O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Your only as strong as your
weakest link
Why your servers are just as important as your code
Edward Ogden
https://www.linkedin.com/in/edward-ogden-705b84a8
● Devops engineer
● SysAdmin (Site Reliability Engineer)
● ...
What’s to talk about?
● The role of a server
● Cloud Computing
● OWASP Top 10 Cloud Security Risk
● Future of hosting
The role of a server
● Serving customers with web/app content
● Data
- Personal information
- Finance details
● Storage
Ty...
Cloud Computing
So what is cloud hosting?
● On-demand self-service
● Broad network access
● Resource pooling
● Rapid elast...
OWASP Top 10 Cloud Security Risk
(Source OWASP)
R1:Accountability and Data Risk
What can be done?
1. Understand how the cloud provider secures that data, and how they det...
R2: Islands of User Identities
Risks:
● Managing identities across multiple providers
● Less control over user lifecycle (...
R3: Regulatory Compliance
You or your customers are responsible for the security and compliance with regulatory laws.
Risk...
R4: Business Continuity and Resiliency
March 2009
Microsoft Azure suffered an outage over a weekend.
Risks:
● Lack of know...
Future of hosting
● Serverless
● Containers (Docker/Kubernetes)
● NoSQL
● Migration from on prem to Cloud
● Automation
Thank you!
Edward Ogden
https://www.linkedin.com/in/edward-ogden-705b84a8
Próximos SlideShares
Carregando em…5
×

Your only as strong as your weakest link – Edward Ogden

25 visualizações

Publicada em

Servers are the root of all web apps and sites, it’s the central point that your clients/customers will connect to and where you put your code.
Many small and under resource companies that do there own hosting don’t normally put the time and investment in there hosting technology and this is where it starts to go wrong.
This talk will discuss what some of the dangers are and what could happen if an attacker gets into your infrastructure, we will also talk about how some simple changes to the infrastructure can reduce the risk of being attacked.

Publicada em: Software
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Your only as strong as your weakest link – Edward Ogden

  1. 1. Your only as strong as your weakest link Why your servers are just as important as your code
  2. 2. Edward Ogden https://www.linkedin.com/in/edward-ogden-705b84a8 ● Devops engineer ● SysAdmin (Site Reliability Engineer) ● Web Development ● IT Support
  3. 3. What’s to talk about? ● The role of a server ● Cloud Computing ● OWASP Top 10 Cloud Security Risk ● Future of hosting
  4. 4. The role of a server ● Serving customers with web/app content ● Data - Personal information - Finance details ● Storage Types of servers ● Cloud ● Datacenter ● On Prem ● Psychical computer ● Household kit
  5. 5. Cloud Computing So what is cloud hosting? ● On-demand self-service ● Broad network access ● Resource pooling ● Rapid elasticity ● Measured service Service models ● Infrastructure as a service (IaaS) ● Platform as a service (PaaS) ● Software as a service (SaaS) (National Institute of Standards and Technology)
  6. 6. OWASP Top 10 Cloud Security Risk (Source OWASP)
  7. 7. R1:Accountability and Data Risk What can be done? 1. Understand how the cloud provider secures that data, and how they detect and report compromises. 2. Geographical location of your data. 3. Know the situations in which a third party or government can seize the data. 4. Verify that the provider destroys your data when its deleted. 5. Check the providers SLA and T&C’s on where the responsibility lays if the provider is breached. July 15th 2009 Twitter disclosed that a hacker accessed a substantial amount of company data stored on Google Apps. What was the cause? Hacker hijacked an employee's official email account that had a weak password. OWASP Cloud Security Project
  8. 8. R2: Islands of User Identities Risks: ● Managing identities across multiple providers ● Less control over user lifecycle (off-boarding) ● User experience Mitigations ● Federated Identity ● OAuth for backend integrations ● Tighter user provisioning controls OWASP Cloud Security Project
  9. 9. R3: Regulatory Compliance You or your customers are responsible for the security and compliance with regulatory laws. Risks: ● Data that is perceived to be secure in one country may not be perceived secure in another country/region ● Lack of transparency in the underlying implementations makes it difficult for data owners to demonstrate compliance( SOX/HIPAA etc.) ● Lack of consistent standards and requirements for global regulatory compliance –data governance can no longer be viewed from a point-to-point data flow perspective but rather a multi-point to multi- point. ● European Union (EU) has very strict privacy laws and hence data stored in US may not comply with those EU laws (US Patriot Act allows federal agencies limitless powers to access any corporate data etc) OWASP Cloud Security Project
  10. 10. R4: Business Continuity and Resiliency March 2009 Microsoft Azure suffered an outage over a weekend. Risks: ● Lack of know-how and capabilities needed. ● Cloud provider may be acquired by a consumers competitor. ● Monetary losses due o outages Mitigations: ● Ensure customers Recovery Time Objectives (RTOs) are fully understood. ● Confirm that the cloud provider has an existing Business Continuity Policy. ● Check if the cloud provider has an active management support and a periodic review of the Business Continuity Program. ● Verify whether the cloud provider's Business Continuity Program is certified and/or mapped to internationally recognized standards such as BS 25999. OWASP Cloud Security Project
  11. 11. Future of hosting ● Serverless ● Containers (Docker/Kubernetes) ● NoSQL ● Migration from on prem to Cloud ● Automation
  12. 12. Thank you! Edward Ogden https://www.linkedin.com/in/edward-ogden-705b84a8

×