SlideShare a Scribd company logo

Hey Cloud, it’s the user calling, he says he wants the security back

Alessandro Manfredi
Alessandro Manfredi

Slide for the talk "Hey Cloud, it’s the user calling, he says he wants the security back", presented at Codemotion 2013.

Technology
1 of 63
Alessandro Manfredi Hey Cloud, it’s the user calling, he says he wants the security back alessandro@filerock.com
Agenda Alessandro Manfredi alessandro@filerock.com 1. Cloud computing in a nutshell 2. About cloud security • Guarantees provided by cloud services • Assumptions customers might regret 3. Focus on data security • Data integrity check techniques • The FileRock solution • Demo The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Agenda Alessandro Manfredi alessandro@filerock.com 1. Cloud computing in a nutshell spoiler: 2. About cloud security not many • Guarantees provided by cloud services • Assumptions customers might regret 3. Focus on data security • Data integrity check techniques • The FileRock solution • Demo The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Cloud Computing - What Alessandro Manfredi alessandro@filerock.com Countless definitions and categories... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Cloud Computing - What Alessandro Manfredi alessandro@filerock.com Countless definitions and categories... On demand Cost-effective Scalable etc. etc. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Cloud Computing - How Alessandro Manfredi alessandro@filerock.com How? The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Cloud Computing - How Alessandro Manfredi alessandro@filerock.com How? Consolidated hardware Shared infrastructure Automated provisioning ... Hey, we manage these Remote stuff from remote! administration The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
So what about security? Alessandro Manfredi alessandro@filerock.com “The cloud is built on trust” -- random.choice(cloud_enthusiasts) The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
So what about security? Alessandro Manfredi alessandro@filerock.com “The cloud is built on trust” -- random.choice(cloud_enthusiasts) WE AND OUR AFFILIATES AND LICENSORS MAKE NO THE SERVICE OFFERINGS ARE PROVIDED “AS IS.” REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE REGARDING THE SERVICE OFFERINGS OR THE THIRD PARTY CONTENT, INCLUDING ANY WARRANTY THAT THE SERVICE OFFERINGS OR THIRD PARTY CONTENT WILL BE UNINTERRUPTED, ERROR FREE OR FREE OF HARMFUL COMPONENTS, OR THAT ANY CONTENT, INCLUDING YOUR CONTENT OR THE THIRD PARTY CONTENT, WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED. EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND LICENSORS DISCLAIM ALL WARRANTIES [...] The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
So what about security? Alessandro Manfredi alessandro@filerock.com “The cloud is built on trust” -- random.choice(cloud_enthusiasts) WE AND OUR AFFILIATES AND LICENSORS MAKE NO THE SERVICE OFFERINGS ARE PROVIDED “AS IS.” REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE REGARDING THE SERVICE OFFERINGS OR THE THIRD PARTY CONTENT, INCLUDING ANY WARRANTY THAT THE SERVICE OFFERINGS OR THIRD PARTY CONTENT WILL BE UNINTERRUPTED, ERROR FREE OR FREE OF HARMFUL COMPONENTS, OR THAT ANY CONTENT, INCLUDING YOUR CONTENT OR THE THIRD PARTY CONTENT, WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED. EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND LICENSORS DISCLAIM ALL WARRANTIES [...] Source: https://aws.amazon.com/agreement/ ..do not blame them, it’s common to the ToS of most of the service providers! E.g., see: • https://www.rackspace.com/information/legal/cloud/tos • https://developers.google.com/appengine/terms The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
So what about security? Alessandro Manfredi alessandro@filerock.com “The big guys probably handle security better than how you could do on premise” The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
So what about security? Alessandro Manfredi alessandro@filerock.com “The big guys probably handle security better than how you could do on premise” To some extent, this actually makes sense • Operating on a large scale, they have more resources • Redundant networks, power sources, etc. • Good physical surveillance The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
However... Alessandro Manfredi alessandro@filerock.com Betting on a lot of assumptions that the provider... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Assuming that the provider... Alessandro Manfredi alessandro@filerock.com ... has no malicious intent ... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Assuming that the provider... Alessandro Manfredi alessandro@filerock.com ... has complete control over employees ... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Assuming that the provider... Alessandro Manfredi alessandro@filerock.com ... uses software that never fails ... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Assuming that the provider... Alessandro Manfredi alessandro@filerock.com ... does not introduce security-critical bugs ... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Assuming that the provider... Alessandro Manfredi alessandro@filerock.com ... never screws up ... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Assuming that the provider... Alessandro Manfredi alessandro@filerock.com ... always takes good care of your resources, even if by ToS / SLA they are not legally responsible for any error or damage. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
What can possibly go wrong? Alessandro Manfredi alessandro@filerock.com Wait, what can possibly go wrong with services used by hundreds of millions of customers around the world? The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Mistakes happen Alessandro Manfredi alessandro@filerock.com On June 2011, for few hours any Dropbox account was accessible with any password ( not blaming them, these things can happen ) The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck. Screenshots of web pages can include contents whose license is defined by the relative publisher.
What about enterprise services? Alessandro Manfredi alessandro@filerock.com Ok, but that’s just because it’s a consumer service... It will never happen in an enterprise-class service... Plus everyone now offers two factor authentication. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Even big security firms have security breaches Alessandro Manfredi alessandro@filerock.com Earlier in 2011, RSA was victim of a breach that compromised customers protected by their SecurID ( again, not blaming them, these things can happen ) The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck. Screenshots of web pages can include contents whose license is defined by the relative publisher.
Even when providers behave as you expect... Alessandro Manfredi alessandro@filerock.com Cloud providers must obey the laws enforced in the country where they are based. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Even when providers behave as you expect... Alessandro Manfredi alessandro@filerock.com Cloud providers must obey the laws enforced in the country where they are based. Authorities can access Data might be intentionally your data tampered or made unavailable The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Data security Alessandro Manfredi alessandro@filerock.com Focus on data security The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Data security Alessandro Manfredi alessandro@filerock.com Three main concerns C Confidentiality Integrity I Availability A The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Data security Alessandro Manfredi alessandro@filerock.com Three main concerns C Confidentiality Integrity I Availability A The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Why integrity matters Alessandro Manfredi alessandro@filerock.com The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Why integrity matters Alessandro Manfredi alessandro@filerock.com 1 Data is stored on the cloud The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Why integrity matters Alessandro Manfredi alessandro@filerock.com 2 The provider experiences a fault or a breach. Data gets corrupted. (possibly, a previous version of the data is restored from a backup) The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Why integrity matters Alessandro Manfredi alessandro@filerock.com 3 The user wants to recover his data from the cloud The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Why integrity matters Alessandro Manfredi alessandro@filerock.com 4 Corrupted data is retrieved by the user without any notice The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Why integrity matters Alessandro Manfredi alessandro@filerock.com 5 The corrupted data is used by the user in his own activity, unnoticed. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com 1 Data is stored on the cloud The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com 2 A fingerprint of the whole data set, called basis, is efficiently recomputed The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com 3 The user wants to recover his data from the cloud The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com 4 The software retrieves the data together with a proof of integrity The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com 5 The integrity of the data is checked by matching the proof with the last trusted basis. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
How is that done? Alessandro Manfredi alessandro@filerock.com The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Authenticated Data Structures Alessandro Manfredi alessandro@filerock.com a b c d e f g A B C D The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Authenticated Data Structures Alessandro Manfredi alessandro@filerock.com a basis: a fingerprint of the whole data set b c d e f g A B C D data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Authenticated Data Structures Alessandro Manfredi alessandro@filerock.com a basis: a fingerprint of the whole data set b c kept safe client side, d e f g updated on any data modification A B C D data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com a b c d e f g A B C D The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com a b c d e f g A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com Integrity Proof a b c d e f g A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com a b c d e f g g = hash(D) A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com a b c c = hash(f, g) d e f g g = hash(D) A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com a a = hash(b, c) b c c = hash(f, g) d e f g g = hash(D) A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com must match the trusted basis a a = hash(b, c) b c c = hash(f, g) d e f g g = hash(D) A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Integrity check capabilities Alessandro Manfredi alessandro@filerock.com • Verify integrity of the whole dataset • ...including completeness • Work in log(dataset_size) time • Only the basis needs to be stored locally • ...small as the output of an hash function The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Integrity check capabilities Alessandro Manfredi alessandro@filerock.com • Verify integrity of the whole dataset • ...including completeness • Work in log(dataset_size) time • Only the basis needs to be stored locally • ...small as the output of an hash function • Always work with correct data • Can be used for specific SLAs The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
By the way, if you look at the FileRock ToS... Alessandro Manfredi alessandro@filerock.com As the other services, all warranties are disclaimed. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Your reaction... Alessandro Manfredi alessandro@filerock.com Are you kidding me? The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
The FileRock Solution Alessandro Manfredi alessandro@filerock.com • Open source client • Client-side encryption • Encryption keys never shared with the service • Client-side integrity check • Data replication • Local replication (synchronization) • Remote replication (cross-provider)* *not implemented yet The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
The FileRock Solution Alessandro Manfredi alessandro@filerock.com • Open source client Available on • Client-side encryption • Encryption keys never shared with the service • Client-side integrity check • Data replication • Local replication (synchronization) • Remote replication (cross-provider)* *not implemented yet The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
FileRock: how it looks now Alessandro Manfredi alessandro@filerock.com The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
FileRock Toolkit Demo Alessandro Manfredi alessandro@filerock.com The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
FileRock - Try it Alessandro Manfredi alessandro@filerock.com https://www.filerock.com/register The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
Alessandro Manfredi Hey Cloud, it’s the user calling, he says he wants the security back alessandro@filerock.com @n0on3 in/n0on3
End of the presentation
Images Licenses Free for personal use Public Domain Free for commercial use do not redistribute See the owner note Copyright belongs to the original authors and publishers The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.

Recommended

ExAlg Overview
ExAlg OverviewExAlg Overview
ExAlg OverviewAlessandro Manfredi
 
WhyMCA HappyHour - EUHackathon Part II
WhyMCA HappyHour - EUHackathon Part IIWhyMCA HappyHour - EUHackathon Part II
WhyMCA HappyHour - EUHackathon Part IIAlessandro Manfredi
 
LUG - Ricompilazione kernel
LUG - Ricompilazione kernelLUG - Ricompilazione kernel
LUG - Ricompilazione kernelAlessandro Manfredi
 
Cradle-to-Cradle Design: creating healthy emissions — a strategy for eco-effe...
Cradle-to-Cradle Design: creating healthy emissions — a strategy for eco-effe...Cradle-to-Cradle Design: creating healthy emissions — a strategy for eco-effe...
Cradle-to-Cradle Design: creating healthy emissions — a strategy for eco-effe...Valter Wei
 
LUG - Logical volumes management
LUG - Logical volumes managementLUG - Logical volumes management
LUG - Logical volumes managementAlessandro Manfredi
 
LUG - Install Fest 2008
LUG - Install Fest 2008LUG - Install Fest 2008
LUG - Install Fest 2008Alessandro Manfredi
 
Connect (4|n)
Connect (4|n)Connect (4|n)
Connect (4|n)Alessandro Manfredi
 
Cradle To Cradle
Cradle To CradleCradle To Cradle
Cradle To Cradlescorpio86
 

Recommended

ExAlg Overview
ExAlg OverviewExAlg Overview
ExAlg OverviewAlessandro Manfredi
 
WhyMCA HappyHour - EUHackathon Part II
WhyMCA HappyHour - EUHackathon Part IIWhyMCA HappyHour - EUHackathon Part II
WhyMCA HappyHour - EUHackathon Part IIAlessandro Manfredi
 
LUG - Ricompilazione kernel
LUG - Ricompilazione kernelLUG - Ricompilazione kernel
LUG - Ricompilazione kernelAlessandro Manfredi
 
Cradle-to-Cradle Design: creating healthy emissions — a strategy for eco-effe...
Cradle-to-Cradle Design: creating healthy emissions — a strategy for eco-effe...Cradle-to-Cradle Design: creating healthy emissions — a strategy for eco-effe...
Cradle-to-Cradle Design: creating healthy emissions — a strategy for eco-effe...Valter Wei
 
LUG - Logical volumes management
LUG - Logical volumes managementLUG - Logical volumes management
LUG - Logical volumes managementAlessandro Manfredi
 
LUG - Install Fest 2008
LUG - Install Fest 2008LUG - Install Fest 2008
LUG - Install Fest 2008Alessandro Manfredi
 
Connect (4|n)
Connect (4|n)Connect (4|n)
Connect (4|n)Alessandro Manfredi
 
Cradle To Cradle
Cradle To CradleCradle To Cradle
Cradle To Cradlescorpio86
 
A (fun!) Comparison of Docker Vulnerability Scanners
A (fun!) Comparison of Docker Vulnerability ScannersA (fun!) Comparison of Docker Vulnerability Scanners
A (fun!) Comparison of Docker Vulnerability ScannersJohn Kinsella
 
Vortex 2.0 -- The Industrial Internet of Things Platform
Vortex 2.0 -- The Industrial Internet of Things PlatformVortex 2.0 -- The Industrial Internet of Things Platform
Vortex 2.0 -- The Industrial Internet of Things PlatformAngelo Corsaro
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysisCarlo Dapino
 
Presentation copy
Presentation copyPresentation copy
Presentation copyAdel Zalok
 
DiamondFox Malware 2017
DiamondFox Malware 2017DiamondFox Malware 2017
DiamondFox Malware 2017CEO Magazyn Polska
 
Securing Content in the Cloud
Securing Content in the CloudSecuring Content in the Cloud
Securing Content in the CloudETCenter
 
Firefox security (prasanna)
Firefox security (prasanna) Firefox security (prasanna)
Firefox security (prasanna) ClubHack
 
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...Amazon Web Services
 
True Image Enterprise User Guide Eng
True Image Enterprise User Guide EngTrue Image Enterprise User Guide Eng
True Image Enterprise User Guide Engguest52eeb2
 
Azure Virtual Network Tutorial | Azure Virtual Machine Tutorial | Azure Train...
Azure Virtual Network Tutorial | Azure Virtual Machine Tutorial | Azure Train...Azure Virtual Network Tutorial | Azure Virtual Machine Tutorial | Azure Train...
Azure Virtual Network Tutorial | Azure Virtual Machine Tutorial | Azure Train...Edureka!
 
Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4bpasdar
 
The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...
The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...
The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...Angelo Corsaro
 
Fog Computing Defined
Fog Computing DefinedFog Computing Defined
Fog Computing DefinedAngelo Corsaro
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Codemotion
 
Seclore FileSecure IBM Filenet Walkthrough
Seclore FileSecure IBM Filenet WalkthroughSeclore FileSecure IBM Filenet Walkthrough
Seclore FileSecure IBM Filenet Walkthroughsiddarthc
 
Cloud security part one
Cloud security part oneCloud security part one
Cloud security part oneEbenezerKotapuriFIEI
 
Firefox (in)Security
Firefox (in)SecurityFirefox (in)Security
Firefox (in)SecurityPrasanna Kanagasabai
 
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS securityAWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS securityAmazon Web Services
 
Free Course - Infrastructure Security Consultant course by Carlo Dapino
Free Course - Infrastructure Security Consultant course by Carlo DapinoFree Course - Infrastructure Security Consultant course by Carlo Dapino
Free Course - Infrastructure Security Consultant course by Carlo DapinoCarlo Dapino
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

More Related Content

Similar to Hey Cloud, it’s the user calling, he says he wants the security back

A (fun!) Comparison of Docker Vulnerability Scanners
A (fun!) Comparison of Docker Vulnerability ScannersA (fun!) Comparison of Docker Vulnerability Scanners
A (fun!) Comparison of Docker Vulnerability ScannersJohn Kinsella
 
Vortex 2.0 -- The Industrial Internet of Things Platform
Vortex 2.0 -- The Industrial Internet of Things PlatformVortex 2.0 -- The Industrial Internet of Things Platform
Vortex 2.0 -- The Industrial Internet of Things PlatformAngelo Corsaro
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysisCarlo Dapino
 
Presentation copy
Presentation copyPresentation copy
Presentation copyAdel Zalok
 
Securing Content in the Cloud
Securing Content in the CloudSecuring Content in the Cloud
Securing Content in the CloudETCenter
 
Firefox security (prasanna)
Firefox security (prasanna) Firefox security (prasanna)
Firefox security (prasanna) ClubHack
 
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...Amazon Web Services
 
True Image Enterprise User Guide Eng
True Image Enterprise User Guide EngTrue Image Enterprise User Guide Eng
True Image Enterprise User Guide Engguest52eeb2
 
Azure Virtual Network Tutorial | Azure Virtual Machine Tutorial | Azure Train...
Azure Virtual Network Tutorial | Azure Virtual Machine Tutorial | Azure Train...Azure Virtual Network Tutorial | Azure Virtual Machine Tutorial | Azure Train...
Azure Virtual Network Tutorial | Azure Virtual Machine Tutorial | Azure Train...Edureka!
 
Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4bpasdar
 
The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...
The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...
The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...Angelo Corsaro
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Codemotion
 
Seclore FileSecure IBM Filenet Walkthrough
Seclore FileSecure IBM Filenet WalkthroughSeclore FileSecure IBM Filenet Walkthrough
Seclore FileSecure IBM Filenet Walkthroughsiddarthc
 
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS securityAWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS securityAmazon Web Services
 
Free Course - Infrastructure Security Consultant course by Carlo Dapino
Free Course - Infrastructure Security Consultant course by Carlo DapinoFree Course - Infrastructure Security Consultant course by Carlo Dapino
Free Course - Infrastructure Security Consultant course by Carlo DapinoCarlo Dapino
 

Similar to Hey Cloud, it’s the user calling, he says he wants the security back (20)

A (fun!) Comparison of Docker Vulnerability Scanners
A (fun!) Comparison of Docker Vulnerability ScannersA (fun!) Comparison of Docker Vulnerability Scanners
A (fun!) Comparison of Docker Vulnerability Scanners
 
Vortex 2.0 -- The Industrial Internet of Things Platform
Vortex 2.0 -- The Industrial Internet of Things PlatformVortex 2.0 -- The Industrial Internet of Things Platform
Vortex 2.0 -- The Industrial Internet of Things Platform
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysis
 
Presentation copy
Presentation copyPresentation copy
Presentation copy
 
DiamondFox Malware 2017
DiamondFox Malware 2017DiamondFox Malware 2017
DiamondFox Malware 2017
 
Securing Content in the Cloud
Securing Content in the CloudSecuring Content in the Cloud
Securing Content in the Cloud
 
Firefox security (prasanna)
Firefox security (prasanna) Firefox security (prasanna)
Firefox security (prasanna)
 
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...
Mythical Mysfits - Monolith to microservices with Docker and Fargate - MAD305...
 
True Image Enterprise User Guide Eng
True Image Enterprise User Guide EngTrue Image Enterprise User Guide Eng
True Image Enterprise User Guide Eng
 
Azure Virtual Network Tutorial | Azure Virtual Machine Tutorial | Azure Train...
Azure Virtual Network Tutorial | Azure Virtual Machine Tutorial | Azure Train...Azure Virtual Network Tutorial | Azure Virtual Machine Tutorial | Azure Train...
Azure Virtual Network Tutorial | Azure Virtual Machine Tutorial | Azure Train...
 
Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4
 
The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...
The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...
The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...
 
Fog Computing Defined
Fog Computing DefinedFog Computing Defined
Fog Computing Defined
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
 
Seclore FileSecure IBM Filenet Walkthrough
Seclore FileSecure IBM Filenet WalkthroughSeclore FileSecure IBM Filenet Walkthrough
Seclore FileSecure IBM Filenet Walkthrough
 
Cloud security part one
Cloud security part oneCloud security part one
Cloud security part one
 
Firefox (in)Security
Firefox (in)SecurityFirefox (in)Security
Firefox (in)Security
 
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS securityAWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
 
Free Course - Infrastructure Security Consultant course by Carlo Dapino
Free Course - Infrastructure Security Consultant course by Carlo DapinoFree Course - Infrastructure Security Consultant course by Carlo Dapino
Free Course - Infrastructure Security Consultant course by Carlo Dapino
 

Recently uploaded

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 

Recently uploaded (20)

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 

Hey Cloud, it’s the user calling, he says he wants the security back

  • 1. Alessandro Manfredi Hey Cloud, it’s the user calling, he says he wants the security back alessandro@filerock.com
  • 2. Agenda Alessandro Manfredi alessandro@filerock.com 1. Cloud computing in a nutshell 2. About cloud security • Guarantees provided by cloud services • Assumptions customers might regret 3. Focus on data security • Data integrity check techniques • The FileRock solution • Demo The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 3. Agenda Alessandro Manfredi alessandro@filerock.com 1. Cloud computing in a nutshell spoiler: 2. About cloud security not many • Guarantees provided by cloud services • Assumptions customers might regret 3. Focus on data security • Data integrity check techniques • The FileRock solution • Demo The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 4. Cloud Computing - What Alessandro Manfredi alessandro@filerock.com Countless definitions and categories... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 5. Cloud Computing - What Alessandro Manfredi alessandro@filerock.com Countless definitions and categories... On demand Cost-effective Scalable etc. etc. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 6. Cloud Computing - How Alessandro Manfredi alessandro@filerock.com How? The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 7. Cloud Computing - How Alessandro Manfredi alessandro@filerock.com How? Consolidated hardware Shared infrastructure Automated provisioning ... Hey, we manage these Remote stuff from remote! administration The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 8. So what about security? Alessandro Manfredi alessandro@filerock.com “The cloud is built on trust” -- random.choice(cloud_enthusiasts) The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 9. So what about security? Alessandro Manfredi alessandro@filerock.com “The cloud is built on trust” -- random.choice(cloud_enthusiasts) WE AND OUR AFFILIATES AND LICENSORS MAKE NO THE SERVICE OFFERINGS ARE PROVIDED “AS IS.” REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE REGARDING THE SERVICE OFFERINGS OR THE THIRD PARTY CONTENT, INCLUDING ANY WARRANTY THAT THE SERVICE OFFERINGS OR THIRD PARTY CONTENT WILL BE UNINTERRUPTED, ERROR FREE OR FREE OF HARMFUL COMPONENTS, OR THAT ANY CONTENT, INCLUDING YOUR CONTENT OR THE THIRD PARTY CONTENT, WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED. EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND LICENSORS DISCLAIM ALL WARRANTIES [...] The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 10. So what about security? Alessandro Manfredi alessandro@filerock.com “The cloud is built on trust” -- random.choice(cloud_enthusiasts) WE AND OUR AFFILIATES AND LICENSORS MAKE NO THE SERVICE OFFERINGS ARE PROVIDED “AS IS.” REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE REGARDING THE SERVICE OFFERINGS OR THE THIRD PARTY CONTENT, INCLUDING ANY WARRANTY THAT THE SERVICE OFFERINGS OR THIRD PARTY CONTENT WILL BE UNINTERRUPTED, ERROR FREE OR FREE OF HARMFUL COMPONENTS, OR THAT ANY CONTENT, INCLUDING YOUR CONTENT OR THE THIRD PARTY CONTENT, WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED. EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND LICENSORS DISCLAIM ALL WARRANTIES [...] Source: https://aws.amazon.com/agreement/ ..do not blame them, it’s common to the ToS of most of the service providers! E.g., see: • https://www.rackspace.com/information/legal/cloud/tos • https://developers.google.com/appengine/terms The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 11. So what about security? Alessandro Manfredi alessandro@filerock.com “The big guys probably handle security better than how you could do on premise” The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 12. So what about security? Alessandro Manfredi alessandro@filerock.com “The big guys probably handle security better than how you could do on premise” To some extent, this actually makes sense • Operating on a large scale, they have more resources • Redundant networks, power sources, etc. • Good physical surveillance The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 13. However... Alessandro Manfredi alessandro@filerock.com Betting on a lot of assumptions that the provider... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 14. Assuming that the provider... Alessandro Manfredi alessandro@filerock.com ... has no malicious intent ... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 15. Assuming that the provider... Alessandro Manfredi alessandro@filerock.com ... has complete control over employees ... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 16. Assuming that the provider... Alessandro Manfredi alessandro@filerock.com ... uses software that never fails ... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 17. Assuming that the provider... Alessandro Manfredi alessandro@filerock.com ... does not introduce security-critical bugs ... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 18. Assuming that the provider... Alessandro Manfredi alessandro@filerock.com ... never screws up ... The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 19. Assuming that the provider... Alessandro Manfredi alessandro@filerock.com ... always takes good care of your resources, even if by ToS / SLA they are not legally responsible for any error or damage. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 20. What can possibly go wrong? Alessandro Manfredi alessandro@filerock.com Wait, what can possibly go wrong with services used by hundreds of millions of customers around the world? The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 21. Mistakes happen Alessandro Manfredi alessandro@filerock.com On June 2011, for few hours any Dropbox account was accessible with any password ( not blaming them, these things can happen ) The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck. Screenshots of web pages can include contents whose license is defined by the relative publisher.
  • 22. What about enterprise services? Alessandro Manfredi alessandro@filerock.com Ok, but that’s just because it’s a consumer service... It will never happen in an enterprise-class service... Plus everyone now offers two factor authentication. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 23. Even big security firms have security breaches Alessandro Manfredi alessandro@filerock.com Earlier in 2011, RSA was victim of a breach that compromised customers protected by their SecurID ( again, not blaming them, these things can happen ) The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck. Screenshots of web pages can include contents whose license is defined by the relative publisher.
  • 24. Even when providers behave as you expect... Alessandro Manfredi alessandro@filerock.com Cloud providers must obey the laws enforced in the country where they are based. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 25. Even when providers behave as you expect... Alessandro Manfredi alessandro@filerock.com Cloud providers must obey the laws enforced in the country where they are based. Authorities can access Data might be intentionally your data tampered or made unavailable The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 26. Data security Alessandro Manfredi alessandro@filerock.com Focus on data security The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 27. Data security Alessandro Manfredi alessandro@filerock.com Three main concerns C Confidentiality Integrity I Availability A The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 28. Data security Alessandro Manfredi alessandro@filerock.com Three main concerns C Confidentiality Integrity I Availability A The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 29. Why integrity matters Alessandro Manfredi alessandro@filerock.com The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 30. Why integrity matters Alessandro Manfredi alessandro@filerock.com 1 Data is stored on the cloud The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 31. Why integrity matters Alessandro Manfredi alessandro@filerock.com 2 The provider experiences a fault or a breach. Data gets corrupted. (possibly, a previous version of the data is restored from a backup) The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 32. Why integrity matters Alessandro Manfredi alessandro@filerock.com 3 The user wants to recover his data from the cloud The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 33. Why integrity matters Alessandro Manfredi alessandro@filerock.com 4 Corrupted data is retrieved by the user without any notice The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 34. Why integrity matters Alessandro Manfredi alessandro@filerock.com 5 The corrupted data is used by the user in his own activity, unnoticed. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 35. Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 36. Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com 1 Data is stored on the cloud The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 37. Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com 2 A fingerprint of the whole data set, called basis, is efficiently recomputed The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 38. Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com 3 The user wants to recover his data from the cloud The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 39. Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com 4 The software retrieves the data together with a proof of integrity The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 40. Integrity check, from 10.000 ft Alessandro Manfredi alessandro@filerock.com 5 The integrity of the data is checked by matching the proof with the last trusted basis. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 41. How is that done? Alessandro Manfredi alessandro@filerock.com The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 42. Authenticated Data Structures Alessandro Manfredi alessandro@filerock.com a b c d e f g A B C D The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 43. Authenticated Data Structures Alessandro Manfredi alessandro@filerock.com a basis: a fingerprint of the whole data set b c d e f g A B C D data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 44. Authenticated Data Structures Alessandro Manfredi alessandro@filerock.com a basis: a fingerprint of the whole data set b c kept safe client side, d e f g updated on any data modification A B C D data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 45. Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com a b c d e f g A B C D The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 46. Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com a b c d e f g A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 47. Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com Integrity Proof a b c d e f g A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 48. Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com a b c d e f g g = hash(D) A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 49. Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com a b c c = hash(f, g) d e f g g = hash(D) A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 50. Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com a a = hash(b, c) b c c = hash(f, g) d e f g g = hash(D) A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 51. Example: Integrity check for “D" Alessandro Manfredi alessandro@filerock.com must match the trusted basis a a = hash(b, c) b c c = hash(f, g) d e f g g = hash(D) A B C D D = data The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 52. Integrity check capabilities Alessandro Manfredi alessandro@filerock.com • Verify integrity of the whole dataset • ...including completeness • Work in log(dataset_size) time • Only the basis needs to be stored locally • ...small as the output of an hash function The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 53. Integrity check capabilities Alessandro Manfredi alessandro@filerock.com • Verify integrity of the whole dataset • ...including completeness • Work in log(dataset_size) time • Only the basis needs to be stored locally • ...small as the output of an hash function • Always work with correct data • Can be used for specific SLAs The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 54. By the way, if you look at the FileRock ToS... Alessandro Manfredi alessandro@filerock.com As the other services, all warranties are disclaimed. The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 55. Your reaction... Alessandro Manfredi alessandro@filerock.com Are you kidding me? The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 56. The FileRock Solution Alessandro Manfredi alessandro@filerock.com • Open source client • Client-side encryption • Encryption keys never shared with the service • Client-side integrity check • Data replication • Local replication (synchronization) • Remote replication (cross-provider)* *not implemented yet The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 57. The FileRock Solution Alessandro Manfredi alessandro@filerock.com • Open source client Available on • Client-side encryption • Encryption keys never shared with the service • Client-side integrity check • Data replication • Local replication (synchronization) • Remote replication (cross-provider)* *not implemented yet The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 58. FileRock: how it looks now Alessandro Manfredi alessandro@filerock.com The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 59. FileRock Toolkit Demo Alessandro Manfredi alessandro@filerock.com The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 60. FileRock - Try it Alessandro Manfredi alessandro@filerock.com https://www.filerock.com/register The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.
  • 61. Alessandro Manfredi Hey Cloud, it’s the user calling, he says he wants the security back alessandro@filerock.com @n0on3 in/n0on3
  • 62. End of the presentation
  • 63. Images Licenses Free for personal use Public Domain Free for commercial use do not redistribute See the owner note Copyright belongs to the original authors and publishers The images used in this presentation are covered by different licenses, see the “Images Licenses” at the end of the deck.