1 / 15

CLOUD SECURITY

CLOUD SECURITY. August 03, 2012. Agenda. Introduction Cloud 101 Enterprise Security Concerns Approaches and Options Q&A. Cloud 101. What You Get What You Don’t Get Why Do It Then?. Enterprise Security. As enterprises adopt cloud, security becoming more of a focus

bryony
Download Presentation

CLOUD SECURITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CLOUD SECURITY August 03, 2012

  2. Agenda • Introduction • Cloud 101 • Enterprise Security Concerns • Approaches and Options • Q&A

  3. Cloud 101 • What You Get • What You Don’t Get • Why Do It Then?

  4. Enterprise Security • As enterprises adopt cloud, security becoming more of a focus • Need to extend policies and procedures into the cloud • Traditional security concerns are different from cloud • Access Control • Directory Integration • API/Console Logging • Instance Logging • Key Management • Automation

  5. Access Control • Challenge: Without control, all users have access to everything • Accidental terminations • No control based on user’s role

  6. Access Control • Solution: Granular access controls • User access and actions based on their role

  7. Directory Integration • Challenge: Managing cloud as a one-off & forgetting to update correctly • Users who change jobs or leave not fully synced or removed • Solution: Synchronize/delegate authentication with LDAP/AD • Retains single point of control over user & authentication • Guest VMs do not talk directly to your LDAP/AD infrastructure • Users removed from LDAP are automatically removed from appropriate VMs

  8. API/Console Logging • Challenge: The compliance logging gap • Solution 1 – Manually update (not recommended) • Track updates through spreadsheet program • Maintain log book of actions • Full-time job • Greater room for error

  9. API/Console Logging • Challenge: The compliance logging gap • Solution 2 – Use Cloud Management Solution • Automated • Alerts for all actions – expected/unexpected

  10. Instance Logging • Challenge: Getting operating system/application logs from the VMs at the cloud provider into your normal log management solution • Solution 1 – Open access from cloud directly to log server

  11. Instance Logging • Challenge: Getting operating system/application logs from the VMs at the cloud provider into your normal log management solution • Solution 2 – Build log collectors directly on the cloud • Does not scale

  12. Instance Logging Challenge: Getting operating system/application logs from the VMs at the cloud provider into your normal log management solution Solution 3 – Use cloud management tool to transfer logs securely

  13. Key Management Challenge: Problematic due to ease & rate of deployments Can result in having 500 - 1000 keys to manage! Solution: Key Mgmt Solution + Cloud Mgmt Solution = built-in automation features No need for admins handling actual keys Lost and/or stolen keys greatly reduced

  14. Automation • Nature of cloud encourages automation & taking advantage of all functions – not only those labeled for security purposes • Vulnerability Scanning • Web App Scanning • Auto Scaling • Chef/Puppet • Reward is less risk and lower cost. • Worry less about little things & focus more efforts on bigger projects

  15. Thank you for attending!Any questions? David MortmanChief Security Architectdavid.mortman@enstratus.com@mortman

More Related