190 likes | 535 Views
CLOUD SECURITY. August 03, 2012. Agenda. Introduction Cloud 101 Enterprise Security Concerns Approaches and Options Q&A. Cloud 101. What You Get What You Don’t Get Why Do It Then?. Enterprise Security. As enterprises adopt cloud, security becoming more of a focus
E N D
CLOUD SECURITY August 03, 2012
Agenda • Introduction • Cloud 101 • Enterprise Security Concerns • Approaches and Options • Q&A
Cloud 101 • What You Get • What You Don’t Get • Why Do It Then?
Enterprise Security • As enterprises adopt cloud, security becoming more of a focus • Need to extend policies and procedures into the cloud • Traditional security concerns are different from cloud • Access Control • Directory Integration • API/Console Logging • Instance Logging • Key Management • Automation
Access Control • Challenge: Without control, all users have access to everything • Accidental terminations • No control based on user’s role
Access Control • Solution: Granular access controls • User access and actions based on their role
Directory Integration • Challenge: Managing cloud as a one-off & forgetting to update correctly • Users who change jobs or leave not fully synced or removed • Solution: Synchronize/delegate authentication with LDAP/AD • Retains single point of control over user & authentication • Guest VMs do not talk directly to your LDAP/AD infrastructure • Users removed from LDAP are automatically removed from appropriate VMs
API/Console Logging • Challenge: The compliance logging gap • Solution 1 – Manually update (not recommended) • Track updates through spreadsheet program • Maintain log book of actions • Full-time job • Greater room for error
API/Console Logging • Challenge: The compliance logging gap • Solution 2 – Use Cloud Management Solution • Automated • Alerts for all actions – expected/unexpected
Instance Logging • Challenge: Getting operating system/application logs from the VMs at the cloud provider into your normal log management solution • Solution 1 – Open access from cloud directly to log server
Instance Logging • Challenge: Getting operating system/application logs from the VMs at the cloud provider into your normal log management solution • Solution 2 – Build log collectors directly on the cloud • Does not scale
Instance Logging Challenge: Getting operating system/application logs from the VMs at the cloud provider into your normal log management solution Solution 3 – Use cloud management tool to transfer logs securely
Key Management Challenge: Problematic due to ease & rate of deployments Can result in having 500 - 1000 keys to manage! Solution: Key Mgmt Solution + Cloud Mgmt Solution = built-in automation features No need for admins handling actual keys Lost and/or stolen keys greatly reduced
Automation • Nature of cloud encourages automation & taking advantage of all functions – not only those labeled for security purposes • Vulnerability Scanning • Web App Scanning • Auto Scaling • Chef/Puppet • Reward is less risk and lower cost. • Worry less about little things & focus more efforts on bigger projects
Thank you for attending!Any questions? David MortmanChief Security Architectdavid.mortman@enstratus.com@mortman