State of OpenStack Security

Transcript

1. ©2014 Nebula, Inc. All rights reserved. State of OpenStack Security

   Bryan D. Payne Director of Security Research May 1, 2014

2. ©2014 Nebula, Inc. All rights reserved. My Background • Focused

   on security my entire career • Spent a few years in school

3. ©2014 Nebula, Inc. All rights reserved. Nebula One DevOPs/Test Apps

   & Workloads Media Apps & Workloads Other … Apps & Workloads Social Collaboration Apps & Workloads Big Data + Analytics Apps & Workloads Mobile Apps & Workloads Compute Storage Network Identity/Security Management/Orchestration/API Interface Turnkey Infrastructure as a Service (IaaS) Block Object 1000+  companies  contributing  to  OpenStack Industry Standard Servers

4. ©2014 Nebula, Inc. All rights reserved. OSSG HISTORY

5. None
6. None
7. None
8. None
9. None
10. None
11. None
12. None
13. None
14. None
15. None
16. None
17. None
18. None
19. None
20. None
21. None
22. None
23. None
24. None
25. None
26. None
27. None
28. None
29. None
30. None
31. None
32. None
33. None
34. None
35. None
36. None

37. ©2014 Nebula, Inc. All rights reserved. LOOKING FORWARD

38. ©2014 Nebula, Inc. All rights reserved. Key OSSG Projects •

    OpenStack Security Guide (aka “the book”) • OpenStack Security Notes (OSSN) • Threat Modeling & Analysis

39. ©2014 Nebula, Inc. All rights reserved. Mid-Term Goals • Quality

    work in three key projects • More formal acceptance in community • Increase collaboration with core devs

40. ©2014 Nebula, Inc. All rights reserved. OpenStack Projects “The Glue”

    Improve available security Document best practices Simplify security compliance Work with builders, ops, users

41. ©2014 Nebula, Inc. All rights reserved. QUESTIONS Email: bryan.payne@nebula.com Twitter:

    @bdpsecurity