Elastic Security

Icon

Security for the Cloud

July 13, 2011 • 17:28 0

Tendances cloud virtual conference

Yet another french presentation to promote the whitepaper of “Tendances cloud”. And great questions from the more than 90 participants. Thanks to the other contributors and the organizers Salesforce.com and PowerOn.
Please stay tuned for the recording of the conference (in french).
 

Filed under: Cloud Computing, CSA, Elastic Security, IaaS, Presentations, , , ,

July 13, 2011 • 17:12 0

Trust and cloud security conference

Last week I was happy to be part of the conference on Trust and Security for cloud computing, organized by the Pole SCS.  I enjoyed the very good presentations and interesting ideas for collaborative projects. Keep up with the good work Pole SCS. Here are my slides.

Filed under: Cloud Computing, CSA, Discussions, Elastic Security, IaaS, Presentations, , , , , ,

April 3, 2011 • 10:53 0

Presentation at CloudOps

Videos and slides from the CloudOps Summit in Frankfurt are available online.

Here is the video of our Elastic Detector pitch.

Don’t hesitate to contact us if you have questions or if you are interested in a free trial.

Filed under: Internals, Presentations, ,

October 15, 2010 • 10:58 0

Global Security Challenge at Tel-Aviv and THE 2 cloud security questions

I was really pleased to be among the best 4 European start-ups that were in Tel-Aviv last week to participate at the Global Security Challenge. Unfortunately we did not get to the finals but still a very good experience. This competition has a broad security scope, for example there were companies focusing on water security and physical security. IT security is as well very important and even touches critical industrial systems as shown by the stuxnet incident.

On the other hand, I was impressed by the Israeli ecosystem on security technologies and I expect that some of the global security players continue to start from here.

Nevertheless, I found puzzling that the 2 most frequent questions everyone asked me about cloud security, were somewhat contradictory:

  • Is it possible to secure the cloud?
  • What’s new about the cloud that needs new security measures?

So, it seems to suggest that on one hand it is a too big problem to solve and on the other hand that the cloud is more hype than something really new that brings new security requirements.

The easy answer for both questions is to refer to the Cloud Security Alliance, where we did a comprehensive work about these issues, specially on problem statement. Moreover, I try always to enumerate what I believe are the root causes of the cloud security problems and the main differences between public and private clouds. Then I really believe that we need to focus on specific problems and then trying to find solutions. For instance, concerning the problem of lack of visibility on the cloud (API logs on Amazon Web services to give a concrete example), we might think of a gateway (working as a proxy) that logs (and optionally controls) the API usage.

After the long and interesting discussions at Tel-Aviv, I’ll over simplify and draw one hypothesis.

The 2 questions come from the people perception on the “cloud” and it may boil down to the following rephrased questions:

  • Is it possible to secure the PUBLIC cloud?
  • What’s new about the PRIVATE cloud that needs new security measures?

Before trying to answer these questions, I would love to hear what you think about the hypothesis.

Sergio

PS> good luck for the Global Security Challenge finalists

Filed under: AWS, CSA, Discussions, IaaS, Presentations, Uncategorized

July 14, 2010 • 12:05 0

Cloud Computing: Hype or Revolution?

What is cloud computing? What different clouds exist? What are the differences between the different shapes? What do they have in common? What’s new? How big is the cloud? And which cloud is best for me?

Here are the slides of my presentation at BarCamp Sophia Antipolis 2010.

Filed under: IaaS, Presentations,

June 24, 2010 • 12:06 0

Cloud Security Presentation at IBM

I was glad to represent the Cloud Security Alliance at IBM La Gaude. The goal was to give an overview of cloud security issues focusing on the 7 top threats and then review the most important guidelines to IBM partners. Slides here.

It was interesting to see that cloud adoption is rising fast (even in Europe ;-) ), thanks to the efforts of IBM and other major players such as Cap Gemini. Of course, there is still a lot of hype and “cloud washing” at one hand and security concerns at the other, which have a negative effect on the adoption of cloud technology, but many tools are ready for production and real world projects are running in the cloud worldwide in lot of different domains. For example, there was a nice presentation about tools for cloud integration, and it will be interesting to see how the Cast Iron acquisition will influence the IBM cloud strategy.

However, in my opinion security tools for cloud environments are still lacking. As a consequence, private cloud is today’s answer to address the general and sometimes abstract concern with security in the cloud. A better approach would be to drill down each security risk (the CSA identified 13 different domains) and build concrete solutions for each of them.

Filed under: CSA, IaaS, Presentations

December 18, 2009 • 13:12 0

Slides of the brighttalk summit on Public, Private & Hybrid Clouds

Here they are, enjoy

Filed under: BrightTalk Summit, Discussions, Presentations

Twitter Updates

Follow

Get every new post delivered to your Inbox.