SlideShare una empresa de Scribd logo

Automating Security for the Cloud - Make it Easy, Make it Safe

Descargar como PPTX, PDF
CloudPassage
CloudPassage
Tecnología
1 de 46
Automating Security for the Cloud Make it easy, make it safe. Rand Wacker rand@cloudpassage.com @randwacker We’re Hiring! © 2012 CloudPassage Inc.
whoami Slides available soon on Rand Wacker community.cloudpassage.com @randwacker rand@cloudpassage.com Security Cloud UC Berkeley ✘ ✘ Oracle ✘ Amazon ✘ IronPort/ScanSafe ✘ ✘ Cisco ✘ CloudPassage ✘ ✘ © 2012 CloudPassage Inc.
DevOps and Security Big Data Analysts © 2012 CloudPassage Inc.
Shared Responsibility Model Responsibility EC2 Shared Responsibility Model Data Customer “…the customer should assume responsibility and management of, but not App Code limited to, the guest operating system.. and associated application software...” App Framework “…it is possible for customers to enhance Operating System security and/or meet more stringent compliance requirements with the addition of Virtual Machine Responsibility host based firewalls, host based Hypervisor intrusion detection/prevention, Provider encryption and key management.” Compute & Storage Amazon Web Services: Overview of Security Shared Network Processes Physical Facilities © 2012 CloudPassage Inc.
Survey: Cloud Security Practices Question: How do you secure your cloud servers today? Open source or custom-developed tools Commercial Tool We're not securing our cloud servers My provider does it for me Amazon Security Group Source: CloudPassage CloudSec Community Survey © 2012 CloudPassage Inc.
© 2012 CloudPassage Inc.
Cloud Security Challenges Metered Usage www-7 www-8 www-9 www-10 www-4 www-5 www-6 Cloud Provider B Temporary & Dynamic Deployments Cloud Provider A www-1 www-2 www-3 Multiple Cloud Environments Private Datacenter © 2012 CloudPassage Inc.
The Alfred E Newman Guide to Easy Cloud Security © 2012 CloudPassage Inc.
Firewalling in the Cloud: Beyond Simple Security Groups © 2012 CloudPassage Inc.
Traditional DC Protection Auth DB DB DB Server core core Firewal l Load App Load App Balancer Server Balancer Server dmz dmz Firewal l © 2012 CloudPassage Inc.
Moving to the Cloud Auth DB DB DB Server core core Firewal l Load App Load App Balancer Server Balancer Server dmz dmz Firewal l © 2012 CloudPassage Inc.
Moving to the Cloud Auth DB DB DB Server core core Firewal l Load App Load App Balancer Server Balancer Server dmz dmz Firewal l public cloud © 2012 CloudPassage Inc.
Cloud Servers at Risk Load Balancer App App Server Server DB Master public cloud © 2012 CloudPassage Inc.
Firewalling in the Cloud Load Balancer FW Halo App App Server Server FW FW Halo Halo DB Master FW Halo public cloud © 2012 CloudPassage Inc.
Firewalling in the Cloud Load Load Balancer Balancer FW FW Halo Halo App App App Server Server Server FW FW FW Halo Halo Halo DB DB Master Slave FW FW Halo Halo public cloud © 2012 CloudPassage Inc.
Firewalling in the Cloud Load Load Balancer Balancer FW FW Halo Halo App App App Server Server App Server FW FW Server FW IP Halo Halo Halo DB DB Master Slave FW FW Halo Halo public cloud © 2012 CloudPassage Inc.
Firewalling in the Cloud Load Load Balancer Balancer FW FW Halo Halo App App Server Server App FW FW Server IP Halo Halo DB DB Master Slave FW FW Halo Halo public cloud © 2012 CloudPassage Inc.
Multi-Cloud Firewalling App App DB DB App App Server Server Server Server FW FW FW FW FW FW Halo Halo Halo Halo Halo Halo US West Cloud US East Cloud Firewall DB DB Halo Halo Private Datacenter © 2012 CloudPassage Inc.
Multi-Cloud Firewalling App App DB DB App App Server Server Server Server FW FW FW FW FW FW Halo Halo Halo Halo Halo Halo US West Cloud US East Cloud Firewall DB DB Halo Halo Private Datacenter © 2012 CloudPassage Inc.
Lessons to Learn Whatever firewall options you have, use them Make sure your firewall rules are updated quickly Plan for the future, because you will be multi- cloud © 2012 CloudPassage Inc.
Controlling Access to Your Cloud Servers: Solving the Contractor Problem © 2012 CloudPassage Inc.
Meet Jed the Web Designer Jed is highly mobile Jed still uses FTP You hired Jed for design skills, not technical acumen How do you avoid Jed’s FTP access becoming a gaping hole in your server? © 2012 CloudPassage Inc.
WRONG WAY: Open Access Web ftp Server © 2012 CloudPassage Inc.
WRONG WAY: Open Access © 2012 CloudPassage Inc.
Manual Options - PITA MANUALLY turn FTP server on and off when Jed needs access? MANUALLY activate and deactivate account for Jed when he needs access? MANUALLY change firewall rules when Jed needs access? MANUALLY make Jed’s transfer for him? © 2012 CloudPassage Inc.
Halo Multi-Factor Cloud Auth Prevent brute force attacks on SSH and web applications YubiKey-generated one-time password No batteries or moving parts © 2012 CloudPassage Inc.
Using Multi-Factor Auth Web Server FW Halo © 2012 CloudPassage Inc.
Using Multi-Factor Auth DB Server FW Halo CloudPassa ge Halo https Halo Grid © 2012 CloudPassage Inc.
Using Multi-Factor Auth DB Server FW Halo CloudPassa ge Halo https Halo Grid © 2012 CloudPassage Inc.
Using Multi-Factor Auth DB Server FW Halo © 2012 CloudPassage Inc.
REMEMBER: Delete Jed!!! DB Server FW Halo De-provision Jed Remove GhostPorts Access, User Local Server Accounts Portal CloudPassa ge Halo https https RESTful Halo Grid API Gateway © 2012 CloudPassage Inc.
Lessons to Learn You may behave securely, but does everyone who works for you? Security that complicates daily tasks will be circumvented Make sure to clean up after others © 2012 CloudPassage Inc.
Automation will set you free, America… (Apologies to Alton Brown) © 2012 CloudPassage Inc.
Automatable Security Tasks • Scan for recent vulnerabilities of installed software packages. • Verify firewall rules match policy. • Alert administrators of missing server. • Get a report of every server that a user *does not* have an account on. • Get a report of every server that a user has an account on. • Get alerted if a new cloud server gets created. • Monitor for unauthorized/unexpected changes to application code files. • Make sure that init.d startup scripts can't be tampered with by non-root users. • Find server accounts that don’t have passwords (it happens). • Get a report of every server that a user *does not* have an account on. Many, many more at community.cloudpassage.com © 2012 CloudPassage Inc.
The Secure, Automated Cloud © 2012 CloudPassage Inc.
Wrapping Up © 2012 CloudPassage Inc.
Moral of the Story • Security of your cloud servers is your responsibility • Security risks in the cloud are real (just check your logs) • Security automation isn’t just a best practice, it makes your life easier © 2012 CloudPassage Inc.
How To Secure Cloud Servers Servers in hybrid and public clouds must be self- defending with highly automated controls like… Dynamic firewall & Server compromise & access control intrusion alerting Configuration and Server forensics and package security security analytics Server account Integration & automation visibility & control capabilities © 2012 CloudPassage Inc.
Try Halo FREE - 5 Minute Setup Register for Halo at cloudpassage.com/register Install Halo daemons on cloud servers Configure security policies in Halo web portal © 2012 CloudPassage Inc.
In Closing • CloudPassage Installfest March 28th! – Helpful cloud security advice! Pizza! Beer! – Free tickets: cloudpassage.eventbrite.com • Ask Questions! – Lots More Info: community.cloudpassage.com – Small Bits of Info: @cloudpassage • We’re hiring! We’re Expert in Security and/or Cloud? Hiring! DevOps, Rails, UX, Freemium Marketing – Email: jobs@cloudpassage.com © 2012 CloudPassage Inc.
Thank You! Rand Wacker rand@cloudpassage.com @randwacker © 2012 CloudPassage Inc.
What does CloudPassage do? Security for virtual servers running in public and private clouds Dynamic firewall Server & cloud event management alerting Configuration and Security & compliance vulnerability scanning auditing Server access and Server integrity & privilege management intrusion alerting  Cloud adoption without fear  Faster and easier compliance  Repel attacks on your servers  Free Basic version, 5 minutes setup © 2012 CloudPassage Inc.
CloudPassage Halo Architecture © 2012 CloudPassage Inc.
How It Works Halo • Halo Daemon Daemon www-1 – Ultra light-weight software – Installed on server image Halo – Automatically provisioned www-1 • Halo Grid – Elastic compute grid – Hosted by CloudPassage – Does the heavy lifting for the Halo Daemons Halo Grid © 2012 CloudPassage Inc.
www-1 Alerts, Reports www-1 www-2 and Trending www-3 www-4 Halo Halo Halo Halo User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2012 CloudPassage Inc.

Recomendados

Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsDelivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsCloudPassage
 
Delivering Secure OpenStack IaaS for SaaS Products - OpenStack 2012.pptx
Delivering Secure OpenStack IaaS for SaaS Products - OpenStack 2012.pptxDelivering Secure OpenStack IaaS for SaaS Products - OpenStack 2012.pptx
Delivering Secure OpenStack IaaS for SaaS Products - OpenStack 2012.pptxOpenStack Foundation
 
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingBayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingCloudPassage
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the CloudCloudPassage
 
Cloud Application Platforms – Reality & Promise
Cloud Application Platforms – Reality & PromiseCloud Application Platforms – Reality & Promise
Cloud Application Platforms – Reality & PromiseIntel Corporation
 
9 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 29 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 2Digicomp Academy AG
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsEucalyptus Systems, Inc.
 
Building a Hybrid Cloud
Building a Hybrid CloudBuilding a Hybrid Cloud
Building a Hybrid CloudSVForum Cloud SIG
 

Recomendados

Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsDelivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsCloudPassage
 
Delivering Secure OpenStack IaaS for SaaS Products - OpenStack 2012.pptx
Delivering Secure OpenStack IaaS for SaaS Products - OpenStack 2012.pptxDelivering Secure OpenStack IaaS for SaaS Products - OpenStack 2012.pptx
Delivering Secure OpenStack IaaS for SaaS Products - OpenStack 2012.pptxOpenStack Foundation
 
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingBayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingCloudPassage
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the CloudCloudPassage
 
Cloud Application Platforms – Reality & Promise
Cloud Application Platforms – Reality & PromiseCloud Application Platforms – Reality & Promise
Cloud Application Platforms – Reality & PromiseIntel Corporation
 
9 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 29 dani künzli citrix cloud solution 2
9 dani künzli citrix cloud solution 2Digicomp Academy AG
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsEucalyptus Systems, Inc.
 
Building a Hybrid Cloud
Building a Hybrid CloudBuilding a Hybrid Cloud
Building a Hybrid CloudSVForum Cloud SIG
 
17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvariaLuiz Gustavo Santos
 
Mon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrixMon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrixeurocloud
 
Cloud Foundry Open Tour Keynote
Cloud Foundry Open Tour KeynoteCloud Foundry Open Tour Keynote
Cloud Foundry Open Tour KeynoteRamnivasLaddad
 
NIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudNIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudKristian Nese
 
Enterprise Private Cloud Computing
Enterprise Private Cloud ComputingEnterprise Private Cloud Computing
Enterprise Private Cloud ComputingCisco Canada
 
CCitDG Presenation
CCitDG PresenationCCitDG Presenation
CCitDG PresenationDatabarracks
 
Databarracks using multi-provider hybrid clouds for freedom of choice and f...
Databarracks using multi-provider hybrid clouds for freedom of choice and f...Databarracks using multi-provider hybrid clouds for freedom of choice and f...
Databarracks using multi-provider hybrid clouds for freedom of choice and f...Databarracks
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Kim Jensen
 
Aras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the CloudAras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the CloudAras
 
Rackforce the cloud
Rackforce the cloudRackforce the cloud
Rackforce the cloudsdeconf
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemhtdvul
 
Cloud computing NIC 2012
Cloud computing NIC 2012Cloud computing NIC 2012
Cloud computing NIC 2012Kristian Nese
 
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Amazon Web Services
 
Softchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 ChangesSoftchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 ChangesSoftchoice Corporation
 
20210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #13
20210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #1320210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #13
20210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #13Amazon Web Services Japan
 
CLD306 pptx en web
CLD306 pptx en webCLD306 pptx en web
CLD306 pptx en webLionbridge International NASDAQ:LIOX
 
Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012Andy Parsons
 
Christian ferber cloud platform_cloudportal
Christian ferber cloud platform_cloudportalChristian ferber cloud platform_cloudportal
Christian ferber cloud platform_cloudportalDigicomp Academy AG
 
KVH Customer Case Study - Aplix Corporatin
KVH Customer Case Study - Aplix CorporatinKVH Customer Case Study - Aplix Corporatin
KVH Customer Case Study - Aplix CorporatinKVH Co. Ltd.
 
Back that *aa s up – bridging multiple clouds for bursting and redundancy
Back that *aa s up – bridging multiple clouds for bursting and redundancyBack that *aa s up – bridging multiple clouds for bursting and redundancy
Back that *aa s up – bridging multiple clouds for bursting and redundancyRightScale
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloudPassage
 
BSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the CloudBSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the CloudCloudPassage
 

Más contenido relacionado

La actualidad más candente

Mon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrixMon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrixeurocloud
 
Cloud Foundry Open Tour Keynote
Cloud Foundry Open Tour KeynoteCloud Foundry Open Tour Keynote
Cloud Foundry Open Tour KeynoteRamnivasLaddad
 
NIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudNIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudKristian Nese
 
Enterprise Private Cloud Computing
Enterprise Private Cloud ComputingEnterprise Private Cloud Computing
Enterprise Private Cloud ComputingCisco Canada
 
CCitDG Presenation
CCitDG PresenationCCitDG Presenation
CCitDG PresenationDatabarracks
 
Databarracks using multi-provider hybrid clouds for freedom of choice and f...
Databarracks using multi-provider hybrid clouds for freedom of choice and f...Databarracks using multi-provider hybrid clouds for freedom of choice and f...
Databarracks using multi-provider hybrid clouds for freedom of choice and f...Databarracks
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Kim Jensen
 
Aras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the CloudAras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the CloudAras
 
Rackforce the cloud
Rackforce the cloudRackforce the cloud
Rackforce the cloudsdeconf
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemhtdvul
 
Cloud computing NIC 2012
Cloud computing NIC 2012Cloud computing NIC 2012
Cloud computing NIC 2012Kristian Nese
 
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Amazon Web Services
 
Softchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 ChangesSoftchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 ChangesSoftchoice Corporation
 
20210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #13
20210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #1320210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #13
20210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #13Amazon Web Services Japan
 
Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012Andy Parsons
 
Christian ferber cloud platform_cloudportal
Christian ferber cloud platform_cloudportalChristian ferber cloud platform_cloudportal
Christian ferber cloud platform_cloudportalDigicomp Academy AG
 
KVH Customer Case Study - Aplix Corporatin
KVH Customer Case Study - Aplix CorporatinKVH Customer Case Study - Aplix Corporatin
KVH Customer Case Study - Aplix CorporatinKVH Co. Ltd.
 
Back that *aa s up – bridging multiple clouds for bursting and redundancy
Back that *aa s up – bridging multiple clouds for bursting and redundancyBack that *aa s up – bridging multiple clouds for bursting and redundancy
Back that *aa s up – bridging multiple clouds for bursting and redundancyRightScale
 

La actualidad más candente (20)

17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria
 
Mon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrixMon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrix
 
Cloud Foundry Open Tour Keynote
Cloud Foundry Open Tour KeynoteCloud Foundry Open Tour Keynote
Cloud Foundry Open Tour Keynote
 
NIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudNIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private Cloud
 
Enterprise Private Cloud Computing
Enterprise Private Cloud ComputingEnterprise Private Cloud Computing
Enterprise Private Cloud Computing
 
CCitDG Presenation
CCitDG PresenationCCitDG Presenation
CCitDG Presenation
 
Databarracks using multi-provider hybrid clouds for freedom of choice and f...
Databarracks using multi-provider hybrid clouds for freedom of choice and f...Databarracks using multi-provider hybrid clouds for freedom of choice and f...
Databarracks using multi-provider hybrid clouds for freedom of choice and f...
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
 
Aras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the CloudAras PLM Software Leveraging the Cloud
Aras PLM Software Leveraging the Cloud
 
Rackforce the cloud
Rackforce the cloudRackforce the cloud
Rackforce the cloud
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystem
 
Cloud computing NIC 2012
Cloud computing NIC 2012Cloud computing NIC 2012
Cloud computing NIC 2012
 
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012
 
Softchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 ChangesSoftchoice Webinar Series: VMware vSphere 5.1 Changes
Softchoice Webinar Series: VMware vSphere 5.1 Changes
 
20210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #13
20210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #1320210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #13
20210127 今日から始めるイベントドリブンアーキテクチャ AWS Expert Online #13
 
CLD306 pptx en web
CLD306 pptx en webCLD306 pptx en web
CLD306 pptx en web
 
Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012Ga cloud scaling 3 30-2012
Ga cloud scaling 3 30-2012
 
Christian ferber cloud platform_cloudportal
Christian ferber cloud platform_cloudportalChristian ferber cloud platform_cloudportal
Christian ferber cloud platform_cloudportal
 
KVH Customer Case Study - Aplix Corporatin
KVH Customer Case Study - Aplix CorporatinKVH Customer Case Study - Aplix Corporatin
KVH Customer Case Study - Aplix Corporatin
 
Back that *aa s up – bridging multiple clouds for bursting and redundancy
Back that *aa s up – bridging multiple clouds for bursting and redundancyBack that *aa s up – bridging multiple clouds for bursting and redundancy
Back that *aa s up – bridging multiple clouds for bursting and redundancy
 

Destacado

Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloudPassage
 
BSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the CloudBSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the CloudCloudPassage
 
Halo Installfest Slides
Halo Installfest SlidesHalo Installfest Slides
Halo Installfest SlidesCloudPassage
 
Automating secure server baselines with Chef
Automating secure server baselines with ChefAutomating secure server baselines with Chef
Automating secure server baselines with ChefChef Software, Inc.
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityCloudPassage
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectCloudPassage
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOpsCloudPassage
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessCloudPassage
 
CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage CareersCloudPassage
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageCloudPassage
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of ITCloudPassage
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerCloudPassage
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudGGV Capital
 

Destacado (14)

Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
 
BSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the CloudBSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the Cloud
 
Halo Installfest Slides
Halo Installfest SlidesHalo Installfest Slides
Halo Installfest Slides
 
Automating secure server baselines with Chef
Automating secure server baselines with ChefAutomating secure server baselines with Chef
Automating secure server baselines with Chef
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud Security
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
 
CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage Careers
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 

Similar a Automating Security for the Cloud - Make it Easy, Make it Safe

Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecSecuring Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecCloudPassage
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage OverviewCloudPassage
 
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid CloudsEucalyptus Systems, Inc.
 
Discover Clever Cloud
Discover Clever CloudDiscover Clever Cloud
Discover Clever CloudQuentin Adam
 
Cloud Escrow van Escrow Alliance
Cloud Escrow van Escrow AllianceCloud Escrow van Escrow Alliance
Cloud Escrow van Escrow AllianceEscrowDirect.eu
 
eFolder AppAssure Cloud Briefing_Public
eFolder AppAssure Cloud Briefing_PubliceFolder AppAssure Cloud Briefing_Public
eFolder AppAssure Cloud Briefing_PublicDropbox
 
Security in a Cloudy Architecture
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy ArchitectureBob Rhubart
 
Oracle Cloud Computing Strategy (EMO)
Oracle Cloud Computing Strategy (EMO)Oracle Cloud Computing Strategy (EMO)
Oracle Cloud Computing Strategy (EMO)rachgregs
 
Kaavo Introduction 08012011
Kaavo Introduction 08012011Kaavo Introduction 08012011
Kaavo Introduction 08012011sams2618
 
C bu07 cloud_offering_decoder
C bu07 cloud_offering_decoderC bu07 cloud_offering_decoder
C bu07 cloud_offering_decoderMegan Irvine
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Spring Data for JJUG for Cross Conference Fall
Spring Data for JJUG for Cross Conference Fall Spring Data for JJUG for Cross Conference Fall
Spring Data for JJUG for Cross Conference Fall Toshihiko Ikeda
 
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Amazon Web Services
 
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012Amazon Web Services
 
彭—Elastic architecture in cloud foundry and deploy with openstack
彭—Elastic architecture in cloud foundry and deploy with openstack彭—Elastic architecture in cloud foundry and deploy with openstack
彭—Elastic architecture in cloud foundry and deploy with openstackOpenCity Community
 
Clever Cloud PITCH on DWS
Clever Cloud PITCH on DWSClever Cloud PITCH on DWS
Clever Cloud PITCH on DWSQuentin Adam
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architectureVladimir Jirasek
 
The Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated IndustriesThe Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated Industriesdirkbeth
 
Getting Started Developing with Platform as a Service
Getting Started Developing with Platform as a ServiceGetting Started Developing with Platform as a Service
Getting Started Developing with Platform as a ServiceCloudBees
 

Similar a Automating Security for the Cloud - Make it Easy, Make it Safe (20)

Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecSecuring Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSec
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
 
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
 
Discover Clever Cloud
Discover Clever CloudDiscover Clever Cloud
Discover Clever Cloud
 
Cloud Escrow van Escrow Alliance
Cloud Escrow van Escrow AllianceCloud Escrow van Escrow Alliance
Cloud Escrow van Escrow Alliance
 
eFolder AppAssure Cloud Briefing_Public
eFolder AppAssure Cloud Briefing_PubliceFolder AppAssure Cloud Briefing_Public
eFolder AppAssure Cloud Briefing_Public
 
Security in a Cloudy Architecture
Security in a Cloudy ArchitectureSecurity in a Cloudy Architecture
Security in a Cloudy Architecture
 
Portability In The Cloud
Portability In The CloudPortability In The Cloud
Portability In The Cloud
 
Oracle Cloud Computing Strategy (EMO)
Oracle Cloud Computing Strategy (EMO)Oracle Cloud Computing Strategy (EMO)
Oracle Cloud Computing Strategy (EMO)
 
Kaavo Introduction 08012011
Kaavo Introduction 08012011Kaavo Introduction 08012011
Kaavo Introduction 08012011
 
C bu07 cloud_offering_decoder
C bu07 cloud_offering_decoderC bu07 cloud_offering_decoder
C bu07 cloud_offering_decoder
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Spring Data for JJUG for Cross Conference Fall
Spring Data for JJUG for Cross Conference Fall Spring Data for JJUG for Cross Conference Fall
Spring Data for JJUG for Cross Conference Fall
 
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
 
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
AWS Partner Presentation-Symantec-AWS Cloud Storage for the Enterprise 2012
 
彭—Elastic architecture in cloud foundry and deploy with openstack
彭—Elastic architecture in cloud foundry and deploy with openstack彭—Elastic architecture in cloud foundry and deploy with openstack
彭—Elastic architecture in cloud foundry and deploy with openstack
 
Clever Cloud PITCH on DWS
Clever Cloud PITCH on DWSClever Cloud PITCH on DWS
Clever Cloud PITCH on DWS
 
2012 10 cloud security architecture
2012 10 cloud security architecture2012 10 cloud security architecture
2012 10 cloud security architecture
 
The Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated IndustriesThe Move to the Cloud for Regulated Industries
The Move to the Cloud for Regulated Industries
 
Getting Started Developing with Platform as a Service
Getting Started Developing with Platform as a ServiceGetting Started Developing with Platform as a Service
Getting Started Developing with Platform as a Service
 

Más de CloudPassage

Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsCloudPassage
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the CloudCloudPassage
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachCloudPassage
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesCloudPassage
 

Más de CloudPassage (7)

Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated Approach
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 

Último

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 

Último (20)

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 

Automating Security for the Cloud - Make it Easy, Make it Safe

  • 1. Automating Security for the Cloud Make it easy, make it safe. Rand Wacker rand@cloudpassage.com @randwacker We’re Hiring! © 2012 CloudPassage Inc.
  • 2. whoami Slides available soon on Rand Wacker community.cloudpassage.com @randwacker rand@cloudpassage.com Security Cloud UC Berkeley ✘ ✘ Oracle ✘ Amazon ✘ IronPort/ScanSafe ✘ ✘ Cisco ✘ CloudPassage ✘ ✘ © 2012 CloudPassage Inc.
  • 3. DevOps and Security Big Data Analysts © 2012 CloudPassage Inc.
  • 4. Shared Responsibility Model Responsibility EC2 Shared Responsibility Model Data Customer “…the customer should assume responsibility and management of, but not App Code limited to, the guest operating system.. and associated application software...” App Framework “…it is possible for customers to enhance Operating System security and/or meet more stringent compliance requirements with the addition of Virtual Machine Responsibility host based firewalls, host based Hypervisor intrusion detection/prevention, Provider encryption and key management.” Compute & Storage Amazon Web Services: Overview of Security Shared Network Processes Physical Facilities © 2012 CloudPassage Inc.
  • 5. Survey: Cloud Security Practices Question: How do you secure your cloud servers today? Open source or custom-developed tools Commercial Tool We're not securing our cloud servers My provider does it for me Amazon Security Group Source: CloudPassage CloudSec Community Survey © 2012 CloudPassage Inc.
  • 7. Cloud Security Challenges Metered Usage www-7 www-8 www-9 www-10 www-4 www-5 www-6 Cloud Provider B Temporary & Dynamic Deployments Cloud Provider A www-1 www-2 www-3 Multiple Cloud Environments Private Datacenter © 2012 CloudPassage Inc.
  • 8. The Alfred E Newman Guide to Easy Cloud Security © 2012 CloudPassage Inc.
  • 9. Firewalling in the Cloud: Beyond Simple Security Groups © 2012 CloudPassage Inc.
  • 10.
  • 11. Traditional DC Protection Auth DB DB DB Server core core Firewal l Load App Load App Balancer Server Balancer Server dmz dmz Firewal l © 2012 CloudPassage Inc.
  • 12. Moving to the Cloud Auth DB DB DB Server core core Firewal l Load App Load App Balancer Server Balancer Server dmz dmz Firewal l © 2012 CloudPassage Inc.
  • 13. Moving to the Cloud Auth DB DB DB Server core core Firewal l Load App Load App Balancer Server Balancer Server dmz dmz Firewal l public cloud © 2012 CloudPassage Inc.
  • 14. Cloud Servers at Risk Load Balancer App App Server Server DB Master public cloud © 2012 CloudPassage Inc.
  • 15. Firewalling in the Cloud Load Balancer FW Halo App App Server Server FW FW Halo Halo DB Master FW Halo public cloud © 2012 CloudPassage Inc.
  • 16. Firewalling in the Cloud Load Load Balancer Balancer FW FW Halo Halo App App App Server Server Server FW FW FW Halo Halo Halo DB DB Master Slave FW FW Halo Halo public cloud © 2012 CloudPassage Inc.
  • 17. Firewalling in the Cloud Load Load Balancer Balancer FW FW Halo Halo App App App Server Server App Server FW FW Server FW IP Halo Halo Halo DB DB Master Slave FW FW Halo Halo public cloud © 2012 CloudPassage Inc.
  • 18. Firewalling in the Cloud Load Load Balancer Balancer FW FW Halo Halo App App Server Server App FW FW Server IP Halo Halo DB DB Master Slave FW FW Halo Halo public cloud © 2012 CloudPassage Inc.
  • 19. Multi-Cloud Firewalling App App DB DB App App Server Server Server Server FW FW FW FW FW FW Halo Halo Halo Halo Halo Halo US West Cloud US East Cloud Firewall DB DB Halo Halo Private Datacenter © 2012 CloudPassage Inc.
  • 20. Multi-Cloud Firewalling App App DB DB App App Server Server Server Server FW FW FW FW FW FW Halo Halo Halo Halo Halo Halo US West Cloud US East Cloud Firewall DB DB Halo Halo Private Datacenter © 2012 CloudPassage Inc.
  • 21. Lessons to Learn Whatever firewall options you have, use them Make sure your firewall rules are updated quickly Plan for the future, because you will be multi- cloud © 2012 CloudPassage Inc.
  • 22. Controlling Access to Your Cloud Servers: Solving the Contractor Problem © 2012 CloudPassage Inc.
  • 23. Meet Jed the Web Designer Jed is highly mobile Jed still uses FTP You hired Jed for design skills, not technical acumen How do you avoid Jed’s FTP access becoming a gaping hole in your server? © 2012 CloudPassage Inc.
  • 24. WRONG WAY: Open Access Web ftp Server © 2012 CloudPassage Inc.
  • 25. WRONG WAY: Open Access © 2012 CloudPassage Inc.
  • 26. Manual Options - PITA MANUALLY turn FTP server on and off when Jed needs access? MANUALLY activate and deactivate account for Jed when he needs access? MANUALLY change firewall rules when Jed needs access? MANUALLY make Jed’s transfer for him? © 2012 CloudPassage Inc.
  • 27. Halo Multi-Factor Cloud Auth Prevent brute force attacks on SSH and web applications YubiKey-generated one-time password No batteries or moving parts © 2012 CloudPassage Inc.
  • 28. Using Multi-Factor Auth Web Server FW Halo © 2012 CloudPassage Inc.
  • 29. Using Multi-Factor Auth DB Server FW Halo CloudPassa ge Halo https Halo Grid © 2012 CloudPassage Inc.
  • 30. Using Multi-Factor Auth DB Server FW Halo CloudPassa ge Halo https Halo Grid © 2012 CloudPassage Inc.
  • 31. Using Multi-Factor Auth DB Server FW Halo © 2012 CloudPassage Inc.
  • 32. REMEMBER: Delete Jed!!! DB Server FW Halo De-provision Jed Remove GhostPorts Access, User Local Server Accounts Portal CloudPassa ge Halo https https RESTful Halo Grid API Gateway © 2012 CloudPassage Inc.
  • 33. Lessons to Learn You may behave securely, but does everyone who works for you? Security that complicates daily tasks will be circumvented Make sure to clean up after others © 2012 CloudPassage Inc.
  • 34. Automation will set you free, America… (Apologies to Alton Brown) © 2012 CloudPassage Inc.
  • 35. Automatable Security Tasks • Scan for recent vulnerabilities of installed software packages. • Verify firewall rules match policy. • Alert administrators of missing server. • Get a report of every server that a user *does not* have an account on. • Get a report of every server that a user has an account on. • Get alerted if a new cloud server gets created. • Monitor for unauthorized/unexpected changes to application code files. • Make sure that init.d startup scripts can't be tampered with by non-root users. • Find server accounts that don’t have passwords (it happens). • Get a report of every server that a user *does not* have an account on. Many, many more at community.cloudpassage.com © 2012 CloudPassage Inc.
  • 36. The Secure, Automated Cloud © 2012 CloudPassage Inc.
  • 37. Wrapping Up © 2012 CloudPassage Inc.
  • 38. Moral of the Story • Security of your cloud servers is your responsibility • Security risks in the cloud are real (just check your logs) • Security automation isn’t just a best practice, it makes your life easier © 2012 CloudPassage Inc.
  • 39. How To Secure Cloud Servers Servers in hybrid and public clouds must be self- defending with highly automated controls like… Dynamic firewall & Server compromise & access control intrusion alerting Configuration and Server forensics and package security security analytics Server account Integration & automation visibility & control capabilities © 2012 CloudPassage Inc.
  • 40. Try Halo FREE - 5 Minute Setup Register for Halo at cloudpassage.com/register Install Halo daemons on cloud servers Configure security policies in Halo web portal © 2012 CloudPassage Inc.
  • 41. In Closing • CloudPassage Installfest March 28th! – Helpful cloud security advice! Pizza! Beer! – Free tickets: cloudpassage.eventbrite.com • Ask Questions! – Lots More Info: community.cloudpassage.com – Small Bits of Info: @cloudpassage • We’re hiring! We’re Expert in Security and/or Cloud? Hiring! DevOps, Rails, UX, Freemium Marketing – Email: jobs@cloudpassage.com © 2012 CloudPassage Inc.
  • 42. Thank You! Rand Wacker rand@cloudpassage.com @randwacker © 2012 CloudPassage Inc.
  • 43. What does CloudPassage do? Security for virtual servers running in public and private clouds Dynamic firewall Server & cloud event management alerting Configuration and Security & compliance vulnerability scanning auditing Server access and Server integrity & privilege management intrusion alerting  Cloud adoption without fear  Faster and easier compliance  Repel attacks on your servers  Free Basic version, 5 minutes setup © 2012 CloudPassage Inc.
  • 44. CloudPassage Halo Architecture © 2012 CloudPassage Inc.
  • 45. How It Works Halo • Halo Daemon Daemon www-1 – Ultra light-weight software – Installed on server image Halo – Automatically provisioned www-1 • Halo Grid – Elastic compute grid – Hosted by CloudPassage – Does the heavy lifting for the Halo Daemons Halo Grid © 2012 CloudPassage Inc.
  • 46. www-1 Alerts, Reports www-1 www-2 and Trending www-3 www-4 Halo Halo Halo Halo User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2012 CloudPassage Inc.

Notas del editor

  1. SAASFast and easyThe only cloud security platform built for the cloud