Life In The Clouds: A Service Provider'S View presented at OWASP Appsec 2010

by Michael Smith (Akamai),

Tags: Security Cloud


Summary : Even though IT managers have been pushing towards cloud computing in recent years, people are just now starting to come to grasps with the implications of security in cloud solutions. There has been much talk about the security of cloud providers but there has been a noticeable absence of vendors willing to come forward and talk about their security program other than "trust us, we have a lot of customers".

This presentation is designed to be a behind-the-scenes look at the security program, products, and features of a typical "clued-in" cloud provider and covers the following:

* The true meaning of DNS--"Does Not Scale" and one--off contract requirements
* How cloud providers approach compliance standards
* Why security certification for vendors is both right and wrong
* How security product management works in a cloud vendor world
* Cloud features that actually help you do your security job: APIs, managment interfaces, and scalability
* Uniquely cloud solutions to uniquely cloud security problems: CloudAudit, FedRAMP, built-in alerting, and more

Michael Smith : Michael Smith serves as Akamai’s Security Evangelist and is the customer-facing ambassador from the Information Security Team, helping customers to understand both the internal security program and the unique security features and capabilities of the Akamai product portfolio and cloud-based solutions. Mr Smith fulfils a cross-functional role as a liaison between security, sales, product management, compliance, engineering, professional services, and marketing. Prior to joining Akamai, Mr Smith served as an embedded security engineer, security officer for a managed service provider, and security assessment team lead. He is an adjunct professor for Carnegie Mellon University and teaches through the non-profit Potomac Forum.