SlideShare ist ein Scribd-Unternehmen logo

Encryption in the Cloud

Als PPT, PDF herunterladen
SVForum Cloud SIG
SVForum Cloud SIG

Dave Asprey of Trend Micro discusses how to improve security in cloud-based applications

1 von 11
Encryption in the public cloud: Security techniques Dave Asprey • VP Cloud Security [email_address] @daveasprey (cloud + virtual security tweets)
Your speaker ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Trend Micro Confidential 01/27/11
Data Privacy Concerns in the Cloud ,[object Object],[object Object],[object Object],[object Object],[object Object]
Amazon Web Services™ Customer Agreement 7.2. Security. We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet. Accordingly, without limitation to Section 4.3 above and Section 11.5 below, you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications . We strongly encourage you, where available and appropriate, to (a) use encryption technology to protect Your Content from unauthorized access , (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications. Translation: If it gets hacked, it’s your fault. Trend Micro Confidential 01/27/11 http://aws.amazon.com/agreement/#7 (23 November 2010)
Security and privacy higher than Sum (performance, immaturity, regulatory compliance) Gartner (April 2010) Security: the #1 Cloud Challenge Classification 01/27/11
Use encrypted, self-defending hosts Classification 01/27/11 Shared Storage Shared Firewall Virtual Servers Shared network inside the firewall Shared firewall – Lowest common denominator – less fine grained control Multiple customers on one physical server – potential for attacks via the hypervisor Shared storage – is customer segmentation secure against attack? Easily copied machine images – who else has your server? Doesn’t matter – the edge of my virtual machine is protected Doesn’t matter – treat the LAN as public Doesn’t matter – treat the LAN as public Doesn’t matter – They can start my server but only I can unlock my data Doesn’t matter – My data is encrypted Internet
Advice ,[object Object],[object Object],[object Object],[object Object],[object Object],Trend Micro Confidential 01/27/11
More advice ,[object Object],[object Object],[object Object],[object Object],Trend Micro Confidential 01/27/11
Even more advice ,[object Object],[object Object],[object Object],[object Object],Trend Micro Confidential 01/27/11
Final advice ,[object Object],[object Object],[object Object],Trend Micro Confidential 01/27/11
Thank You. Questions? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Trend Micro Confidential 01/27/11

Empfohlen

AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016
Teri Radichel
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
Chandrapal Badshah
 
Lacework for AWS Security Overview
Lacework for AWS Security OverviewLacework for AWS Security Overview
Lacework for AWS Security Overview
Lacework
 
Lacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud Scale
Lacework
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
Alert Logic
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
OPNFV
 
Top 5 Priorities for Cloud Security
Top 5 Priorities for Cloud SecurityTop 5 Priorities for Cloud Security
Top 5 Priorities for Cloud Security
Teri Radichel
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Marco Balduzzi
 

Empfohlen

AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016
Teri Radichel
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
Chandrapal Badshah
 
Lacework for AWS Security Overview
Lacework for AWS Security OverviewLacework for AWS Security Overview
Lacework for AWS Security Overview
Lacework
 
Lacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud Scale
Lacework
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
Alert Logic
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
OPNFV
 
Top 5 Priorities for Cloud Security
Top 5 Priorities for Cloud SecurityTop 5 Priorities for Cloud Security
Top 5 Priorities for Cloud Security
Teri Radichel
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Marco Balduzzi
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
Alert Logic
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
Teri Radichel
 
The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.
Teri Radichel
 
LIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingLIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud Computing
Robert Herjavec
 
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
Alert Logic
 
Lacework AWS Security Week Presentation
Lacework AWS Security Week PresentationLacework AWS Security Week Presentation
Lacework AWS Security Week Presentation
Lacework
 
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach
Alert Logic
 
Node JS reverse shell
Node JS reverse shellNode JS reverse shell
Node JS reverse shell
Madhu Akula
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
 
Azure for Auditors
Azure for AuditorsAzure for Auditors
Azure for Auditors
Teri Radichel
 
INFOGRAPHIC▶ Protecting Corporate Information In the Cloud
INFOGRAPHIC▶ Protecting Corporate Information In the CloudINFOGRAPHIC▶ Protecting Corporate Information In the Cloud
INFOGRAPHIC▶ Protecting Corporate Information In the Cloud
Symantec
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
Trend Micro
 
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeOpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information Exchange
Cybera Inc.
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
Alert Logic
 
The Importance of Business Data Backups
The Importance of Business Data BackupsThe Importance of Business Data Backups
The Importance of Business Data Backups
SwiftTech Solutions, Inc.
 
Confoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteConfoo 2012 - Web security keynote
Confoo 2012 - Web security keynote
Antonio Fontes
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services
Alert Logic
 
Cisco amp for meraki
Cisco amp for merakiCisco amp for meraki
Cisco amp for meraki
Cisco Canada
 
Security for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeSecurity for AWS: Journey to Least Privilege
Security for AWS: Journey to Least Privilege
Lacework
 
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry RansomwareHow to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
Qualys
 
Amistad03 arbol de amigos - 08
Amistad03 arbol de amigos - 08Amistad03 arbol de amigos - 08
Amistad03 arbol de amigos - 08
saueso
 
Hybrid Cloud Networking
Hybrid Cloud NetworkingHybrid Cloud Networking
Hybrid Cloud Networking
SVForum Cloud SIG
 

Weitere ähnliche Inhalte

Was ist angesagt?

Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
Trend Micro
 
The Importance of Business Data Backups
The Importance of Business Data BackupsThe Importance of Business Data Backups
The Importance of Business Data Backups
SwiftTech Solutions, Inc.
 
Confoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteConfoo 2012 - Web security keynote
Confoo 2012 - Web security keynote
Antonio Fontes
 
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry RansomwareHow to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
Qualys
 

Was ist angesagt? (20)

#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
 
The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.
 
LIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingLIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud Computing
 
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
 
Lacework AWS Security Week Presentation
Lacework AWS Security Week PresentationLacework AWS Security Week Presentation
Lacework AWS Security Week Presentation
 
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach
 
Node JS reverse shell
Node JS reverse shellNode JS reverse shell
Node JS reverse shell
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Azure for Auditors
Azure for AuditorsAzure for Auditors
Azure for Auditors
 
INFOGRAPHIC▶ Protecting Corporate Information In the Cloud
INFOGRAPHIC▶ Protecting Corporate Information In the CloudINFOGRAPHIC▶ Protecting Corporate Information In the Cloud
INFOGRAPHIC▶ Protecting Corporate Information In the Cloud
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeOpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information Exchange
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
The Importance of Business Data Backups
The Importance of Business Data BackupsThe Importance of Business Data Backups
The Importance of Business Data Backups
 
Confoo 2012 - Web security keynote
Confoo 2012 - Web security keynoteConfoo 2012 - Web security keynote
Confoo 2012 - Web security keynote
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services
 
Cisco amp for meraki
Cisco amp for merakiCisco amp for meraki
Cisco amp for meraki
 
Security for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeSecurity for AWS: Journey to Least Privilege
Security for AWS: Journey to Least Privilege
 
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry RansomwareHow to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
 

Andere mochten auch

Amistad03 arbol de amigos - 08
Amistad03 arbol de amigos - 08Amistad03 arbol de amigos - 08
Amistad03 arbol de amigos - 08
saueso
 
Bogać się kiedy śpisz
Bogać się kiedy śpiszBogać się kiedy śpisz
Bogać się kiedy śpisz
taniak21
 
Mazars digtalisation 28062011
Mazars digtalisation 28062011Mazars digtalisation 28062011
Mazars digtalisation 28062011
Gitika Kolli
 
Destination Marrakech
Destination MarrakechDestination Marrakech
Destination Marrakech
avarosaleda
 

Andere mochten auch (8)

Amistad03 arbol de amigos - 08
Amistad03 arbol de amigos - 08Amistad03 arbol de amigos - 08
Amistad03 arbol de amigos - 08
 
Hybrid Cloud Networking
Hybrid Cloud NetworkingHybrid Cloud Networking
Hybrid Cloud Networking
 
Bogać się kiedy śpisz
Bogać się kiedy śpiszBogać się kiedy śpisz
Bogać się kiedy śpisz
 
Tanzania project
Tanzania projectTanzania project
Tanzania project
 
Mazars digtalisation 28062011
Mazars digtalisation 28062011Mazars digtalisation 28062011
Mazars digtalisation 28062011
 
Destination Marrakech
Destination MarrakechDestination Marrakech
Destination Marrakech
 
Welcome is431 s11
Welcome is431 s11Welcome is431 s11
Welcome is431 s11
 
Building a Hybrid Cloud
Building a Hybrid CloudBuilding a Hybrid Cloud
Building a Hybrid Cloud
 

Ähnlich wie Encryption in the Cloud

How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
Amazon Web Services
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
Amazon Web Services
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
fanc1985
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
RightScale
 

Ähnlich wie Encryption in the Cloud (20)

Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
 
UNIT -V.docx
UNIT -V.docxUNIT -V.docx
UNIT -V.docx
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
 
Cloud computing final show
Cloud computing final showCloud computing final show
Cloud computing final show
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
MT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportMT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT Support
 
7 cloud security tips
7 cloud security tips7 cloud security tips
7 cloud security tips
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfCloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdf
 
Cloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfCloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdf
 

Encryption in the Cloud

  • 1. Encryption in the public cloud: Security techniques Dave Asprey • VP Cloud Security [email_address] @daveasprey (cloud + virtual security tweets)
  • 2.
  • 3.
  • 4. Amazon Web Services™ Customer Agreement 7.2. Security. We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet. Accordingly, without limitation to Section 4.3 above and Section 11.5 below, you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications . We strongly encourage you, where available and appropriate, to (a) use encryption technology to protect Your Content from unauthorized access , (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications. Translation: If it gets hacked, it’s your fault. Trend Micro Confidential 01/27/11 http://aws.amazon.com/agreement/#7 (23 November 2010)
  • 5. Security and privacy higher than Sum (performance, immaturity, regulatory compliance) Gartner (April 2010) Security: the #1 Cloud Challenge Classification 01/27/11
  • 6. Use encrypted, self-defending hosts Classification 01/27/11 Shared Storage Shared Firewall Virtual Servers Shared network inside the firewall Shared firewall – Lowest common denominator – less fine grained control Multiple customers on one physical server – potential for attacks via the hypervisor Shared storage – is customer segmentation secure against attack? Easily copied machine images – who else has your server? Doesn’t matter – the edge of my virtual machine is protected Doesn’t matter – treat the LAN as public Doesn’t matter – treat the LAN as public Doesn’t matter – They can start my server but only I can unlock my data Doesn’t matter – My data is encrypted Internet
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.

Hinweis der Redaktion

  1. My name is Todd Thiemann thank you for attending this session on
  2. Data is stored in plain text Who can see my sensitive information? Data stored in a raw format removes confidentiality and allows a savvy attacker an open door to view all of your information. Virtual volumes can be moved without the owners knowledge Has my data been moved offshore, breaking laws or regulations? Privacy laws like Little ability to audit or monitor access resources or data What happened to my data when I was not looking? How can I comply with legislation, security policies and best practices? Hypervisors and storage are shared with other users Is my neighbor trustworthy? How good is my neighbor’s security? Will he get hacked and attack me? Storage devices contain residual data - Is storage recycled securely when I change vendors? What happens if my cloud provider goes out of business?
  3. This is the online Amazon EC2 Customer Agreement. You can read the whole thing, but the bolded part is the key concept. The user of the virtual machine is responsible for security of their virtual machine. You have the responsibility and accountability for security in the IaaS world. You need to plan for protection in the public cloud.