Security and the Cloud - Cloud Object Storage · 2014-05-13 · Cloud vs. cloud activity Pros and cons Cloud security Home/stand-alone security Questions Joshua Fialkoff // TestVault

5/13/2014

1

Security and the

CloudJoshua Fialkoff, TestVault

5/13/2014

2

About Me

● 18 years of programming and product management

for the web

● Master’s in computer

engineering

● Brain computer

interfacing research

● Technology consulting

● TestVaultJoshua Fialkoff // TestVault // (212) 369-1263 // [email protected]

5/13/2014

3

Disclaimer

Joshua Fialkoff // TestVault // (212) 369-1263 // [email protected]

a cloud-based data management system

5/13/2014

4

Why are you here?

Use the web

smarter


5/13/2014

5

Overview

● What is the “cloud”?

● Cloud alternatives

● Cloud vs. cloud activity

● Pros and cons

● Cloud security

● Home/stand-alone security

● Questions


5/13/2014

6

What is the “Cloud”

● Simply, the Internet● Technically:

o Distributedo Generally, off-site

o Generally, publicly accessible


5/13/2014

7

“My cloud is private”

● There is no private on the internet.

● What is a private internet resource?o Password protection

o Firewall

o Obfuscation

o EncryptionJoshua Fialkoff // TestVault // (212) 369-1263 // [email protected]

5/13/2014

8

What are the alternatives?

● Stand-alone, but...

o cloud synchronization

o cloud storage

o other cloud access

o cloud accessible

o if you can access the internet, the internet can

access you.

● Cloud vs. Cloud Activity


5/13/2014

9

Recognizing Cloud Activity

● Downloading lab results

● Electronic tax filing

● Report publishing

● Calendar synchronization

across devices

● Emailing

● Others?


5/13/2014

10

Cloud Pros and Cons

● Pros

o accessible from anywhere

o and by any device

o easy to share data

o data safety

o no limit on resources

o no resources to maintain

o managed by security

experts


● Cons

o transmitted data

o centralized data

o requires an internet

connection

o subject to outages

o publicly accessible

o often sharing server space

5/13/2014

11

Cloud security (outline)

● Anatomy of a cloud

transaction

● Security measures

o Encryption

o Firewalls

o Physical security

o Policy


5/13/2014

12

Cloud transaction

1. I ask for a web page

2. Look up address for server

3. Send request info

4. Received by application

server

5. Process request

6. Send response


5/13/2014

13

Cloud security: Encryption

● HTTPS

o public/private key

● Data encryption

o 2-way

● Password encryption

o ideally 1-way


5/13/2014

14

Encryption: Public/Private Key

1. Exchange public keys

2. Sender encrypts message with recipient’s public key.

3. Recipient receives data and

decrypts with private key.


5/13/2014

15

Encryption: Data Encryption

1. Encrypt data with a key

stored somewhere else.

2. Decrypt data with that same

key when you need the

data.


5/13/2014

16

Encryption: Password Encryption

1. When password is set,

encrypt it with a 1-way encryption algorithm

2. When logging in, encrypt

user’s input with same algorithm

3. Compare result from 2 to result from 1


5/13/2014

17

Cloud transaction

1. I ask for a web page

2. Look up address for server

3. Send request info

4. Received by application

server

5. Process request

6. Send response


5/13/2014

18



transaction


o Encryption

o Firewalls

o Physical security

o Policy


5/13/2014

19

Cloud security: Firewalls

● Network

● Application


5/13/2014

20

Firewalls: Network

● Where is the information coming from?

● What is the destination?

● Stateful


5/13/2014

21

Firewalls: Application

● Protocol (e.g., http) specific

● Virus protection

● Website restriction


5/13/2014

22



transaction


o Firewalls

o Encryption

o Physical security

o Policy


5/13/2014

23

Cloud security: Physical

● Key-card/biometric

restricted entry

● Security personnel

● Video surveillance

● Alarm system

● Fire detection and suppression systems


5/13/2014

24



transaction


o Firewalls

o Encryption

o Physical security

o Policy


5/13/2014

25

Cloud security: Policy

● Risk management

● Employee background checking

● Access logging

● Employee departure

● Safeguarding passwords

● Log monitoring


5/13/2014

26

Overview




● Pros and cons

● Cloud security


● Questions


5/13/2014

27

What protects a stand-alone system?

● Obfuscation

● Little to gain (generally)

● Service provider firewall

● Home firewall

● Operating system firewall

● Restricted access

● Encryption?


5/13/2014

28

Overview




● Pros and cons

● Cloud security


● Questions


5/13/2014

29

Thank You

Joshua Fialkoff // TestVaultEmail: [email protected]

Phone: (212) 369-1263

LinkedIn: http://goo.gl/QTXW6U


Documents

Security and the Cloud - Cloud Object Storage · 2014-05-13 · Cloud vs. cloud activity Pros and cons Cloud security Home/stand-alone security Questions Joshua Fialkoff // TestVault