Understanding the Implications of Cloud Computing on Application Security

De OWASP
Saltar a: navegación, buscar

The presentation

Owasp logo normal.jpg
Cloud Computing paradigms spell fundamental changes for where your applications run, the platforms on which they run, who controls these platforms and the boundaries corporate data crosses. The speaker will address the distinct security challenges posed by each of the three Cloud Computing models: Infrastructure as a Service (IaaS), where hosted servers, software and network equipment are deployed in the cloud; Platforms as a Service (PaaS), where the organization develops its own applications, but does so within the provider's framework or specified platform; and Software as a Service (SaaS), where the organization trusts its application to both the provider's hardware and software. What steps should you take in each case to protect your data? Companies that choose not to use the Cloud model at all run a different risk-- rogue departments doing it anyway. What is a logical, predictable, and mature approach to adopting Cloud Computing?

The speaker

Dennis Hurst is a Senior Security Engineer for HP Software, and heads a team of web application security experts. Prior to HP, Dennis was a Developer Security Evangelist for S.P.I. Dynamics, Inc., acquired by HP in August 2007. Dennis is an expert in system design, implementation and maintenance of complex multi-vendor, multi-platform computer applications and networks. He was the lead developer of SPI Dynamics’ flagship web application vulnerability assessment product, WebInspect™, and now works with other development organizations evangelizing the need to integrate security into the Software Development Lifecycle (SDLC). Dennis is a founding member of the Cloud Security Alliance, and recently co-wrote the application security section of the “Security Guidance for Critical Areas of Focus in Cloud Computing.”