Cloudy SecurityBringing Cloud operational benefits to the world of security and privacy

Gilad Parann-Nissany

http://www.porticor.comcontact@porticor.com

DefCon Group 9723 Meetup, December 21st, 2010

12/22/2010 www.porticor.com © PORTICOR 2009, 2010

12/22/2010 www.porticor.com © PORTICOR 2009, 2010 2

Securing the Cloud

Cloud Operations

Cloudy Security

• Focus: public cloud

– Because its in some ways more challenging than private cloud

• Focus: IaaS/PaaS

– SaaS controlled by vendor

12/22/2010 www.porticor.com © PORTICOR 2009, 2010 3

“Cloudy” Security

• Shared Technology Vulnerabilities

• Data Loss/Data Leakage

• Malicious Insiders

• Account Service or Hijacking of Traffic

• Insecure APIs

• Nefarious Use of Service

• Unknown Risk Profile

12/22/2010 www.porticor.com © PORTICOR 2009, 2010 4

Threat Analysis: I/PaaS

IaaSInfrastructure as a

Service

PaaSPlatform as a Service

(*) courtesy “Cloud Security Alliance: Assuring the future of Cloud Computing”: S. Loureiro, 2010

Security with Cloud

Economics

Cloud Ops

Multi-layered Security

Security in the Cloud

12/22/2010 Confidential ©Porticor

Concept

12/22/2010 Confidential ©Porticor

Bu

siness

Cu

stom

er

Elements of Cloud Data Security

Virtual Private Data™

Fully addresses Business security

concerns

Cloud Ops

•Deployed in minutes

•Pay as you go

Comprehensive Data Protection

•Virtual Disks

•DBs

•Distributed StorageCloud Key

Management

Audit & Compliance (SIM/SOC)

12/22/2010 Confidential ©Porticor

12/22/2010 Confidential ©Porticor