We are getting used to the fast pace of innovation and new tools brought by Amazon Web Services (AWS), but this week CloudHSM announcement was a surprise. So, you do not trust AWS to store your keys and keeping them outside adds complexity and impacts performance? You want to use AWS but you have critical and confidential data and you need to comply with security standards? The CloudHSM is the answer to these questions.
An Hardware Security Module (HSM) is like a (big) smartcard that is certified and physically protects your keys. When detecting an attack, the first thing the HSM does is to erase the keys in a secure maner.
Nevertheless, the idea of providing HSM as a Service is very innovative, thank you AWS! Nevertheless, this kind of toys do not come cheap and key management (rotation, revocation just to give 2 examples) is always a tricky issue. We look forward to test it and to include the CloudHSM in our reference architectures in AWS!
Filed under: AWS, AWSUG, Cloud Computing, CSA, Elastic Security, IaaS, Privacy, Secure Cloud, Solutions
Vmware has just released a great guide: the official hardening guide for vSphere 5. The terminology has changed and if you are used to the version 4.1, there is a nice companion document to help you compare.
The security of the virtualization layer is fundamental for the security of the cloud infrastructures. This is acknowledged by the Cloud Security Alliance, by making it one of the domains in the guidance document and the virtualization layer is one of the root causes of the top threats to cloud computing as well.
In the hardening guide, I enjoyed the classification on component and subcomponents which helps IaaS security administrators to establish the security perimeter and prioritize the actions.
It is also important that IaaS users understand the services managed by IaaS providers “under the hood” and to draw the line between the shared responsibility of IaaS users and IaaS providers. Ed Moyle of Savvis explains it beautifully in one blog post about compensating controls in the cloud.
So, thank you Vmware for the guide!
Filed under: Elastic Security, IaaS, Secure Cloud, Solutions, Cloud Security, vmware, vsphere
We’ve been busy lately with the second version of Elastic Detector, that supports Amazon EC2, Terremark’s vCloud Express and Eucalyptus. Today we’re thrilled to announce support of another leading cloud infrastructure: HP Cloud. Please find the complete announcement here.
We are strong believers in OpenStack and we have participated to the private beta of HP Cloud, in order to be ready from day one. We are happy to start our partnership with HP Cloud, with the goal of bringing added security services to the HP Cloud customers.
Filed under: Cloud Computing, Elastic Security, IaaS, Solutions, enterprise-it, private beta, security services
Yet another french presentation to promote the whitepaper of “Tendances cloud”
. And great questions from the more than 90 participants. Thanks to the other contributors and the organizers Salesforce.com
Please stay tuned
for the recording of the conference (in french).
Filed under: Cloud Computing, CSA, Elastic Security, IaaS, Presentations, Cloud Computing, Security, top threats, trust
Last week I was happy to be part of the conference
on Trust and Security for cloud computing, organized by the Pole SCS.
I enjoyed the very good presentations and interesting ideas for collaborative projects. Keep up with the good work Pole SCS. Here are my slides.
Filed under: Cloud Computing, CSA, Discussions, Elastic Security, IaaS, Presentations, Cloud Computing, Elastic Security, IaaS, Security, top threats, trust
Sorry to the non-french readers, but I’m often asked for french papers about cloud computing and security. We are proud to be contributors to a french white paper on cloud computing, so here is the link:
Filed under: Cloud Computing, Elastic Security, IaaS, News, SaaS, Secure Cloud, Amazon EC2, Cloud Computing, Elastic Detector, Elastic Security, Monitoring, SaaS, SecludIT, Security, Tutorial
Amazon EC2 administrators have to deal with daily problems such as:
- Ensuring security of new instances,
- Detecting performance and capacity problems,
- Keeping track of the modifications on the infrastructure.
We would like to provide you some insights in our solution to address those problems and to facilitate the life of cloud-administrators by detecting security related issues and events: Elastic Detector. What makes this product unique is that it is fully automated and agentless. You can see how Elastic Detector works on this short video:
Filed under: AWS, Cloud Computing, Elastic Security, IaaS, Internals, Secure Cloud, Solutions, Amazon EC2, AWS, Cloud Computing, Elastic Detector, Elastic Security, Monitoring, SaaS, SecludIT, Security, Tutorial
Two weeks ago, I attended the Solutions Linux french exhibition at Paris. I was proud to be part on a round table on cloud computing and I did a presentation on the security track about how to monitor an Amazon EC2 infrastructure with open source tools and specially nagios. Here are the slides as promised (in french).
Filed under: Uncategorized
I’ve read a very interesting and different post about security in cloud computing and more precisely IaaS (Infrastructure as a Service).
Tons of articles and surveys about security being the major obstacle to cloud computing and lots of FUD are current, but Andreas M. Antonopoulos dared to offer a new perspective of security as THE differentiator of IaaS offerings. I have especially like the part:
“Security is like a liquor license to a restaurant — an opportunity to up-sell each customer with a high-profit margin product to balance out the dismal or loss-leading margins of the core product. Security is the single most profitable differentiator that a service provider can add to IaaS to have any hope of making money. Security is brand-sensitive, labor-intensive, infinitely customizable and difficult to scale. That makes security the perfect differentiator that can add value to a bland IaaS offering.”
As a security provider for IaaS I’ve to strongly agree with this new perspective and we are currently working with hosting companies and IaaS providers in order to make this perspective come true.
For us, the main challenges ahead:
- Heterogeneity: There are several cloud stacks (AWS, OpenStack, VMWare, Nimbula, Eucalyptus just to name a few), so it is hard to build solutions for all and moreover they offer different functionality
- Focus: Security is a real and hard problem (please check the guidelines of the Cloud Security Alliance if you want to go deeper), but we have to focus on customers needs with an incremental approach and try to build solutions for each need (there is no silver bullet)
What do you think about these challenges?
Thanks Andreas for the refreshing article
Filed under: Uncategorized
We have launched a private beta program in December 2010 and first of all we would like to thank all our beta testers for their feedback and comments.
For the last 2 months we have been busy improving Elastic Detector by integrating new features that suit your needs such as more powerful graphs and daily reports. Such features are built on top of our auto-check technology, that allows to ensure the security of your infrastructure with near zero configuration.
We are really excited to announce that the first version of Elastic Detector is ready.
Elastic Detector helps you to achieve full visibility of your Amazon EC2 deployment and monitors your security groups. You may give it a free try for 1 month. Configuration takes only 2 minutes,and then you may check Elastic Detector improving the security of your infrastructure in real time.
We will be very happy to count you among the Elastic Detector Community and we are committed at continuously securing your infrastructure on Amazon EC2.
Filed under: AWS, Cloud Computing, Elastic Security, IaaS, SaaS