Understanding the Implications of Cloud Computing on Application Security

Revision as of 14:39, 3 August 2009 by Jeremy.long (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The presentation

Owasp logo normal.jpg
Cloud Computing paradigms spell fundamental changes for where your applications run, the platforms on which they run, who controls these platforms and the boundaries corporate data crosses. The speaker will address the distinct security challenges posed by each of the three Cloud Computing models: Infrastructure as a Service (IaaS), where hosted servers, software and network equipment are deployed in the cloud; Platforms as a Service (PaaS), where the organization develops its own applications, but does so within the provider's framework or specified platform; and Software as a Service (SaaS), where the organization trusts its application to both the provider's hardware and software. What steps should you take in each case to protect your data? Companies that choose not to use the Cloud model at all run a different risk-- rogue departments doing it anyway. What is a logical, predictable, and mature approach to adopting Cloud Computing?

The speaker

Dennis Hurst is a Senior Security Engineer for HP Software. Prior to HP, Dennis was a Developer Security Evangelist for S.P.I. Dynamics, Inc. acquired by HP in August 2007. Dennis is also the head of a team of Security Engineers who are web application security experts that assist prospective and current customers with their web application security requirements. With more than 15 years experience in the Information Systems/Application Development industry, Dennis is an expert in system design, implementation and maintenance of complex multi-vendor, multi-platform computer applications and networks. He has extensive experience in planning, developing, and enhancing Internet systems as well as integrating Internet systems with legacy systems. He was the lead developer of SPI Dynamics' flagship web application vulnerability assessment product, WebInspect©, during the initial years of the product's development, and now works with other development organizations evangelizing the need to integrate security into the Software Development Lifecycle (SDLC).

Of note: Dennis is a founding member of the Cloud Security Alliance, and recently wrote the application security section of the "Security Guidance for Critical Areas of Focus in Cloud Computing."