SlideShare ist ein Scribd-Unternehmen logo

Cloud Security: Ten Things

Als KEY, PDF herunterladen
Coastal Pet Products, Inc.
Coastal Pet Products, Inc.

If you're in IT, it's important to understand that your users are fully embracing the cloud. Understanding cloud security including how to utilize API calls safely and securely, the importance of Firewalls (yes, even in the cloud!) as well as ensuring redundancy and availability needs to be kept in the forefront of all cloud deployments. This presentation will help you to talk about cloud security in a non-confrontational way with your users.

TechnologieBusiness
1 von 72
10 Things I've Learned About Cloud Security & Other Stuff Bill Mathews (@billford)
Introduction
Introduction • Who Am I?
Introduction • Who Am I? • Why Am I Here?
Introduction • Who Am I? • Why Am I Here? • Why I Care About The Cloud
Introduction • Who Am I? • Why Am I Here? • Why I Care About The Cloud • Why You Should Too
Top 10 Lists
Top 10 Lists • Assumes too much knowledge
Top 10 Lists • Assumes too much knowledge • Makes me turn green with rage
Top 10 Lists • Assumes too much knowledge • Makes me turn green with rage • However it is an easier way to break things down so this is just 10 things I've learned
Top 10 Lists • Assumes too much knowledge • Makes me turn green with rage • However it is an easier way to break things down so this is just 10 things I've learned • I wanted to provide a basic framework for discussion
Why Cloud? Why? ^^ Very popular question The #1 reason and really the only one you need is that your users are using it. It doesn't matter what you think, what your feelings are, they're using it and you better get a grip on it.
Control Panels – A Tale of Two Techs
Control Panels – A Tale of Two Techs • Good / Bad and can be really really ugly
Control Panels – A Tale of Two Techs • Good / Bad and can be really really ugly • Really depends on the provider
Control Panels – A Tale of Two Techs • Good / Bad and can be really really ugly • Really depends on the provider • Can be very granular
Control Panels – A Tale of Two Techs • Good / Bad and can be really really ugly • Really depends on the provider • Can be very granular • Can be very limiting
Uptime/Downtime – Ouch That Hurts
Uptime/Downtime – Ouch That Hurts • This is NOT a problem limited to the cloud
Uptime/Downtime – Ouch That Hurts • This is NOT a problem limited to the cloud • This is a computer problem
Uptime/Downtime – Ouch That Hurts • This is NOT a problem limited to the cloud • This is a computer problem • Budgetary Considerations
Uptime/Downtime – Ouch That Hurts • This is NOT a problem limited to the cloud • This is a computer problem • Budgetary Considerations • Personal Experiences (Oh Amazon, what have you done?)
APIs – The Bars of The Cloudy Jail
APIs – The Bars of The Cloudy Jail • A brief history of API
APIs – The Bars of The Cloudy Jail • A brief history of API • What can an API do for you?
APIs – The Bars of The Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them
APIs – The Bars of The Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them • Why you should hate them
APIs – The Bars of The Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them • Why you should hate them • Why you should strongly distrust them
APIs – The Bars of The Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them • Why you should hate them • Why you should strongly distrust them • You should really get to know them though, seriously
Firewalls Are Dead... Long Live Firewalls
Firewalls Are Dead... Long Live Firewalls • Death of firewalls in the cloud
Firewalls Are Dead... Long Live Firewalls • Death of firewalls in the cloud • Rebirth of firewalls in the cloud
Firewalls Are Dead... Long Live Firewalls • Death of firewalls in the cloud • Rebirth of firewalls in the cloud • Benefits
Firewalls Are Dead... Long Live Firewalls • Death of firewalls in the cloud • Rebirth of firewalls in the cloud • Benefits • Pitfalls
Firewalls Are Dead... Long Live Firewalls • Death of firewalls in the cloud • Rebirth of firewalls in the cloud • Benefits • Pitfalls • Cautionary Tales
Redundancy – No The Cloud Isn't Magic
Redundancy – No The Cloud Isn't Magic • Yes you still have to plan for redundancy and availability, even in the cloud
Redundancy – No The Cloud Isn't Magic • Yes you still have to plan for redundancy and availability, even in the cloud • Marketing people lie (are you shocked yet?)
Redundancy – No The Cloud Isn't Magic • Yes you still have to plan for redundancy and availability, even in the cloud • Marketing people lie (are you shocked yet?) • Load Balancing across one provider is cool
Redundancy – No The Cloud Isn't Magic • Yes you still have to plan for redundancy and availability, even in the cloud • Marketing people lie (are you shocked yet?) • Load Balancing across one provider is cool • Load Balancing across multiple providers would be mega-awesome-cool
Encrypt Early / Encrypt Often
Encrypt Early / Encrypt Often • Seriously, just encrypt your stuff
Encrypt Early / Encrypt Often • Seriously, just encrypt your stuff • Logsup experiences
Encrypt Early / Encrypt Often • Seriously, just encrypt your stuff • Logsup experiences • Multi-tenancy is an element of the cloud you cannot control
Encrypt Early / Encrypt Often • Seriously, just encrypt your stuff • Logsup experiences • Multi-tenancy is an element of the cloud you cannot control • Same can be said of your VMWare, Xen, whatever infrastructure
Cloud is Cheap!
Cloud is Cheap! • Infrastructure as a Service (IaaS)
Cloud is Cheap! • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS)
Cloud is Cheap! • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Software as a Service (Saas)
Cloud is Cheap! • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Software as a Service (Saas) • Cost vs Benefit vs Pulling Your Hair Out (like me)
Logs in the Cloud – Long May it Rain
Logs in the Cloud – Long May it Rain •YES you can have your logs from and in the cloud and you can analyze them too
Logs in the Cloud – Long May it Rain •YES you can have your logs from and in the cloud and you can analyze them too •www.loggly.com
Logs in the Cloud – Long May it Rain •YES you can have your logs from and in the cloud and you can analyze them too •www.loggly.com •www.splunkstorm.com
Logs in the Cloud – Long May it Rain •YES you can have your logs from and in the cloud and you can analyze them too •www.loggly.com •www.splunkstorm.com • Access to your logs
Logs in the Cloud – Long May it Rain •YES you can have your logs from and in the cloud and you can analyze them too •www.loggly.com •www.splunkstorm.com • Access to your logs • What to expect
Logs in the Cloud – Long May it Rain •YES you can have your logs from and in the cloud and you can analyze them too •www.loggly.com •www.splunkstorm.com • Access to your logs • What to expect • What not to expect
SLA or Seriously, Lawyers Again
SLA or Seriously, Lawyers Again • Service Level Agreements
SLA or Seriously, Lawyers Again • Service Level Agreements • Uptime guarantees
SLA or Seriously, Lawyers Again • Service Level Agreements • Uptime guarantees • Compensation for violation
SLA or Seriously, Lawyers Again • Service Level Agreements • Uptime guarantees • Compensation for violation • Some examples
Random Stuff
Random Stuff • Monitoring in/for the Cloud
Random Stuff • Monitoring in/for the Cloud • Amazonian Law
Random Stuff • Monitoring in/for the Cloud • Amazonian Law • Google App Engine
Random Stuff • Monitoring in/for the Cloud • Amazonian Law • Google App Engine • Uses for various cloud tech
Random Stuff • Monitoring in/for the Cloud • Amazonian Law • Google App Engine • Uses for various cloud tech • Password Cracking/Brute Force
Random Stuff • Monitoring in/for the Cloud • Amazonian Law • Google App Engine • Uses for various cloud tech • Password Cracking/Brute Force • Penetration Testing
Random Stuff • Monitoring in/for the Cloud • Amazonian Law • Google App Engine • Uses for various cloud tech • Password Cracking/Brute Force • Penetration Testing • QA Testing
Random Stuff • Monitoring in/for the Cloud • Amazonian Law • Google App Engine • Uses for various cloud tech • Password Cracking/Brute Force • Penetration Testing • QA Testing • Auditing
Wrap Up / Q&A • Wrap Up • Q&A • Possible Brawl? • This Presentation is Licensed Under Creative Commons

Empfohlen

When all you have is a nail
When all you have is a nailWhen all you have is a nail
When all you have is a nail
Adam Friedman
 
The cloud is my laboratory
The cloud is my laboratoryThe cloud is my laboratory
The cloud is my laboratory
Adam Friedman
 
Maintaining reliability in an unreliable world
Maintaining reliability in an unreliable worldMaintaining reliability in an unreliable world
Maintaining reliability in an unreliable world
Jeremy Edberg
 
Navigating SAP’s Integration Options (Mastering SAP Technologies 2013)
Navigating SAP’s Integration Options (Mastering SAP Technologies 2013)Navigating SAP’s Integration Options (Mastering SAP Technologies 2013)
Navigating SAP’s Integration Options (Mastering SAP Technologies 2013)
Sascha Wenninger
 
Japanese CloudSearch Use-Cases and Tech Deep Dive
Japanese CloudSearch Use-Cases and Tech Deep DiveJapanese CloudSearch Use-Cases and Tech Deep Dive
Japanese CloudSearch Use-Cases and Tech Deep Dive
Eiji Shinohara
 
3 d gear split up into pie chart pieces process 6 pieces style 2 powerpoint d...
3 d gear split up into pie chart pieces process 6 pieces style 2 powerpoint d...3 d gear split up into pie chart pieces process 6 pieces style 2 powerpoint d...
3 d gear split up into pie chart pieces process 6 pieces style 2 powerpoint d...
SlideTeam.net
 
Recipes for the Perfect PI v2.0
Recipes for the Perfect PI v2.0Recipes for the Perfect PI v2.0
Recipes for the Perfect PI v2.0
Sascha Wenninger
 
A Look at the Performance of SAP's Modern UIs
A Look at the Performance of SAP's Modern UIsA Look at the Performance of SAP's Modern UIs
A Look at the Performance of SAP's Modern UIs
Sascha Wenninger
 

Empfohlen

When all you have is a nail
When all you have is a nailWhen all you have is a nail
When all you have is a nail
Adam Friedman
 
The cloud is my laboratory
The cloud is my laboratoryThe cloud is my laboratory
The cloud is my laboratory
Adam Friedman
 
Maintaining reliability in an unreliable world
Maintaining reliability in an unreliable worldMaintaining reliability in an unreliable world
Maintaining reliability in an unreliable world
Jeremy Edberg
 
Navigating SAP’s Integration Options (Mastering SAP Technologies 2013)
Navigating SAP’s Integration Options (Mastering SAP Technologies 2013)Navigating SAP’s Integration Options (Mastering SAP Technologies 2013)
Navigating SAP’s Integration Options (Mastering SAP Technologies 2013)
Sascha Wenninger
 
Japanese CloudSearch Use-Cases and Tech Deep Dive
Japanese CloudSearch Use-Cases and Tech Deep DiveJapanese CloudSearch Use-Cases and Tech Deep Dive
Japanese CloudSearch Use-Cases and Tech Deep Dive
Eiji Shinohara
 
3 d gear split up into pie chart pieces process 6 pieces style 2 powerpoint d...
3 d gear split up into pie chart pieces process 6 pieces style 2 powerpoint d...3 d gear split up into pie chart pieces process 6 pieces style 2 powerpoint d...
3 d gear split up into pie chart pieces process 6 pieces style 2 powerpoint d...
SlideTeam.net
 
Recipes for the Perfect PI v2.0
Recipes for the Perfect PI v2.0Recipes for the Perfect PI v2.0
Recipes for the Perfect PI v2.0
Sascha Wenninger
 
A Look at the Performance of SAP's Modern UIs
A Look at the Performance of SAP's Modern UIsA Look at the Performance of SAP's Modern UIs
A Look at the Performance of SAP's Modern UIs
Sascha Wenninger
 
An enhancing security for mobile sinks by providing location privacy in wsn
An enhancing security for mobile sinks by providing location privacy in wsnAn enhancing security for mobile sinks by providing location privacy in wsn
An enhancing security for mobile sinks by providing location privacy in wsn
eSAT Publishing House
 
Sample Cloud Security - Europe
Sample Cloud Security - EuropeSample Cloud Security - Europe
Sample Cloud Security - Europe
ResearchFox
 
SearchLove San Diego 2015 | Cindy Krum, 'Mobile-First SEO and How to Prepare ...
SearchLove San Diego 2015 | Cindy Krum, 'Mobile-First SEO and How to Prepare ...SearchLove San Diego 2015 | Cindy Krum, 'Mobile-First SEO and How to Prepare ...
SearchLove San Diego 2015 | Cindy Krum, 'Mobile-First SEO and How to Prepare ...
Distilled
 
Increasing Android app security for free - Roberto Gassirà, Roberto Piccirill...
Increasing Android app security for free - Roberto Gassirà, Roberto Piccirill...Increasing Android app security for free - Roberto Gassirà, Roberto Piccirill...
Increasing Android app security for free - Roberto Gassirà, Roberto Piccirill...
Codemotion
 
Elasticsearch
ElasticsearchElasticsearch
Elasticsearch
lambertzhao
 
Whoscall 的 Realtime Monitoring 經驗分享
Whoscall 的 Realtime Monitoring 經驗分享Whoscall 的 Realtime Monitoring 經驗分享
Whoscall 的 Realtime Monitoring 經驗分享
William Yeh
 
Introduction to Apache Spark Developer Training
Introduction to Apache Spark Developer TrainingIntroduction to Apache Spark Developer Training
Introduction to Apache Spark Developer Training
Cloudera, Inc.
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Dheeraj Negi
 
Cloud conference - mongodb
Cloud conference - mongodbCloud conference - mongodb
Cloud conference - mongodb
Mitch Pirtle
 
Release the Monkeys ! Testing in the Wild at Netflix
Release the Monkeys ! Testing in the Wild at NetflixRelease the Monkeys ! Testing in the Wild at Netflix
Release the Monkeys ! Testing in the Wild at Netflix
Gareth Bowles
 
Clean Code - 5
Clean Code - 5Clean Code - 5
Clean Code - 5
Don Kim
 
Ds @ bol
Ds @ bolDs @ bol
Ds @ bol
Asparuh Hristov
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)
Justin Bull
 
Social dev camp_2011
Social dev camp_2011Social dev camp_2011
Social dev camp_2011
Craig Ulliott
 
Dev/Test in the Cloud - F
Dev/Test in the Cloud - FDev/Test in the Cloud - F
Dev/Test in the Cloud - F
Chris Riley ☁
 
Jax Devops 2017 Succeeding in the Cloud – the guidebook of Fail
Jax Devops 2017 Succeeding in the Cloud – the guidebook of FailJax Devops 2017 Succeeding in the Cloud – the guidebook of Fail
Jax Devops 2017 Succeeding in the Cloud – the guidebook of Fail
Steve Poole
 
The cloud is my laboratory, Adam Friedman
The cloud is my laboratory, Adam FriedmanThe cloud is my laboratory, Adam Friedman
The cloud is my laboratory, Adam Friedman
Stephen Wallace
 
6 reasons Jubilee could be a Rubyist's new best friend
6 reasons Jubilee could be a Rubyist's new best friend6 reasons Jubilee could be a Rubyist's new best friend
6 reasons Jubilee could be a Rubyist's new best friend
Forrest Chang
 
The Straight Skinny on Cloud Platforms
The Straight Skinny on Cloud PlatformsThe Straight Skinny on Cloud Platforms
The Straight Skinny on Cloud Platforms
Hostway|HOSTING
 
SQL Server High Availability and DR - Too Many Choices!
SQL Server High Availability and DR - Too Many Choices!SQL Server High Availability and DR - Too Many Choices!
SQL Server High Availability and DR - Too Many Choices!
Mike Walsh
 
Refactoring RIA Unleashed 2011
Refactoring RIA Unleashed 2011Refactoring RIA Unleashed 2011
Refactoring RIA Unleashed 2011
Jesse Warden
 
Why puppet? Why now?
Why puppet? Why now?Why puppet? Why now?
Why puppet? Why now?
Server Density
 

Weitere ähnliche Inhalte

Andere mochten auch

Sample Cloud Security - Europe
Sample Cloud Security - EuropeSample Cloud Security - Europe
Sample Cloud Security - Europe
ResearchFox
 
Introduction to Apache Spark Developer Training
Introduction to Apache Spark Developer TrainingIntroduction to Apache Spark Developer Training
Introduction to Apache Spark Developer Training
Cloudera, Inc.
 

Andere mochten auch (8)

An enhancing security for mobile sinks by providing location privacy in wsn
An enhancing security for mobile sinks by providing location privacy in wsnAn enhancing security for mobile sinks by providing location privacy in wsn
An enhancing security for mobile sinks by providing location privacy in wsn
 
Sample Cloud Security - Europe
Sample Cloud Security - EuropeSample Cloud Security - Europe
Sample Cloud Security - Europe
 
SearchLove San Diego 2015 | Cindy Krum, 'Mobile-First SEO and How to Prepare ...
SearchLove San Diego 2015 | Cindy Krum, 'Mobile-First SEO and How to Prepare ...SearchLove San Diego 2015 | Cindy Krum, 'Mobile-First SEO and How to Prepare ...
SearchLove San Diego 2015 | Cindy Krum, 'Mobile-First SEO and How to Prepare ...
 
Increasing Android app security for free - Roberto Gassirà, Roberto Piccirill...
Increasing Android app security for free - Roberto Gassirà, Roberto Piccirill...Increasing Android app security for free - Roberto Gassirà, Roberto Piccirill...
Increasing Android app security for free - Roberto Gassirà, Roberto Piccirill...
 
Elasticsearch
ElasticsearchElasticsearch
Elasticsearch
 
Whoscall 的 Realtime Monitoring 經驗分享
Whoscall 的 Realtime Monitoring 經驗分享Whoscall 的 Realtime Monitoring 經驗分享
Whoscall 的 Realtime Monitoring 經驗分享
 
Introduction to Apache Spark Developer Training
Introduction to Apache Spark Developer TrainingIntroduction to Apache Spark Developer Training
Introduction to Apache Spark Developer Training
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 

Ähnlich wie Cloud Security: Ten Things

Jax Devops 2017 Succeeding in the Cloud – the guidebook of Fail
Jax Devops 2017 Succeeding in the Cloud – the guidebook of FailJax Devops 2017 Succeeding in the Cloud – the guidebook of Fail
Jax Devops 2017 Succeeding in the Cloud – the guidebook of Fail
Steve Poole
 
The cloud is my laboratory, Adam Friedman
The cloud is my laboratory, Adam FriedmanThe cloud is my laboratory, Adam Friedman
The cloud is my laboratory, Adam Friedman
Stephen Wallace
 
6 reasons Jubilee could be a Rubyist's new best friend
6 reasons Jubilee could be a Rubyist's new best friend6 reasons Jubilee could be a Rubyist's new best friend
6 reasons Jubilee could be a Rubyist's new best friend
Forrest Chang
 
THE PLEASURES OF ON-PREM, TOMER GABEL
THE PLEASURES OF ON-PREM, TOMER GABELTHE PLEASURES OF ON-PREM, TOMER GABEL
THE PLEASURES OF ON-PREM, TOMER GABEL
DevOpsDays Tel Aviv
 
The business case for contributing code
The business case for contributing codeThe business case for contributing code
The business case for contributing code
Zivtech, LLC
 
Stop Worrying about Prodweb001 and Start Loving i-98fb9856 (ARC201) | AWS re:...
Stop Worrying about Prodweb001 and Start Loving i-98fb9856 (ARC201) | AWS re:...Stop Worrying about Prodweb001 and Start Loving i-98fb9856 (ARC201) | AWS re:...
Stop Worrying about Prodweb001 and Start Loving i-98fb9856 (ARC201) | AWS re:...
Amazon Web Services
 

Ähnlich wie Cloud Security: Ten Things (20)

Cloud conference - mongodb
Cloud conference - mongodbCloud conference - mongodb
Cloud conference - mongodb
 
Release the Monkeys ! Testing in the Wild at Netflix
Release the Monkeys ! Testing in the Wild at NetflixRelease the Monkeys ! Testing in the Wild at Netflix
Release the Monkeys ! Testing in the Wild at Netflix
 
Clean Code - 5
Clean Code - 5Clean Code - 5
Clean Code - 5
 
Ds @ bol
Ds @ bolDs @ bol
Ds @ bol
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)
 
Social dev camp_2011
Social dev camp_2011Social dev camp_2011
Social dev camp_2011
 
Dev/Test in the Cloud - F
Dev/Test in the Cloud - FDev/Test in the Cloud - F
Dev/Test in the Cloud - F
 
Jax Devops 2017 Succeeding in the Cloud – the guidebook of Fail
Jax Devops 2017 Succeeding in the Cloud – the guidebook of FailJax Devops 2017 Succeeding in the Cloud – the guidebook of Fail
Jax Devops 2017 Succeeding in the Cloud – the guidebook of Fail
 
The cloud is my laboratory, Adam Friedman
The cloud is my laboratory, Adam FriedmanThe cloud is my laboratory, Adam Friedman
The cloud is my laboratory, Adam Friedman
 
6 reasons Jubilee could be a Rubyist's new best friend
6 reasons Jubilee could be a Rubyist's new best friend6 reasons Jubilee could be a Rubyist's new best friend
6 reasons Jubilee could be a Rubyist's new best friend
 
The Straight Skinny on Cloud Platforms
The Straight Skinny on Cloud PlatformsThe Straight Skinny on Cloud Platforms
The Straight Skinny on Cloud Platforms
 
SQL Server High Availability and DR - Too Many Choices!
SQL Server High Availability and DR - Too Many Choices!SQL Server High Availability and DR - Too Many Choices!
SQL Server High Availability and DR - Too Many Choices!
 
Refactoring RIA Unleashed 2011
Refactoring RIA Unleashed 2011Refactoring RIA Unleashed 2011
Refactoring RIA Unleashed 2011
 
Why puppet? Why now?
Why puppet? Why now?Why puppet? Why now?
Why puppet? Why now?
 
Deploying distributed software services to the cloud without breaking a sweat
Deploying distributed software services to the cloud without breaking a sweatDeploying distributed software services to the cloud without breaking a sweat
Deploying distributed software services to the cloud without breaking a sweat
 
Distributed software services to the cloud without breaking a sweat
Distributed software services to the cloud without breaking a sweatDistributed software services to the cloud without breaking a sweat
Distributed software services to the cloud without breaking a sweat
 
Design for Scale / Surge 2010
Design for Scale / Surge 2010Design for Scale / Surge 2010
Design for Scale / Surge 2010
 
THE PLEASURES OF ON-PREM, TOMER GABEL
THE PLEASURES OF ON-PREM, TOMER GABELTHE PLEASURES OF ON-PREM, TOMER GABEL
THE PLEASURES OF ON-PREM, TOMER GABEL
 
The business case for contributing code
The business case for contributing codeThe business case for contributing code
The business case for contributing code
 
Stop Worrying about Prodweb001 and Start Loving i-98fb9856 (ARC201) | AWS re:...
Stop Worrying about Prodweb001 and Start Loving i-98fb9856 (ARC201) | AWS re:...Stop Worrying about Prodweb001 and Start Loving i-98fb9856 (ARC201) | AWS re:...
Stop Worrying about Prodweb001 and Start Loving i-98fb9856 (ARC201) | AWS re:...
 

Mehr von Coastal Pet Products, Inc.

Defense in Depth – Your Security Castle
Defense in Depth – Your Security CastleDefense in Depth – Your Security Castle
Defense in Depth – Your Security Castle
Coastal Pet Products, Inc.
 
Domain Name System
Domain Name SystemDomain Name System
Domain Name System
Coastal Pet Products, Inc.
 
Attacking and Defending Full Disk Encryption
Attacking and Defending Full Disk EncryptionAttacking and Defending Full Disk Encryption
Attacking and Defending Full Disk Encryption
Coastal Pet Products, Inc.
 

Mehr von Coastal Pet Products, Inc. (13)

Defense in Depth – Your Security Castle
Defense in Depth – Your Security CastleDefense in Depth – Your Security Castle
Defense in Depth – Your Security Castle
 
IT Security in 2014
IT Security in 2014IT Security in 2014
IT Security in 2014
 
Printer Security
Printer SecurityPrinter Security
Printer Security
 
Domain Name System
Domain Name SystemDomain Name System
Domain Name System
 
Using Big Data for Security Alerting
Using Big Data for Security Alerting Using Big Data for Security Alerting
Using Big Data for Security Alerting
 
SNMP & The Dark Side of the Force
SNMP & The Dark Side of the Force SNMP & The Dark Side of the Force
SNMP & The Dark Side of the Force
 
Sounds of Security
Sounds of SecuritySounds of Security
Sounds of Security
 
Beyond The Splunk App for Enterprise Security
Beyond The Splunk App for Enterprise SecurityBeyond The Splunk App for Enterprise Security
Beyond The Splunk App for Enterprise Security
 
Encryption for Everyone
Encryption for EveryoneEncryption for Everyone
Encryption for Everyone
 
Attacking and Defending Full Disk Encryption
Attacking and Defending Full Disk EncryptionAttacking and Defending Full Disk Encryption
Attacking and Defending Full Disk Encryption
 
Competitive Cyber Security
Competitive Cyber SecurityCompetitive Cyber Security
Competitive Cyber Security
 
Forensics for the Defense
Forensics for the DefenseForensics for the Defense
Forensics for the Defense
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title)
 

Kürzlich hochgeladen

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Kürzlich hochgeladen (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 

Cloud Security: Ten Things

  • 1. 10 Things I've Learned About Cloud Security & Other Stuff Bill Mathews (@billford)
  • 4. Introduction • Who Am I? • Why Am I Here?
  • 5. Introduction • Who Am I? • Why Am I Here? • Why I Care About The Cloud
  • 6. Introduction • Who Am I? • Why Am I Here? • Why I Care About The Cloud • Why You Should Too
  • 8. Top 10 Lists • Assumes too much knowledge
  • 9. Top 10 Lists • Assumes too much knowledge • Makes me turn green with rage
  • 10. Top 10 Lists • Assumes too much knowledge • Makes me turn green with rage • However it is an easier way to break things down so this is just 10 things I've learned
  • 11. Top 10 Lists • Assumes too much knowledge • Makes me turn green with rage • However it is an easier way to break things down so this is just 10 things I've learned • I wanted to provide a basic framework for discussion
  • 12. Why Cloud? Why? ^^ Very popular question The #1 reason and really the only one you need is that your users are using it. It doesn't matter what you think, what your feelings are, they're using it and you better get a grip on it.
  • 13. Control Panels – A Tale of Two Techs
  • 14. Control Panels – A Tale of Two Techs • Good / Bad and can be really really ugly
  • 15. Control Panels – A Tale of Two Techs • Good / Bad and can be really really ugly • Really depends on the provider
  • 16. Control Panels – A Tale of Two Techs • Good / Bad and can be really really ugly • Really depends on the provider • Can be very granular
  • 17. Control Panels – A Tale of Two Techs • Good / Bad and can be really really ugly • Really depends on the provider • Can be very granular • Can be very limiting
  • 19. Uptime/Downtime – Ouch That Hurts • This is NOT a problem limited to the cloud
  • 20. Uptime/Downtime – Ouch That Hurts • This is NOT a problem limited to the cloud • This is a computer problem
  • 21. Uptime/Downtime – Ouch That Hurts • This is NOT a problem limited to the cloud • This is a computer problem • Budgetary Considerations
  • 22. Uptime/Downtime – Ouch That Hurts • This is NOT a problem limited to the cloud • This is a computer problem • Budgetary Considerations • Personal Experiences (Oh Amazon, what have you done?)
  • 23. APIs – The Bars of The Cloudy Jail
  • 24. APIs – The Bars of The Cloudy Jail • A brief history of API
  • 25. APIs – The Bars of The Cloudy Jail • A brief history of API • What can an API do for you?
  • 26. APIs – The Bars of The Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them
  • 27. APIs – The Bars of The Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them • Why you should hate them
  • 28. APIs – The Bars of The Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them • Why you should hate them • Why you should strongly distrust them
  • 29. APIs – The Bars of The Cloudy Jail • A brief history of API • What can an API do for you? • Why you should like them • Why you should hate them • Why you should strongly distrust them • You should really get to know them though, seriously
  • 30. Firewalls Are Dead... Long Live Firewalls
  • 31. Firewalls Are Dead... Long Live Firewalls • Death of firewalls in the cloud
  • 32. Firewalls Are Dead... Long Live Firewalls • Death of firewalls in the cloud • Rebirth of firewalls in the cloud
  • 33. Firewalls Are Dead... Long Live Firewalls • Death of firewalls in the cloud • Rebirth of firewalls in the cloud • Benefits
  • 34. Firewalls Are Dead... Long Live Firewalls • Death of firewalls in the cloud • Rebirth of firewalls in the cloud • Benefits • Pitfalls
  • 35. Firewalls Are Dead... Long Live Firewalls • Death of firewalls in the cloud • Rebirth of firewalls in the cloud • Benefits • Pitfalls • Cautionary Tales
  • 36. Redundancy – No The Cloud Isn't Magic
  • 37. Redundancy – No The Cloud Isn't Magic • Yes you still have to plan for redundancy and availability, even in the cloud
  • 38. Redundancy – No The Cloud Isn't Magic • Yes you still have to plan for redundancy and availability, even in the cloud • Marketing people lie (are you shocked yet?)
  • 39. Redundancy – No The Cloud Isn't Magic • Yes you still have to plan for redundancy and availability, even in the cloud • Marketing people lie (are you shocked yet?) • Load Balancing across one provider is cool
  • 40. Redundancy – No The Cloud Isn't Magic • Yes you still have to plan for redundancy and availability, even in the cloud • Marketing people lie (are you shocked yet?) • Load Balancing across one provider is cool • Load Balancing across multiple providers would be mega-awesome-cool
  • 42. Encrypt Early / Encrypt Often • Seriously, just encrypt your stuff
  • 43. Encrypt Early / Encrypt Often • Seriously, just encrypt your stuff • Logsup experiences
  • 44. Encrypt Early / Encrypt Often • Seriously, just encrypt your stuff • Logsup experiences • Multi-tenancy is an element of the cloud you cannot control
  • 45. Encrypt Early / Encrypt Often • Seriously, just encrypt your stuff • Logsup experiences • Multi-tenancy is an element of the cloud you cannot control • Same can be said of your VMWare, Xen, whatever infrastructure
  • 47. Cloud is Cheap! • Infrastructure as a Service (IaaS)
  • 48. Cloud is Cheap! • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS)
  • 49. Cloud is Cheap! • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Software as a Service (Saas)
  • 50. Cloud is Cheap! • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Software as a Service (Saas) • Cost vs Benefit vs Pulling Your Hair Out (like me)
  • 51. Logs in the Cloud – Long May it Rain
  • 52. Logs in the Cloud – Long May it Rain •YES you can have your logs from and in the cloud and you can analyze them too
  • 53. Logs in the Cloud – Long May it Rain •YES you can have your logs from and in the cloud and you can analyze them too •www.loggly.com
  • 54. Logs in the Cloud – Long May it Rain •YES you can have your logs from and in the cloud and you can analyze them too •www.loggly.com •www.splunkstorm.com
  • 55. Logs in the Cloud – Long May it Rain •YES you can have your logs from and in the cloud and you can analyze them too •www.loggly.com •www.splunkstorm.com • Access to your logs
  • 56. Logs in the Cloud – Long May it Rain •YES you can have your logs from and in the cloud and you can analyze them too •www.loggly.com •www.splunkstorm.com • Access to your logs • What to expect
  • 57. Logs in the Cloud – Long May it Rain •YES you can have your logs from and in the cloud and you can analyze them too •www.loggly.com •www.splunkstorm.com • Access to your logs • What to expect • What not to expect
  • 59. SLA or Seriously, Lawyers Again • Service Level Agreements
  • 60. SLA or Seriously, Lawyers Again • Service Level Agreements • Uptime guarantees
  • 61. SLA or Seriously, Lawyers Again • Service Level Agreements • Uptime guarantees • Compensation for violation
  • 62. SLA or Seriously, Lawyers Again • Service Level Agreements • Uptime guarantees • Compensation for violation • Some examples
  • 64. Random Stuff • Monitoring in/for the Cloud
  • 65. Random Stuff • Monitoring in/for the Cloud • Amazonian Law
  • 66. Random Stuff • Monitoring in/for the Cloud • Amazonian Law • Google App Engine
  • 67. Random Stuff • Monitoring in/for the Cloud • Amazonian Law • Google App Engine • Uses for various cloud tech
  • 68. Random Stuff • Monitoring in/for the Cloud • Amazonian Law • Google App Engine • Uses for various cloud tech • Password Cracking/Brute Force
  • 69. Random Stuff • Monitoring in/for the Cloud • Amazonian Law • Google App Engine • Uses for various cloud tech • Password Cracking/Brute Force • Penetration Testing
  • 70. Random Stuff • Monitoring in/for the Cloud • Amazonian Law • Google App Engine • Uses for various cloud tech • Password Cracking/Brute Force • Penetration Testing • QA Testing
  • 71. Random Stuff • Monitoring in/for the Cloud • Amazonian Law • Google App Engine • Uses for various cloud tech • Password Cracking/Brute Force • Penetration Testing • QA Testing • Auditing
  • 72. Wrap Up / Q&A • Wrap Up • Q&A • Possible Brawl? • This Presentation is Licensed Under Creative Commons

Hinweis der Redaktion

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n
  32. \n
  33. \n
  34. \n
  35. \n
  36. \n
  37. \n
  38. \n
  39. \n
  40. \n
  41. \n
  42. \n
  43. \n
  44. \n
  45. \n
  46. \n
  47. \n
  48. \n
  49. \n
  50. \n
  51. \n
  52. \n
  53. \n
  54. \n
  55. \n
  56. \n
  57. \n
  58. \n
  59. \n
  60. \n