Cloud computing has become an irresistible force in the IT industry, due to the unbeatable efficiencies of warehouse-scale computing infrastructures and the desire of businesses to reduce their CapEx on IT hardware. The most pressing concerns still holding back companies from moving into a public or semi-private cloud environment are security and compliance, and corporate security groups are under pressure to provide solutions that allow their enterprises to benefit from cloud computing technologies while appropriately managing risk. In this talk, we will review several different cloud computing models and discuss the breakdown of security responsibility in each. We will then deconstruct the currently accepted models of enterprise IT and identify which security controls truly matter for most organizations and which are leftovers from an earlier era of computing. The speaker will then propose several architectures that are implementable in current public cloud providers that provide equivalent or better assurance than traditional IT stacks, and discuss which risks can and should be accepted as part of the new computing paradigm. The talk will be aimed at the system architecture, risk management and CIO levels of organizations, and will be best absorbed by attendees with enterprise architecture experience.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.