Cloudifornication: Indiscriminate Information Intercourse Involving Internet Infrastructure presented at BlueHat 2009

by Chris Hoff (Cisco Systems ),

Tags: Security

Summary : What was in is now out.
This metaphor holds true not only as an accurate analysis of adoption trends of disruptive technology and innovation in the enterprise, but also parallels the amazing velocity of how our data centers are being re-perimiterized and quite literally turned inside out thanks to cloud computing and virtualization.
One of the really scary things that is happening with the massive convergence of virtualization and cloud computing is its effect on security models and the information they are designed to protect. Where and how our data is created, processed, accessed, stored, backed up and destroyed in what is sure to become massively overlaid cloud-based services ñ and by whom and using whose infrastructure ñ yields significant concerns related to security, privacy, compliance, and survivability.
Further, the "stacked turtle" problem becomes incredibly scary as the notion of nested clouds becomes reality: cloud SaaS providers depending on cloud IaaS providers which rely on cloud network providers. It's a house of, well, turtles.
We will show multiple cascading levels of failure associated with relying on cloud-on-cloud infrastructure and services, including exposing flawed assumptions and untested theories as they relate to security, privacy, and confidentiality in the cloud, with some unique attack vectors.