The Belgian Beer Lovers Guide To Cloud Security presented at BruCON 2009

by Craig Balding (Fortune 500 Financial),

Tags: Security Cloud


Summary : In a hurry? The short version: learn about cloud security and in the process win a tasty Belgian beer by answering easy questions!

When Amazon CEO Jeff Bezos was photographed standing in front of a vintage 1890s electric generator, it was widely assumed he was paying homage to Nick Carr's "electric generator" metaphor of utility computing. This was understandable, but quite wrong. Reminiscent of the Bruce Lee movie where the student is chided for failing to look "out there" instead of staring at his own hand, the cloud commentators failed to notice his surroundings. Bezos -- and the electric generator -- were standing in the middle of a Belgium Brewery! This will be the starting point of our journey through Cloud Security using a fuller flavour metaphor: Belgian beer.

In this presentation I will cover:

* why talking about "cloud" is akin to walking into a Belgian bar and asking for "beer"
* the common cloud architectures and their implications for you - the security dude
* what the beer brewing Trappist Monks can teach us about cloud security
* attacking clouds (aka getting free beer)
* dealing with the hangover: cloud incident response & forensics

Craig Balding: Craig Balding is an IT Security Practitioner at a fast paced banking and finance Fortune 500 where he leads a global team of technical security specialists. He has a decade of hands-on IT Security experience, with over 15 years in the IT industry. He is co-author of “Maximum Security: A Hackers Guide to Protecting Your Network”, CISSP and CISA certified and a British Computing Society Chartered IT Professional (MBCS CITP). He specialises in penetration testing, incident response, forensics, UNIX/Linux and ORACLE security. Craig founded where he blogs about Cloud Computing and Security. He is a co-host of the Cloud Security podcast and has presented at Black Hat Europe, eCrime London and the World Cloud Computing Summit.