Presentation: Tweet"Cloud Security or: How I Learned to Stop Worrying and Love the Cloud"
Over the last years Cloud Computing has become one of the most hyped concepts in IT. The lure is obvious: increased business agility and reduced cost. However, many are worried about security: loss of control and lack of confidentiality. In fact, according to IDC (2010), security is the main worry for companies considering to "move to the cloud".
In this talk we start by looking at why, i.e. the threat landscape, and then move on to how to secure cloud solutions - today and and in the future. For solutions we focus primarily on the architectural landscape, and provide a number of concrete examples on security - or lack thereof - in the cloud. Focus is not so much on contracts, SLAs, governance etc.
Todays solutions include understanding cloud deployment models, getting programmatic access, and knowing how to build secure applications in the cloud - and how not to! We will present a case study based on Dropbox, as well as a number of do's and don'ts based on prototypical cloud solutions.
In the future much better technical solutions will appear, and the talk will be concluded with a glimpse of these. One such solution is using cryptography; not only to protect data at rest, but also to compute on encrypted data! The latter may seem impossible, but this talk will briefly explain how this can be done using technology developed at the Alexandra Institute in collaboration with world-leading cryptographers.