacenter extension – Be careful to the network range and routing VPC part of the WAN – Wizard on AWS to setup dual-VPN to on-premise VPN concentrator – Setup firewall rules on both sides (drop all, then think)
  • 23. 23 What we did on IaaS  VPC in different locations, VPNs – SAML tests (WIF, mod_mellon,…) – New versions of software on isolated networks  S3, load balancing, managed databases, DNS zone delegation, CDN, datawarehouse, PaaS …  More and more providers come with an AWS backend and we can evaluate what they do
  • 24. 24 Example of IaaS security benefit  Launch/rebuild infrastructures in minutes – With code like this:  Configure this way networks, VPN, security groups, create instances, fetch data from a GIT repository, configure load balancers…
  • 25. 25 Code the infrastructure  With specific cloud tools Cloudformation in AWS  With scripting with CLI tools Bash, Powershell …  With SDKs (.net, java,…), cloud API libraries (libcloud…), abstraction tools (Rightscale…) …  And versioning!
  • 26. 26 Example use case  Defacement/intrusion on a IaaS-based website – Fire new infrastructure clone – Enable verbose logging – Redirect traffic (via DNS, load balancers…) to the new infrastructure – Identify attack, implement protection/blackhole – Isolate hacked infrastructure – Run forensic analysis – Get a coffee

Hinweis der Redaktion

  1. PaaS security = SaaS security + your application code security
  2. SaaS: everything managed by vendor: your security responsibility is mainly the authentication to the application and the data you put in.PaaS: same thing + maintain your application securityIaaS: same + OS patching and security, architecture security (networking, firewalls, storage access …)
  3. Example of cloud infrastructure: region, multi-az, VPC, ELB 3-tiers, bastion, NAT for upgrades
  4. Available on marketplace: checkpoint, Vyatta, BigIPs, Sophos UTM (ex-astaro)