Enviar pesquisa
Carregar
Automating Security for the Cloud - Make it Easy, Make it Safe
•
Transferir como PPTX, PDF
•
0 gostou
•
832 visualizações
CloudPassage
Seguir
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 46
Baixar agora
Recomendados
Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS Products
CloudPassage
Delivering Secure OpenStack IaaS for SaaS Products - OpenStack 2012.pptx
Delivering Secure OpenStack IaaS for SaaS Products - OpenStack 2012.pptx
OpenStack Foundation
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes Everything
CloudPassage
PCI and the Cloud
PCI and the Cloud
CloudPassage
Cloud Application Platforms – Reality & Promise
Cloud Application Platforms – Reality & Promise
Intel Corporation
9 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 2
Digicomp Academy AG
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Eucalyptus Systems, Inc.
Building a Hybrid Cloud
Building a Hybrid Cloud
SVForum Cloud SIG
Recomendados
Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS Products
CloudPassage
Delivering Secure OpenStack IaaS for SaaS Products - OpenStack 2012.pptx
Delivering Secure OpenStack IaaS for SaaS Products - OpenStack 2012.pptx
OpenStack Foundation
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes Everything
CloudPassage
PCI and the Cloud
PCI and the Cloud
CloudPassage
Cloud Application Platforms – Reality & Promise
Cloud Application Platforms – Reality & Promise
Intel Corporation
9 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 2
Digicomp Academy AG
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Eucalyptus Systems, Inc.
Building a Hybrid Cloud
Building a Hybrid Cloud
SVForum Cloud SIG
17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria
Luiz Gustavo Santos
Mon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrix
eurocloud
Cloud Foundry Open Tour Keynote
Cloud Foundry Open Tour Keynote
RamnivasLaddad
NIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private Cloud
Kristian Nese
Enterprise Private Cloud Computing
Enterprise Private Cloud Computing
Cisco Canada
CCitDG Presenation
CCitDG Presenation
Databarracks
Databarracks using multi-provider hybrid clouds for freedom of choice and f...
Databarracks using multi-provider hybrid clouds for freedom of choice and f...
Databarracks
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
Kim Jensen
Aras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the Cloud
Aras
Rackforce the cloud
Rackforce the cloud
sdeconf
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystem
htdvul
Cloud computing NIC 2012
Cloud computing NIC 2012
Kristian Nese
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012
Amazon Web Services
Softchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Corporation
20210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #13
20210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #13
Amazon Web Services Japan
CLD306 pptx en web
CLD306 pptx en web
Lionbridge International NASDAQ:LIOX
Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012
Andy Parsons
Christian ferber cloud platform_cloudportal
Christian ferber cloud platform_cloudportal
Digicomp Academy AG
KVH Customer Case Study - Aplix Corporatin
KVH Customer Case Study - Aplix Corporatin
KVH Co. Ltd.
Back that *aa s up – bridging multiple clouds for bursting and redundancy
Back that *aa s up – bridging multiple clouds for bursting and redundancy
RightScale
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
CloudPassage
BSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the Cloud
CloudPassage
Mais conteúdo relacionado
Mais procurados
17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria
Luiz Gustavo Santos
Mon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrix
eurocloud
Cloud Foundry Open Tour Keynote
Cloud Foundry Open Tour Keynote
RamnivasLaddad
NIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private Cloud
Kristian Nese
Enterprise Private Cloud Computing
Enterprise Private Cloud Computing
Cisco Canada
CCitDG Presenation
CCitDG Presenation
Databarracks
Databarracks using multi-provider hybrid clouds for freedom of choice and f...
Databarracks using multi-provider hybrid clouds for freedom of choice and f...
Databarracks
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
Kim Jensen
Aras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the Cloud
Aras
Rackforce the cloud
Rackforce the cloud
sdeconf
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystem
htdvul
Cloud computing NIC 2012
Cloud computing NIC 2012
Kristian Nese
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012
Amazon Web Services
Softchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Corporation
20210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #13
20210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #13
Amazon Web Services Japan
CLD306 pptx en web
CLD306 pptx en web
Lionbridge International NASDAQ:LIOX
Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012
Andy Parsons
Christian ferber cloud platform_cloudportal
Christian ferber cloud platform_cloudportal
Digicomp Academy AG
KVH Customer Case Study - Aplix Corporatin
KVH Customer Case Study - Aplix Corporatin
KVH Co. Ltd.
Back that *aa s up – bridging multiple clouds for bursting and redundancy
Back that *aa s up – bridging multiple clouds for bursting and redundancy
RightScale
Mais procurados
(20)
17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria
Mon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrix
Cloud Foundry Open Tour Keynote
Cloud Foundry Open Tour Keynote
NIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private Cloud
Enterprise Private Cloud Computing
Enterprise Private Cloud Computing
CCitDG Presenation
CCitDG Presenation
Databarracks using multi-provider hybrid clouds for freedom of choice and f...
Databarracks using multi-provider hybrid clouds for freedom of choice and f...
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
Aras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the Cloud
Rackforce the cloud
Rackforce the cloud
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystem
Cloud computing NIC 2012
Cloud computing NIC 2012
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012
Softchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 Changes
20210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #13
20210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #13
CLD306 pptx en web
CLD306 pptx en web
Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012
Christian ferber cloud platform_cloudportal
Christian ferber cloud platform_cloudportal
KVH Customer Case Study - Aplix Corporatin
KVH Customer Case Study - Aplix Corporatin
Back that *aa s up – bridging multiple clouds for bursting and redundancy
Back that *aa s up – bridging multiple clouds for bursting and redundancy
Destaque
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
CloudPassage
BSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the Cloud
CloudPassage
Halo Installfest Slides
Halo Installfest Slides
CloudPassage
Automating secure server baselines with Chef
Automating secure server baselines with Chef
Chef Software, Inc.
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud Security
CloudPassage
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
CloudPassage
Integrating Security into DevOps
Integrating Security into DevOps
CloudPassage
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
CloudPassage
CloudPassage Careers
CloudPassage Careers
CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
CloudPassage
SecDevOps: The New Black of IT
SecDevOps: The New Black of IT
CloudPassage
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
CloudPassage
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
CloudPassage
Securing the Cloud
Securing the Cloud
GGV Capital
Destaque
(14)
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
BSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the Cloud
Halo Installfest Slides
Halo Installfest Slides
Automating secure server baselines with Chef
Automating secure server baselines with Chef
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud Security
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
Integrating Security into DevOps
Integrating Security into DevOps
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
CloudPassage Careers
CloudPassage Careers
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
SecDevOps: The New Black of IT
SecDevOps: The New Black of IT
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Securing the Cloud
Securing the Cloud
Semelhante a Automating Security for the Cloud - Make it Easy, Make it Safe
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSec
CloudPassage
CloudPassage Overview
CloudPassage Overview
CloudPassage
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Eucalyptus Systems, Inc.
Discover Clever Cloud
Discover Clever Cloud
Quentin Adam
Cloud Escrow van Escrow Alliance
Cloud Escrow van Escrow Alliance
EscrowDirect.eu
eFolder AppAssure Cloud Briefing_Public
eFolder AppAssure Cloud Briefing_Public
Dropbox
Security in a Cloudy Architecture
Security in a Cloudy Architecture
Bob Rhubart
Portability In The Cloud
Portability In The Cloud
Bharath Ram Srinivasan
Oracle Cloud Computing Strategy (EMO)
Oracle Cloud Computing Strategy (EMO)
rachgregs
Kaavo Introduction 08012011
Kaavo Introduction 08012011
sams2618
C bu07 cloud_offering_decoder
C bu07 cloud_offering_decoder
Megan Irvine
Cloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
Spring Data for JJUG for Cross Conference Fall
Spring Data for JJUG for Cross Conference Fall
Toshihiko Ikeda
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Amazon Web Services
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
Amazon Web Services
彭—Elastic architecture in cloud foundry and deploy with openstack
彭—Elastic architecture in cloud foundry and deploy with openstack
OpenCity Community
Clever Cloud PITCH on DWS
Clever Cloud PITCH on DWS
Quentin Adam
2012 10 cloud security architecture
2012 10 cloud security architecture
Vladimir Jirasek
The Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated Industries
dirkbeth
Getting Started Developing with Platform as a Service
Getting Started Developing with Platform as a Service
CloudBees
Semelhante a Automating Security for the Cloud - Make it Easy, Make it Safe
(20)
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSec
CloudPassage Overview
CloudPassage Overview
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Discover Clever Cloud
Discover Clever Cloud
Cloud Escrow van Escrow Alliance
Cloud Escrow van Escrow Alliance
eFolder AppAssure Cloud Briefing_Public
eFolder AppAssure Cloud Briefing_Public
Security in a Cloudy Architecture
Security in a Cloudy Architecture
Portability In The Cloud
Portability In The Cloud
Oracle Cloud Computing Strategy (EMO)
Oracle Cloud Computing Strategy (EMO)
Kaavo Introduction 08012011
Kaavo Introduction 08012011
C bu07 cloud_offering_decoder
C bu07 cloud_offering_decoder
Cloud security and security architecture
Cloud security and security architecture
Spring Data for JJUG for Cross Conference Fall
Spring Data for JJUG for Cross Conference Fall
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
彭—Elastic architecture in cloud foundry and deploy with openstack
彭—Elastic architecture in cloud foundry and deploy with openstack
Clever Cloud PITCH on DWS
Clever Cloud PITCH on DWS
2012 10 cloud security architecture
2012 10 cloud security architecture
The Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated Industries
Getting Started Developing with Platform as a Service
Getting Started Developing with Platform as a Service
Mais de CloudPassage
Webinar compiled powerpoint
Webinar compiled powerpoint
CloudPassage
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
CloudPassage
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
CloudPassage
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
CloudPassage
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
CloudPassage
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated Approach
CloudPassage
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
CloudPassage
Mais de CloudPassage
(7)
Webinar compiled powerpoint
Webinar compiled powerpoint
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated Approach
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
Último
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
Sujit Pal
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Paola De la Torre
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Scott Keck-Warren
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Último
(20)
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Automating Security for the Cloud - Make it Easy, Make it Safe
1.
Automating Security for
the Cloud Make it easy, make it safe. Rand Wacker rand@cloudpassage.com @randwacker We’re Hiring! © 2012 CloudPassage Inc.
2.
whoami
Slides available soon on Rand Wacker community.cloudpassage.com @randwacker rand@cloudpassage.com Security Cloud UC Berkeley ✘ ✘ Oracle ✘ Amazon ✘ IronPort/ScanSafe ✘ ✘ Cisco ✘ CloudPassage ✘ ✘ © 2012 CloudPassage Inc.
3.
DevOps and Security
Big Data Analysts © 2012 CloudPassage Inc.
4.
Shared Responsibility Model
Responsibility EC2 Shared Responsibility Model Data Customer “…the customer should assume responsibility and management of, but not App Code limited to, the guest operating system.. and associated application software...” App Framework “…it is possible for customers to enhance Operating System security and/or meet more stringent compliance requirements with the addition of Virtual Machine Responsibility host based firewalls, host based Hypervisor intrusion detection/prevention, Provider encryption and key management.” Compute & Storage Amazon Web Services: Overview of Security Shared Network Processes Physical Facilities © 2012 CloudPassage Inc.
5.
Survey: Cloud Security
Practices Question: How do you secure your cloud servers today? Open source or custom-developed tools Commercial Tool We're not securing our cloud servers My provider does it for me Amazon Security Group Source: CloudPassage CloudSec Community Survey © 2012 CloudPassage Inc.
6.
© 2012 CloudPassage
Inc.
7.
Cloud Security Challenges
Metered Usage www-7 www-8 www-9 www-10 www-4 www-5 www-6 Cloud Provider B Temporary & Dynamic Deployments Cloud Provider A www-1 www-2 www-3 Multiple Cloud Environments Private Datacenter © 2012 CloudPassage Inc.
8.
The Alfred E
Newman Guide to Easy Cloud Security © 2012 CloudPassage Inc.
9.
Firewalling in the
Cloud: Beyond Simple Security Groups © 2012 CloudPassage Inc.
10.
11.
Traditional DC Protection
Auth DB DB DB Server core core Firewal l Load App Load App Balancer Server Balancer Server dmz dmz Firewal l © 2012 CloudPassage Inc.
12.
Moving to the
Cloud Auth DB DB DB Server core core Firewal l Load App Load App Balancer Server Balancer Server dmz dmz Firewal l © 2012 CloudPassage Inc.
13.
Moving to the
Cloud Auth DB DB DB Server core core Firewal l Load App Load App Balancer Server Balancer Server dmz dmz Firewal l public cloud © 2012 CloudPassage Inc.
14.
Cloud Servers at
Risk Load Balancer App App Server Server DB Master public cloud © 2012 CloudPassage Inc.
15.
Firewalling in the
Cloud Load Balancer FW Halo App App Server Server FW FW Halo Halo DB Master FW Halo public cloud © 2012 CloudPassage Inc.
16.
Firewalling in the
Cloud Load Load Balancer Balancer FW FW Halo Halo App App App Server Server Server FW FW FW Halo Halo Halo DB DB Master Slave FW FW Halo Halo public cloud © 2012 CloudPassage Inc.
17.
Firewalling in the
Cloud Load Load Balancer Balancer FW FW Halo Halo App App App Server Server App Server FW FW Server FW IP Halo Halo Halo DB DB Master Slave FW FW Halo Halo public cloud © 2012 CloudPassage Inc.
18.
Firewalling in the
Cloud Load Load Balancer Balancer FW FW Halo Halo App App Server Server App FW FW Server IP Halo Halo DB DB Master Slave FW FW Halo Halo public cloud © 2012 CloudPassage Inc.
19.
Multi-Cloud Firewalling
App App DB DB App App Server Server Server Server FW FW FW FW FW FW Halo Halo Halo Halo Halo Halo US West Cloud US East Cloud Firewall DB DB Halo Halo Private Datacenter © 2012 CloudPassage Inc.
20.
Multi-Cloud Firewalling
App App DB DB App App Server Server Server Server FW FW FW FW FW FW Halo Halo Halo Halo Halo Halo US West Cloud US East Cloud Firewall DB DB Halo Halo Private Datacenter © 2012 CloudPassage Inc.
21.
Lessons to Learn
Whatever firewall options you have, use them Make sure your firewall rules are updated quickly Plan for the future, because you will be multi- cloud © 2012 CloudPassage Inc.
22.
Controlling Access to
Your Cloud Servers: Solving the Contractor Problem © 2012 CloudPassage Inc.
23.
Meet Jed the
Web Designer Jed is highly mobile Jed still uses FTP You hired Jed for design skills, not technical acumen How do you avoid Jed’s FTP access becoming a gaping hole in your server? © 2012 CloudPassage Inc.
24.
WRONG WAY: Open
Access Web ftp Server © 2012 CloudPassage Inc.
25.
WRONG WAY: Open
Access © 2012 CloudPassage Inc.
26.
Manual Options -
PITA MANUALLY turn FTP server on and off when Jed needs access? MANUALLY activate and deactivate account for Jed when he needs access? MANUALLY change firewall rules when Jed needs access? MANUALLY make Jed’s transfer for him? © 2012 CloudPassage Inc.
27.
Halo Multi-Factor Cloud
Auth Prevent brute force attacks on SSH and web applications YubiKey-generated one-time password No batteries or moving parts © 2012 CloudPassage Inc.
28.
Using Multi-Factor Auth
Web Server FW Halo © 2012 CloudPassage Inc.
29.
Using Multi-Factor Auth
DB Server FW Halo CloudPassa ge Halo https Halo Grid © 2012 CloudPassage Inc.
30.
Using Multi-Factor Auth
DB Server FW Halo CloudPassa ge Halo https Halo Grid © 2012 CloudPassage Inc.
31.
Using Multi-Factor Auth
DB Server FW Halo © 2012 CloudPassage Inc.
32.
REMEMBER: Delete Jed!!!
DB Server FW Halo De-provision Jed Remove GhostPorts Access, User Local Server Accounts Portal CloudPassa ge Halo https https RESTful Halo Grid API Gateway © 2012 CloudPassage Inc.
33.
Lessons to Learn
You may behave securely, but does everyone who works for you? Security that complicates daily tasks will be circumvented Make sure to clean up after others © 2012 CloudPassage Inc.
34.
Automation will set
you free, America… (Apologies to Alton Brown) © 2012 CloudPassage Inc.
35.
Automatable Security Tasks •
Scan for recent vulnerabilities of installed software packages. • Verify firewall rules match policy. • Alert administrators of missing server. • Get a report of every server that a user *does not* have an account on. • Get a report of every server that a user has an account on. • Get alerted if a new cloud server gets created. • Monitor for unauthorized/unexpected changes to application code files. • Make sure that init.d startup scripts can't be tampered with by non-root users. • Find server accounts that don’t have passwords (it happens). • Get a report of every server that a user *does not* have an account on. Many, many more at community.cloudpassage.com © 2012 CloudPassage Inc.
36.
The Secure, Automated
Cloud © 2012 CloudPassage Inc.
37.
Wrapping Up © 2012
CloudPassage Inc.
38.
Moral of the
Story • Security of your cloud servers is your responsibility • Security risks in the cloud are real (just check your logs) • Security automation isn’t just a best practice, it makes your life easier © 2012 CloudPassage Inc.
39.
How To Secure
Cloud Servers Servers in hybrid and public clouds must be self- defending with highly automated controls like… Dynamic firewall & Server compromise & access control intrusion alerting Configuration and Server forensics and package security security analytics Server account Integration & automation visibility & control capabilities © 2012 CloudPassage Inc.
40.
Try Halo FREE
- 5 Minute Setup Register for Halo at cloudpassage.com/register Install Halo daemons on cloud servers Configure security policies in Halo web portal © 2012 CloudPassage Inc.
41.
In Closing
• CloudPassage Installfest March 28th! – Helpful cloud security advice! Pizza! Beer! – Free tickets: cloudpassage.eventbrite.com • Ask Questions! – Lots More Info: community.cloudpassage.com – Small Bits of Info: @cloudpassage • We’re hiring! We’re Expert in Security and/or Cloud? Hiring! DevOps, Rails, UX, Freemium Marketing – Email: jobs@cloudpassage.com © 2012 CloudPassage Inc.
42.
Thank You!
Rand Wacker rand@cloudpassage.com @randwacker © 2012 CloudPassage Inc.
43.
What does CloudPassage
do? Security for virtual servers running in public and private clouds Dynamic firewall Server & cloud event management alerting Configuration and Security & compliance vulnerability scanning auditing Server access and Server integrity & privilege management intrusion alerting Cloud adoption without fear Faster and easier compliance Repel attacks on your servers Free Basic version, 5 minutes setup © 2012 CloudPassage Inc.
44.
CloudPassage Halo
Architecture © 2012 CloudPassage Inc.
45.
How It Works
Halo • Halo Daemon Daemon www-1 – Ultra light-weight software – Installed on server image Halo – Automatically provisioned www-1 • Halo Grid – Elastic compute grid – Hosted by CloudPassage – Does the heavy lifting for the Halo Daemons Halo Grid © 2012 CloudPassage Inc.
46.
www-1
Alerts, Reports www-1 www-2 and Trending www-3 www-4 Halo Halo Halo Halo User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2012 CloudPassage Inc.
Notas do Editor
SAASFast and easyThe only cloud security platform built for the cloud
Baixar agora