portuguese cloud computing architects - 2nd meeting
TRANSCRIPT
- Weather forecast -partly cloudy, cooler and with some fog
by Vitor Domingosweatherman
Vitor [email protected]://vitordomingos.com
- cloud computing & security consultant- thenextweb.com editor- mobilemonday.net PT founder- videocaster (http://alt.prt.sc)
- ex failed entrepreneur- ex ITIJ / MJ- ex CGD- ex forumB2B- ex Maxitel- ex Jazztel
* as seen on regular weather channel
Cloud Computing is ?
- Network as a cloud
- Network is the computer (SUN moto)
- TCP/IP abstraction (1st cloud)
- www data abstraction (2nd cloud)
- Virtualization (3rd cloud)
Bottom line:
- Virtualization done right, with webservices
Cloud Computing is !
- on-demand self-service
- ubiquitous network access
- location independent resource pooling
- rapid elasticity and capacity
- measured service
- pay as you go
- abstract resources
CCaaS
- Software as a Service
- SalesForce
- Platform as a Service
- Google App Engine- Microsoft Azure
- Infrastructure as a Service- Rackspace Mosso- Amazon Web Services
Cloud Computing leverages
- Virtualization
- Multi-Tenancy
- Massive Scale
- Autonomic Computing
- Distributed Environment
- Security Technologies
- Service Oriented
Security in the Cloud
Only the paranoid survive!
- Key issuestrust, trust, multi-tenancy, trust, encryption, compliance
- Massive complex systems running on functional units
- Certification & Audit
- Loss of physical control
- Interoperability
- Accountability
please, keep in mind that
- Shared hell:- Hardware- Memory- Disks- NIC's (Virtual)
- Cache Snooping- Hypervisor Attacks- Persistent Root Kits- Password Cracking
- Broken or stolen key rings / authorization federation
- Never ending logs
Great things do come
- Provisioning and fault tolerance
- Rapid reconstitution of services
- Storage fragmented
- Security layers (auth, firewall, logging, )
- Network and Security perimeters
- Virtual Zoning
- Think it all over again
Challenges
- Data dispersal and international privacy laws
- Isolation management & Multi-Tenancy
- Certification (SAS 70 Type II audits and ISO 27001)
- Data ownership
- QoS & SLA's garantees
- Secure Hypervisors
- Credentials
Challenges
- Massive outages
- Service bottle necks; DNS as your best friend
- Encryption needscloud resources, applications, storage, services
- Disaster recovery and contingency plans
- If you have it on Auto mode, you won't see it coming
- Honey for hackers
ToDo
- Network with VPN and VLAN's
- SLA's; read the fine prints
- Backup and recover often; Risk assessment
- Log (out of there) as if the world ended tomorrow
- Plan for failure
- YOU secure!!! Encrypt data before transmission!!!
- Sandbox, Sandbox, Sandbox
You're not alone
- Security GroupsIBM; SUN Oracle; Amazon; PCCA; ICCV
- Cloud Security Alliance (awesome guide!!)
- OpenCloud Manifesto & Amazon Security Paper
- Cloud Computing ML at Google Groups
- Legal Cloud's
- Vivek Kundra - USA CTO, did it, so as Facebook,New York Times and Nasdaq (on AWS)
Wrap up
- Plan
- Encrypt
- Backup
- Secure
- Audit
- Sandbox (check my sapo codebits talk)- http://codebits.sapo.pt/files/aws_23.pdf
- Trust
?
mail: [email protected]: http://vitordomingos.com