- Weather forecast -partly cloudy, cooler and with some fog

by Vitor Domingosweatherman

Vitor Domingosvd@prt.schttp://vitordomingos.com

- cloud computing & security consultant- thenextweb.com editor- mobilemonday.net PT founder- videocaster (http://alt.prt.sc)

- ex failed entrepreneur- ex ITIJ / MJ- ex CGD- ex forumB2B- ex Maxitel- ex Jazztel

* as seen on regular weather channel

Cloud Computing is ?

- Network as a cloud

- Network is the computer (SUN moto)

- TCP/IP abstraction (1st cloud)

- www data abstraction (2nd cloud)

- Virtualization (3rd cloud)

Bottom line:

- Virtualization done right, with webservices

Cloud Computing is !

- on-demand self-service

- ubiquitous network access

- location independent resource pooling

- rapid elasticity and capacity

- measured service

- pay as you go

- abstract resources

CCaaS

- Software as a Service

- SalesForce

- Platform as a Service

- Google App Engine- Microsoft Azure

- Infrastructure as a Service- Rackspace Mosso- Amazon Web Services

Cloud Computing leverages

- Virtualization

- Multi-Tenancy

- Massive Scale

- Autonomic Computing

- Distributed Environment

- Security Technologies

- Service Oriented

Security in the Cloud

Only the paranoid survive!

- Key issuestrust, trust, multi-tenancy, trust, encryption, compliance

- Massive complex systems running on functional units

- Certification & Audit

- Loss of physical control

- Interoperability

- Accountability

please, keep in mind that

- Shared hell:- Hardware- Memory- Disks- NIC's (Virtual)

- Cache Snooping- Hypervisor Attacks- Persistent Root Kits- Password Cracking

- Broken or stolen key rings / authorization federation

- Never ending logs

Great things do come

- Provisioning and fault tolerance

- Rapid reconstitution of services

- Storage fragmented

- Security layers (auth, firewall, logging, )

- Network and Security perimeters

- Virtual Zoning

- Think it all over again

Challenges

- Data dispersal and international privacy laws

- Isolation management & Multi-Tenancy

- Certification (SAS 70 Type II audits and ISO 27001)

- Data ownership

- QoS & SLA's garantees

- Secure Hypervisors

- Credentials

Challenges

- Massive outages

- Service bottle necks; DNS as your best friend

- Encryption needscloud resources, applications, storage, services

- Disaster recovery and contingency plans

- If you have it on Auto mode, you won't see it coming

- Honey for hackers

ToDo

- Network with VPN and VLAN's

- SLA's; read the fine prints

- Backup and recover often; Risk assessment

- Log (out of there) as if the world ended tomorrow

- Plan for failure

- YOU secure!!! Encrypt data before transmission!!!

- Sandbox, Sandbox, Sandbox

You're not alone

- Security GroupsIBM; SUN Oracle; Amazon; PCCA; ICCV

- Cloud Security Alliance (awesome guide!!)

- OpenCloud Manifesto & Amazon Security Paper

- Cloud Computing ML at Google Groups

- Legal Cloud's

- Vivek Kundra - USA CTO, did it, so as Facebook,New York Times and Nasdaq (on AWS)

Wrap up

- Plan

- Encrypt

- Backup

- Secure

- Audit

- Sandbox (check my sapo codebits talk)- http://codebits.sapo.pt/files/aws_23.pdf

- Trust

?

mail: vd@prt.scsite: http://vitordomingos.com