Wednesday, March 10, 2010

March 2010 AWSome Meeting - Cloud Security

Last night’s AWSome Atlanta meeting was about Virtualization and Cloud Security topics. Taylor Banks presented about 50 slides on the different things to pay attention to, first in a virtualized environment, then in a Cloud. He correctly pointed out that all the issues with virtualization are also present in a Cloud environment, so make sure you get them right the first time.

Taylor was a good presenter, though I do wonder when he managed to get a breath in. He talked a lot, but he wasn’t rambling. He was noticeably excited and involved in the materials he was presenting.

Very early on he presented an new acronym that I think I’ll start using : K.I.S.S.M.Y.A.S.S

Meaning:
Keep It Simple, Stupid Make Your Architecture Simpler to Secure

Yes he mentioned it a few more times during the presentation.

He also said something very profound:
Cloud Security is often more of a process than technology
Yes securing the servers and services is important, but aren’t you already doing that in your self-hosted environments? So Cloud Security is about making decisions about what data you are sharing, how important the data is, what formats you are protecting it in and who can access it.

Taylor also took a few shots at the pundits around Cloud Security and did a pretty funny impression of a DBA. He had a comical routine about how giving two different DBAs identical SQL Server instances in a VM, but only telling one that it was a VM. You can guess what he was making fun of ;-)

The presentation is here.

Taylor’s twitter handle is @TaylorBanks.