Securing the cloud

  • View
    227

  • Download
    0

Embed Size (px)

Text of Securing the cloud

  1. 1. SECURING THE CLOUD ERWIN GEIRNAERTCO-FOUNDER ZION SECURITY
  2. 2. 693.000.000 SEARCH RESULTS And everybody has to say something about cloud security, including me!
  3. 3. 25 YEARS OF CLOUD Domain Name System (DNS)
  4. 4. SECURE CLOUD?
  5. 5. SECURE CLOUD?
  6. 6. WHATS IN A NAME SECURE CLOUDCLOUD SECURITY Secure environment Security-as-aservice In an (external) datacenter Multi-tenant SLA Buy online Mail security Web security Web application security Vulnerability scanning Anti-virus Anti-malware
  7. 7. WHAT IS NOT CLOUD Virtual version of hardware appliance Next Generation Hosting
  8. 8. CLOUD SECURITY ALLIANCE Security Control & Compliance
  9. 9. SECURE CLOUD REQUIREMENTS Secure datacenter Secure network Secure infrastructure Secure OS Secure application Secure Keep-it-running Secure employees Secure logging
  10. 10. COMPARING CLOUDS Which one is the best?
  11. 11. WHAT WE SEE Traditional hosting providers still struggle to secure their classical hosting environment Web site security offering = SSL certificates! Shared hosting is bad for security but follow the same approach to setup cloud Hosting providers use other cloud providers services Without the client his knowledge Without any legal binding contract Without any SLA In a different country Belgian Court has a lot of problems with non-Belgian hosting Inadequate logging of the cloud provider Takes a lot of time to get the information with a court order Most providers dont give information or too late Insider threat: employees with a company credit card We found a cheap cloud provider in Russia called SpamEngine
  12. 12. WHAT IS NOT THE RIGHT WAY The DIY approach is not leveraging the power of a secure cloud: Installing & configuring your virtual firewall Installing & configuring your web application firewall Install your Operating System Patching yourself Monitoring yourself Do your own software installations & upgrades
  13. 13. MALWARE ATTACKS Most cloud-based applications and cloud administration require only username/passwordMalware like ZeuS/SpyEye that attack homebanking also collect credentials Twitter/Facebook/ Salesforce.com? Amazon AWS? Credentials are sold on Internet and automatically abused by malware running in the cloud Require from your cloud provider: Strong authentication SSL VPN for remote management IP blocking Logging + logging + logging + logging
  14. 14. SECURE CLOUD INNOVATIONS
  15. 15. SOME THOUGHTS FISA: Foreign Intelligence Surveillance Act Data stored in the US can be inspected and copied Without telling you. Just think about data encryption Where are the keys stored? How are you sure it is really encrypted? Same for China: What is stored in China is copied! A new U.S. intelligence report declares the most active and persistent perpetrator of economic espionage is China http://www.defensenews.com/story.php?i=8160472&&s=T OP
  16. 16. WHAT YOU NEED Moving to the cloud can be a security catalysator for your existing infrastructure and applications! Moving is not copying your virtual machines!!!!!!!!!!!!!!! Stay in the European Union with all your data Log everything to a different cloud provider or on-premise Do not trust the logo on the flashy web site, review the audit reports Monitor the SLA Classify data and locations
  17. 17. ADVANCED CLOUD HACKING CIA Drone landed in IRAN - GPS SPOOFING
  18. 18. SECURITY FOR LIFE Music for Life 2011 We do give a shit!
  19. 19. QUESTIONS erwin.geirnaert@zionsecurity.com@ZIONSECURITY www.zionsecurity.com www.zionsecured.com