For many of the same reasons that software-as-a-service is catching on with enterprise buyers, delivering web services on top of infrastructure-as-a-service architectures is appealing to the SaaS developers. Operational agility, lower CapEx, and a broad array of tools and services are on tap that make both public and private IaaS clouds a great platform to build on. But how do you do this securely, especially in the public cloud where you have no access to the network or hypervisor your servers are running in?
Furthermore, for many SaaS providers, the person charged with security considerations isn’t a CSO or IT specialist, but rather, a “DevOps” guru – someone with their hands in both development and operations. While the traditional security professional is focused on compliance and security rules, this new crop is more concerned with continuous development and high availability.
In this session, CloudPassage Chief Evangelist, Andrew Hay, will break down the top security considerations that are specific to the cloud and offer practical steps for securing cloud-based application development. He’ll also address the following:
Why perimeter-centric and hypervisor-based security doesn’t work in the cloud
Which components of cloud security are the customer’s responsibility and which belong to the service providers
Which layers of security are the must-haves for those just getting started
Why the cloud server itself has to be self-defending (i.e. if you put a server out into the cloud, usually it’s being attacked within 30 minutes)