cloud expo europe 2014: practical methods to improve your security in the cloud
DESCRIPTION
Slides from solution architect Mark Thomas' talk at Cloud Expo Europe 2014.TRANSCRIPT
Practical methods to improve your security in the cloud
www.databarracks.com | 2www.databarracks.com | 2
WHO WE ARE
Mark ThomasSolutions Architect
Formerly Director of Cloud Professional Services, EMEA at Virtustream, Mark is the Solutions Architect at Databarracks. An expert in cloud technology, data centre infrastructure and virtualisation, Mark has worked with major clients such as HSBC, Field Fisher Waterhouse and Allied Irish Bank.
www.databarracks.com | 3
About Databarracks
• Nuclear bunker data centre,
certified & accredited
Secure & Compliant
• Pedigree and understanding of storage
High Performance & Flexibility
www.databarracks.com | 4
Databarracks customers
Security – from the service provider
www.databarracks.com | 6www.databarracks.com | 6
Data centres & locations
www.databarracks.com | 7www.databarracks.com | 7
Certifications
• Externally audited yearly
• Penetration tested yearly
This is what we do – but what can you do?
www.databarracks.com | 9www.databarracks.com | 9
Pen Testing
Supplier testing
• Required for supplier compliance
• Testing of the entire platform
Your own testing
• May be required for your specific compliance
• Test your exact servers
www.databarracks.com | 10www.databarracks.com | 10
Access
THIS IS OFTEN THE WEAKEST LINK
Federation• Integrating your AD into access• Manage access across multiple clouds• Works for IaaS, PaaS & SaaS
www.databarracks.com | 11www.databarracks.com | 11
Access2 factor authentication• Knowledge factor• Possession factor
• Again – IaaS, PaaS & SaaS
This is now very common – online banking and even Gmail use it
= LESS RESISTANCE FROM USERS
www.databarracks.com | 12www.databarracks.com | 12
Firewalls
(Just for Infrastructure as a Service)
• Ring-fence your environment• Advanced intrusion detection & prevention
www.databarracks.com | 13www.databarracks.com | 13
Encryption
What, where and when?• VPNs• Arrays• Files within the VM• The entire VM
www.databarracks.com | 13
www.databarracks.com | 14www.databarracks.com | 14
Encryption
VPN• Why?• Why not?• Already doing it?• Can I do it myself?
www.databarracks.com | 14
www.databarracks.com | 15www.databarracks.com | 15
Encryption
Array encryption• Why?• Why not?• Already doing it?• Can I do it myself?
www.databarracks.com | 15
www.databarracks.com | 16www.databarracks.com | 16
Encryption
Files within the VMs• Why?• Why not?• Already doing it?• Can I do it myself?
www.databarracks.com | 16
www.databarracks.com | 17www.databarracks.com | 17
Encryption
The entire VM• Why?• Why not?• Already doing it?• Can I do it myself?
www.databarracks.com | 17
Can you take an unsecured cloud and make it secure?
Thank you