State of OpenStack Security

State of OpenStack Security

938bca9547ba1cac3e69d80efd67fe6b?s=128

Bryan Payne

May 01, 2014
Tweet

Transcript

  1. ©2014 Nebula, Inc. All rights reserved. State of OpenStack Security

    Bryan D. Payne Director of Security Research May 1, 2014
  2. ©2014 Nebula, Inc. All rights reserved. My Background • Focused

    on security my entire career • Spent a few years in school
  3. ©2014 Nebula, Inc. All rights reserved. Nebula One DevOPs/Test Apps

    & Workloads Media Apps & Workloads Other … Apps & Workloads Social Collaboration Apps & Workloads Big Data + Analytics Apps & Workloads Mobile Apps & Workloads Compute Storage Network Identity/Security Management/Orchestration/API Interface Turnkey Infrastructure as a Service (IaaS) Block Object 1000+  companies  contributing  to  OpenStack Industry Standard Servers
  4. ©2014 Nebula, Inc. All rights reserved. OSSG HISTORY

  5. None
  6. None
  7. None
  8. None
  9. None
  10. None
  11. None
  12. None
  13. None
  14. None
  15. None
  16. None
  17. None
  18. None
  19. None
  20. None
  21. None
  22. None
  23. None
  24. None
  25. None
  26. None
  27. None
  28. None
  29. None
  30. None
  31. None
  32. None
  33. None
  34. None
  35. None
  36. None
  37. ©2014 Nebula, Inc. All rights reserved. LOOKING FORWARD

  38. ©2014 Nebula, Inc. All rights reserved. Key OSSG Projects •

    OpenStack Security Guide (aka “the book”) • OpenStack Security Notes (OSSN) • Threat Modeling & Analysis
  39. ©2014 Nebula, Inc. All rights reserved. Mid-Term Goals • Quality

    work in three key projects • More formal acceptance in community • Increase collaboration with core devs
  40. ©2014 Nebula, Inc. All rights reserved. OpenStack Projects “The Glue”

    Improve available security Document best practices Simplify security compliance Work with builders, ops, users
  41. ©2014 Nebula, Inc. All rights reserved. QUESTIONS Email: bryan.payne@nebula.com Twitter:

    @bdpsecurity