Beyond the Hype: Understanding Cloud Security by Bryan D. Payne
description
Transcript of Beyond the Hype: Understanding Cloud Security by Bryan D. Payne
![Page 1: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/1.jpg)
Bryan D. Payne
Beyond the Hype: Understanding Cloud Security for Your Application
![Page 2: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/2.jpg)
2
To the cloud!
Learn all about cloud
Security concerns
This is hard!
Bryan D. Payne, Director of Security Research@bdpsecurity
![Page 3: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/3.jpg)
3
Attackers?
Where is my data?
Cloud provider
Other cloud tenants
Trust guest network?
How to access my instances?
Is there a right way?
My security policies?
Etc…
Bryan D. Payne, Director of Security Research@bdpsecurity
![Page 4: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/4.jpg)
4
Computer Security: What We Know
Better Worse
Design for security from the start Retrofit security when it’s important
Understand your threats Just make it secure
Understand your goals Seriously, just add some security
Pervasive security culture That paranoid guy has it under control
Bryan D. Payne, Director of Security Research@bdpsecurity
![Page 5: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/5.jpg)
5
Security Requires A Good Foundation
Bryan D. Payne, Director of Security Research@bdpsecurity
![Page 6: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/6.jpg)
6
Security Needs System-Level Thinking
Bryan D. Payne, Director of Security Research@bdpsecurity
![Page 7: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/7.jpg)
7
Example: Gene Sequence Analysis
• Variable workload• Sensitive patient data• Regulatory compliance• Computational integrity• Multiple tenants• Billing
Bryan D. Payne, Director of Security Research@bdpsecurity
+
![Page 8: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/8.jpg)
4 SECURITY QUESTIONS
Bryan D. Payne, Director of Security Research@bdpsecurity
![Page 9: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/9.jpg)
9
1. What are you protecting?
• Data• Computation
• CIA– Confidentiality– Integrity– Availability
Bryan D. Payne, Director of Security Research@bdpsecurity
![Page 10: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/10.jpg)
10
2. What is your risk tolerance?
Bryan D. Payne, Director of Security Research@bdpsecurity
• Mindset• Budget• Repercussions
![Page 11: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/11.jpg)
11
3. What are your threats?
Bryan D. Payne, Director of Security Research@bdpsecurity
• Adware• Botnets• Spyware• Corporate Espionage• Nation State Attacks• Curious Neighbor
![Page 12: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/12.jpg)
12
4. What is your attack surface?
Bryan D. Payne, Director of Security Research@bdpsecurity
• Network architecture• Cloud provider• Software config• API Usage• Users / Admins
![Page 13: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/13.jpg)
CLOUD SECURITY
Bryan D. Payne, Director of Security Research@bdpsecurity
![Page 14: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/14.jpg)
14
Public or Private (or Hybrid)?
Bryan D. Payne, Director of Security Research@bdpsecurity
protect
threats
risk
surface
Inside / Outside FirewallHardware / software control
Policy / regulation allow public?Professional managementCan’t choose your neighbors
Physical controlInsight into software stack
APIs available on the InternetArchitectural specificity
![Page 15: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/15.jpg)
15
What IaaS Provider?
Bryan D. Payne, Director of Security Research@bdpsecurity
protect
threats
risk
surface
![Page 16: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/16.jpg)
16
Key Points
• Get IaaS-layer security from provider
• Choose wisely, based on your needs
Bryan D. Payne, Director of Security Research@bdpsecurity
![Page 17: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/17.jpg)
CLOUD APPLICATION SECURITY
Bryan D. Payne, Director of Security Research@bdpsecurity
![Page 18: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/18.jpg)
18
What Does Your App Look Like?
Bryan D. Payne, Director of Security Research@bdpsecurity
![Page 19: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/19.jpg)
19
Access to App: Who and How?
Bryan D. Payne, Director of Security Research@bdpsecurity
Other cloud tenants (e.g., guest network)
Cloud admin
![Page 20: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/20.jpg)
20
Protecting App Data
Bryan D. Payne, Director of Security Research@bdpsecurity
![Page 21: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/21.jpg)
21
Protecting App Computation
Bryan D. Payne, Director of Security Research@bdpsecurity
![Page 22: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/22.jpg)
22
Unique Cloud App Security Concerns
• Entropy is hard to come by• Be careful with reusing images• Rapid, code-driven deployment– Keys stored inside your app, be careful
• Data persistence is tricky
Bryan D. Payne, Director of Security Research@bdpsecurity
![Page 23: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/23.jpg)
23
Key Points• Custom security is always hard
• The right IaaS platform can help
• Follow the community
• Cloud isn’t Legacy
Bryan D. Payne, Director of Security Research@bdpsecurity
![Page 24: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/24.jpg)
PUTTING IT ALL TOGETHER
Bryan D. Payne, Director of Security Research@bdpsecurity
![Page 25: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/25.jpg)
25
Cloud Provider Is Key
• Understand what you need
• Get the security you need at this level
• Don’t do this yourself
Bryan D. Payne, Director of Security Research@bdpsecurity
Protecting? Risk tolerance? Threats? Attack surface?
![Page 26: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/26.jpg)
26
Cloud App Security is Specialized
• Unique security concerns
• Get expert help, if needed
Bryan D. Payne, Director of Security Research@bdpsecurity
Protecting? Risk tolerance? Threats? Attack surface?
![Page 27: Beyond the Hype: Understanding Cloud Security by Bryan D. Payne](https://reader036.fdocuments.net/reader036/viewer/2022062513/5559191ed8b42a88038b4d8e/html5/thumbnails/27.jpg)
27
Trends to Watch For
• OpenStack Security Group
• Cloud Attestation
• Attack Surface Research
Bryan D. Payne, Director of Security Research@bdpsecurity
https://launchpad.net/~openstack-ossg
https://cloudsecurityalliance.org/research/big-data/
http://wiki.openstack.org/OpenAttestation
http://code.google.com/p/vmitools/