Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, April 18 • 11:50am - 12:30pm
Cloud Security: We're doing it wrong.

Sign up or log in to save this to your schedule and see who's attending!

Most companys today have taken the age old security models and "Virtualized" them to be used in todays "cloud" market. Vendors have come to market with "Virtual" Firewalls, IPS, HIPS/HIDS, etc that all claim to be the pancea that solves your cloud "security" issues. The problem exists when we rely our "virtual" security infrastructure to protect our sensative 'real' information.

During this talk we will walk through the current state of Virtualization security. We will look at products both free ( as in speech, and as in beer) , and commercial products -- and show where they fail and how; in some cases they leave you in a worse position after implementing.

The hypervisor is a huge attack surface; there’s no defense in depth when your only security controls are provided by the provider (Hypervisor vendor, cloud provider, etc ). How do you gain visibility into a system that by design is constructed to keep you out?

Whether it is IAAS or PASS, Public or Private - there is no good compensating control around a system that is closed and only allows access to very specific parts, and uses a "trust me" security methodology.

As a community we need to innovate, leverage different ways to address our security concerns, get rid of the "catsup" on "ketchup" approach to Cloud security, piling on legacy security infrastrucutre up and down the stack, duplicating efforts along the way.

This presentation will outline where our current security strategys fail, and can be circumvented -- and also gives insite on how to make things better going forward. 

 


Speakers
JS

John Stauffacher

John Stauffacher (@g33kspeed) is a Principal Consultant with the Accuvant Labs Technology Services team where he performs incident response planning and application security defense projects for clients. As part of the Technology Services team, John's core function is to provide expert level consultation to clients as well as deliver training and knowledge enrichment. John has held high level technical certifications with major security vendors... Read More →


Thursday April 18, 2013 11:50am - 12:30pm
A107+108+109 (Portland Convention Center) 777 NE Martin Luther King Jr Blvd Portland, OR 97232

Attendees (203)