old man yells at cloud computing
play

Old Man Yells at Cloud Computing Presented by: Terry Labach - PowerPoint PPT Presentation

Mar 02, 2023 •517 likes •920 views

Old Man Yells at Cloud Computing Presented by: Terry Labach Information Security Services, IST December 4, 2019 Old Man Yells at Cloud Computing Old Man Yells at Cloud Computing PAGE 2 The plan for today Whats all this cloud

  1. Old Man Yells at Cloud Computing Presented by: Terry Labach Information Security Services, IST December 4, 2019

  2. Old Man Yells at Cloud Computing Old Man Yells at Cloud Computing PAGE 2

  3. The plan for today  What’s all this cloud computing stuff?  Security, isn’t that what we’re paying for?  What could possibly go wrong?  What is to be done?  What is to be done? Old Man Yells at Cloud Computing PAGE 3

  4. What is cloud computing? “A distributed system is a system where I can’t get my work done because a computer has failed because a computer has failed that I’ve never even heard of.” Leslie Lamport, c. 1990 Old Man Yells at Cloud Computing PAGE 4

  5. What is cloud computing? “A distributed system cloud is a system where I can’t get my work done because a computer has done because a computer has failed that I’ve never even heard of.” Leslie Lamport , c. 1990 Me, today Old Man Yells at Cloud Computing PAGE 5

  6. No, really, what is cloud computing? Cloud computing can be viewed in many ways…  a collection of technologies  an operational model  an operational model  a business model  provision of computing resources from a shared infrastructure Old Man Yells at Cloud Computing PAGE 6

  7. Cloud computing infrastructure models  Public cloud  Using resources wholly hosted and operated off your premises by a 3 rd party cloud service provider  Resources provided by infrastructure that is also used by other clients  Private cloud Private cloud  Using resources provided by infrastructure only used by your organization, whether hosted on-site or elsewhere  Hybrid cloud  Using both of the above models Old Man Yells at Cloud Computing PAGE 7

  8. Cloud computing service models  Infrastructure as a service (IaaS)  computing infrastructure, provisioned and managed over the internet  Software as a service (SaaS)  allows users to connect to and use apps over the Internet  allows users to connect to and use apps over the Internet  Platform as a service (PaaS)  complete development and deployment environment in the cloud Old Man Yells at Cloud Computing PAGE 8

  9. Cloud computing operation models  Mimic traditional data centre concepts of servers, platforms, networking, etc.  This can result in users misconfiguring or inefficiently using cloud resources because they are thinking about traditional architectures. architectures. Old Man Yells at Cloud Computing PAGE 9

  10. So cloud computing is?  Using someone else's computers! Old Man Yells at Cloud Computing PAGE 10

  11. Where can I get some sweet, sweet cloud?  Microsoft Azure  Amazon Web Service (AWS), Amazon Elastic Compute Cloud (EC2)  Google Cloud Platform  Google Cloud Platform  And many others… Old Man Yells at Cloud Computing PAGE 11

  12. Clouds with benefits  can save money  faster to provision  can be more secure  can reduce downtime Old Man Yells at Cloud Computing PAGE 12

  13. Clouds with benefits?  can save money (or not)  faster to provision  can be more secure (or not)  can reduce downtime (or not) Old Man Yells at Cloud Computing PAGE 13

  14. Why are you scared of clouds?  Have you ever really looked at them? Old Man Yells at Cloud Computing PAGE 14

  15. Why are you scared of clouds?  Misconceptions about the cloud mean that organizations do not manage cloud resources as they should.  Let’s look at a recent, well-publicized example. Old Man Yells at Cloud Computing PAGE 15

  16. The Capital One breach  Capital One is one of the largest banks in the United States  In 2019, a lone hacker managed to obtain the sensitive personal information of more than 100 million people, despite security measures  Capital One didn’t become aware of the breach until more than  Capital One didn’t become aware of the breach until more than three months after the fact Old Man Yells at Cloud Computing PAGE 16

  17. What happened?  Hacker exploited a flaw in a firewall on an Amazon Web Services cloud server  Firewall had been misconfigured, allowing it access to all resources belonging to the client  The attacker crafted web requests that were passed through the firewall and resulted in data being returned from the underlying databases because they appeared to in data being returned from the underlying databases because they appeared to coming from the misconfigured firewall  Server Side Request Forgery (SSRF)  "AWS was not compromised in any way and functioned as designed," Amazon said in a statement Old Man Yells at Cloud Computing PAGE 17

  18. The Capital One breach revealed  What We Can Learn from the Capital One Hack  https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/  Preventing The Capital One Breach  https://ejj.io/blog/capital-one  https://ejj.io/blog/capital-one  Information on the Capital One Cyber Incident  https://www.capitalone.com/facts2019/ Old Man Yells at Cloud Computing PAGE 18

  19. But I thought that the cloud was more secure? You’re expecting this level of security… Old Man Yells at Cloud Computing PAGE 19

  20. Nope! …but this is what you get. Old Man Yells at Cloud Computing PAGE 20

  21. Security is not a commodity  Cloud vendors don’t understand:  your business processes  the sensitivity of your data  your legal and other requirements Old Man Yells at Cloud Computing PAGE 21

  22. What do cloud vendors think about security?  "The AWS Cloud has a shared responsibility model. AWS manages security of the cloud. You are responsible for security in the cloud.“  https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf Old Man Yells at Cloud Computing PAGE 22

  23. So, what can go wrong with cloud security?  In general:  errors to configure services as desired to protect data and operations  refusal to follow security policy due to ignorance or hubris, leading to breaches and problems  failure to monitor operations and flag anomalies for investigation, preventing detection of flaws Old Man Yells at Cloud Computing PAGE 23

  24. Data breaches  Hackers stole the personal data of 57 million customers and drivers from Uber in October 2016  Company concealed the hack for more than a yearand paid hackers $100,000 to delete info.  Loss included names, email addresses and phone numbers of 50 million Uber riders  Loss included names, email addresses and phone numbers of 50 million Uber riders and personal information of about 7 million drivers  Attackers accessed a private GitHub coding site used by Uber software engineers  Used login credentials they obtained there to access data stored on Amazon Web Services Old Man Yells at Cloud Computing PAGE 24

  25. Misconfiguration  Information on over 120 million American households was found in a massive database left exposed on the web in 2017 by marketing analytics company Alteryx  Included addresses, ethnicity, interests and hobbies, income, right down to what kind of mortgage the house was under and how many children lived at the property.  248 different data fields for each household  248 different data fields for each household  Data was sitting in Amazon Web Services storage  Open to anyone with an AWS account Old Man Yells at Cloud Computing PAGE 25

  26. Architecture design failure  Accenture left private data across four unsecured cloud servers, exposing highly sensitive passwords and secret decryption keys that could be used to decrypt traffic between Accenture and its customers  Data could be downloaded without a password  Some passwords were stored in plaintext  Some passwords were stored in plaintext  Credentials also found that appear to relate to Accenture's access to Google's Cloud Platform and Microsoft's Azure Old Man Yells at Cloud Computing PAGE 26

  27. Account hijacking  In 2014, attacker gained access to the AWS control panel of company Code Spaces and demanded money in exchange for relinquishing control  Company refused, and attacker began deleting data and virtual machines  There were replicated services and backups, but those were all controllable from the same control panel same control panel  This destroyed the company Old Man Yells at Cloud Computing PAGE 27

  28. Insecure interfaces  Facebook data breach affecting over 50 million accounts  Vulnerability introduced into code in July 2017 and only discovered in September 2018  Attackers used “View As,” a feature that lets people see what their own profile looks like to another Facebook user. The vulnerability resulted in the generation of an access token that had the permissions of the Facebook mobile app, not for the access token that had the permissions of the Facebook mobile app, not for the viewer, but for the other Facebook user, which could be used to take over their account Old Man Yells at Cloud Computing PAGE 28

Recommend

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing Understanding: Distributed Application Design Resource Management Automation Virtualized Computing Environments High-performance Computing

1.02k views • 49 slides
The MNM-CloudLab -- Ideas, Concepts & Implemenation 17.7. 22.7. 2011 Nils gentschen Felde

The MNM-CloudLab -- Ideas, Concepts & Implemenation 17.7. 22.7. 2011 Nils gentschen Felde

DEUTSCH-FRANZSISCHE SOMMERUNIVERSITT UNIVERSIT DT FRANCO-ALLEMANDE FR NACHWUCHSWISSENSCHAFTLER 2011 POUR JEUNES CHERCHEURS 2011 CLOUD COMPUTING : CLOUD COMPUTING : CLOUD COMPUTING : CLOUD COMPUTING : DFIS ET OPPORTUNITS

965 views • 50 slides
What is the Cloud? Simply put, Cloud Computing is the delivery of computing services,

What is the Cloud? Simply put, Cloud Computing is the delivery of computing services,

What is the Cloud? Simply put, Cloud Computing is the delivery of computing services, including Servers, Storage, Databases, Networking, Software, Analytics and Intelligence over the Internet (The Cloud) to offer faster innovation,

338 views • 13 slides
CLOUD COMPUTING Overview of Use, Benefits, and Risks of Commercial Cloud Computing Commercial

CLOUD COMPUTING Overview of Use, Benefits, and Risks of Commercial Cloud Computing Commercial

CLOUD COMPUTING Overview of Use, Benefits, and Risks of Commercial Cloud Computing Commercial Cloud Computing PRESENTED TO HOUSE COMMITTEE ON GOVERNMENT TRANSPARENCY & OPERATION LEGISLATIVE BUDGET BOARD STAFF April 5, 2016 Statement of

373 views • 8 slides
Cloud Computing Tom Hendrickx RESEARCH QUESTION Define Cloud Computing in context of the higher

Cloud Computing Tom Hendrickx RESEARCH QUESTION Define Cloud Computing in context of the higher

Cloud Computing Tom Hendrickx RESEARCH QUESTION Define Cloud Computing in context of the higher education and research community in general and of an NREN in specific. CLOUD COMPUTING SaaS PaaS STaaS IaaS Utility GRID computing

458 views • 9 slides
Getting Started with Cloud Computing Niels Olof Bouvin 1 Overview What is Cloud Computing?

Getting Started with Cloud Computing Niels Olof Bouvin 1 Overview What is Cloud Computing?

Getting Started with Cloud Computing Niels Olof Bouvin 1 Overview What is Cloud Computing? Hosting Domain names Secure communication 2 The Cloud? Not just marketing-speak for someone elses computer (though it is that too ) Cloud

1k views • 36 slides
Cloud Computing and Cloud Storage By: Maurice Kelly History of Internet and Cloud Computing

Cloud Computing and Cloud Storage By: Maurice Kelly History of Internet and Cloud Computing

Cloud Computing and Cloud Storage By: Maurice Kelly History of Internet and Cloud Computing Internet began in the 1950s Internet has been quite revolutoinary due to its lightning fast communication privelages and data sharing. Cloud

378 views • 6 slides
MESSAGING FOR THE CLOUD with and Hadrian Zbarcea & Jamie Goodyear Cloud Computing

MESSAGING FOR THE CLOUD with and Hadrian Zbarcea & Jamie Goodyear Cloud Computing

MESSAGING FOR THE CLOUD with and Hadrian Zbarcea & Jamie Goodyear Cloud Computing "Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g.,

707 views • 31 slides
Linux Containers Drive P2P Social Cloud Computing By Alex Karasulu Social cloud computing ,

Linux Containers Drive P2P Social Cloud Computing By Alex Karasulu Social cloud computing ,

Linux Containers Drive P2P Social Cloud Computing By Alex Karasulu Social cloud computing , generalizes cloud computing to include the sharing, bartering and renting of computing resources across peers whose owners and operators are verified

641 views • 31 slides
Spatial Cloud Computing how could geographers use and help to shape cloud computing? Chaowei Phil

Spatial Cloud Computing how could geographers use and help to shape cloud computing? Chaowei Phil

Spatial Cloud Computing how could geographers use and help to shape cloud computing? Chaowei Phil Yang, Co-Director Center for Intelligent Spatial Computing Associate Professor, Geography and GeoInformation Science George Mason Univ., Fairfax,

513 views • 7 slides
Cloud Computing SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a

Cloud Computing SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a

Cloud Security & Cryptography I Cloud Computing SENY KAMARA MICROSOFT RESEARCH Computing as a Service 2 Computing is a vital resource Enterprises, governments, scientists, consumers, Computing is manageable at small

955 views • 51 slides
Spatial Cloud Computing how could geographers use and help to shape cloud computing? Chaowei Phil

Spatial Cloud Computing how could geographers use and help to shape cloud computing? Chaowei Phil

Spatial Cloud Computing how could geographers use and help to shape cloud computing? Chaowei Phil Yang, Co-Director Center of Intelligent Spatial Computing for Water/Energy Sciences Associate Professor, Geography and GeoInformation Science

137 views • 10 slides
CLOUD-SCALE INFORMATION RETRIEVAL Ken Birman, CS5412 Cloud Computing Styles of cloud computing

CLOUD-SCALE INFORMATION RETRIEVAL Ken Birman, CS5412 Cloud Computing Styles of cloud computing

CS5412 Spring 2015 1 CLOUD-SCALE INFORMATION RETRIEVAL Ken Birman, CS5412 Cloud Computing Styles of cloud computing 2 Think about Facebook We normally see it in terms of pages that are image- heavy But the tags and comments and

779 views • 51 slides
Big Data for Data Science Cloud Computing event.cwi.nl/lsde Cloud computing What?

Big Data for Data Science Cloud Computing event.cwi.nl/lsde Cloud computing What?

Big Data for Data Science Cloud Computing event.cwi.nl/lsde Cloud computing What? Computing resources as a metered service (pay as you go) Ability to dynamically provision virtual machines Why? Cost: capital vs.

721 views • 36 slides
Cloud Tutorial: AWS IoT CSE 520S Spring, Jan. 16, 2020 Ruixuan Dai XaaS: Basics in Cloud

Cloud Tutorial: AWS IoT CSE 520S Spring, Jan. 16, 2020 Ruixuan Dai XaaS: Basics in Cloud

Cloud Tutorial: AWS IoT CSE 520S Spring, Jan. 16, 2020 Ruixuan Dai XaaS: Basics in Cloud Computing Cloud Computing Cloud computing provides shared pool of configurable computing resource to end users on demand Three service models q IaaS

510 views • 47 slides
Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted

Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted

CS573 Data Privacy and Security Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted data Homomorphic encryption What is Cloud Computing ? Cloud computing Type of computing that relies on sharing

1.29k views • 62 slides
Chapter 4 Cloud Computing Applications and Paradigms Cloud Computing: Theory and Practice. 1

Chapter 4 Cloud Computing Applications and Paradigms Cloud Computing: Theory and Practice. 1

Chapter 4 Cloud Computing Applications and Paradigms Cloud Computing: Theory and Practice. 1 Dan C. Marinescu Chapter 4 Contents Challenges for cloud computing. Existing cloud applications and new opportunities. Architectural

874 views • 36 slides
Cloud Computing for the Humanities Graham Wilcock University of Helsinki What is Cloud

Cloud Computing for the Humanities Graham Wilcock University of Helsinki What is Cloud

Cloud Computing for the Humanities Graham Wilcock University of Helsinki What is Cloud Computing? Run your app in the cloud Using somebody elses computers Computing resources on-demand Like electricity, or pizza delivery

508 views • 28 slides
Large Scale Data Engineering Cloud Computing event.cwi.nl/lsde Cloud computing What?

Large Scale Data Engineering Cloud Computing event.cwi.nl/lsde Cloud computing What?

Large Scale Data Engineering Cloud Computing event.cwi.nl/lsde Cloud computing What? Computing resources as a metered service (pay as you go) Ability to dynamically provision virtual machines Why? Cost: capital vs.

830 views • 38 slides
cloud computing Ridwaan Boda Director | Technology, Media and Telecommunications Overview

cloud computing Ridwaan Boda Director | Technology, Media and Telecommunications Overview

cloud computing Ridwaan Boda Director | Technology, Media and Telecommunications Overview What is cloud computing? Types of cloud computing services Benefits of cloud computing Key risks associated with cloud computing

553 views • 37 slides
Terminology Chapter 1 Cloud Computing Advantages and Disadvantages

Terminology Chapter 1 Cloud Computing Advantages and Disadvantages

Cloud Computing Concepts, Models, and Terminology Chapter 1 Cloud Computing Advantages and Disadvantages https://www.youtube.com/watch?v=ojDnOyIQeJU Topics Cloud Service Models Cloud Delivery Models and Services Cloud

641 views • 28 slides
Cloud Computing Challenges and Opportunities 17.7. 22.7. 2011 Ernst Biersack

Cloud Computing Challenges and Opportunities 17.7. 22.7. 2011 Ernst Biersack

DEUTSCH-FRANZSISCHE SOMMERUNIVERSITT UNIVERSIT D T FRANCO-ALLEMANDE FR NACHWUCHSWISSENSCHAFTLER 2011 POUR JEUNES CHERCHEURS 2011 CLOUD COMPUTING : CLOUD COMPUTING : DFIS ET OPPORTUNITS HERAUSFORDERUNGEN UND

403 views • 22 slides
Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing Storage Computation High availability No maintenance Decreased Costs Elasticity & Flexibility Security and Privacy for Cloud

529 views • 36 slides
Cloud Tutorial: AWS IoT CSE 521S Fall Sep. 17, 2020 Ruixuan (Corey) Dai XaaS: Basics in Cloud

Cloud Tutorial: AWS IoT CSE 521S Fall Sep. 17, 2020 Ruixuan (Corey) Dai XaaS: Basics in Cloud

Cloud Tutorial: AWS IoT CSE 521S Fall Sep. 17, 2020 Ruixuan (Corey) Dai XaaS: Basics in Cloud Computing Cloud Computing Cloud computing provides shared pool of configurable computing resource to end users on demand Three service models q

706 views • 47 slides

More recommend