Thank You!

In reference to "Eventually cloud security will be BETTER than traditional security"  what time frame do you see this happening in?

can a parameter be placed in effect that could limit this type of activity?

was cornish a current employee when this was done?

on the deletion by james cormish...why were not these backed up?

hello all

Thank you !

So it's back. 

Oops. Where did the audio go? :/

And yet once again, Richard is such a great speaker it's always great to revise his presentations. :)

Indeed, so much ahs changed since last time was here talking about the Cloud over a year ago. 

Listening to the archive again. 

bye

.

.

ah, another recording

hello

Thanks for the information!

Hello from Alabama.

Thank you !

I have looked, but I have never been able to find my name as they indicated on their websites.

I have looked

Has anyone ever found their name on the Internet Evolution Facebook or Twitter pages showing that they have graduated past sessions?

.

Thank you!

Another good session!

Thank you !

Thanks!

Thank you !

thanks

new audio panel

the other aspect is if storm like sandy can mess up with cloud as well

security always a big concern with cloud applications

didnt realize there was another semester this fall again

Thank you !

The future of cloud computing will certainly be one to follow

A lot has changed since the last time he was here at IE

I really enjoyed this presentation

The new audio play sure looks snazzy ;)

I missed the live broadcast. Catching up on audio now...

:)

good day

thanks

thank you

good info

is there an insurance model for such breaches?

even worse what happens if the data is lost or the backup is damaged? what is the liability scenario then?

as someone who works for an insuranc ecompany, how is the CSP liable for the leaked information?

This south carolina breach is a huge disaster, how are they countering its effects

life cannot be any more bleak with regards the vulnrabilites that have to do with cloud computing

Very enlightening webinar

@gcaros: or we could post something like Kaos360. At least we would not loose track of how many posts we made! :-)

@gcaros: Or Sandy!

@gcaros: Especially if work gets in the way and you cannot listen live.

Thank you Richard.

I don't like the fact that I have to make 4 posts to get credit.

What is the Rank:  Cave Painter?

Good Stuff.  Glad I could rewind.  Sometimes I don't hear that fast.

Catching up.  Listened

Just catching up. Did not realize there was a class yesterday.

Thanks for the archive recording; could not make it in yesterday.

thanks!

This was great

1

2

3

Lost my audio.  Refreshing browser brought me back to the start.  Is there anyway to get to the current location in the presentation.

How safe is my data on cloud

thank you

Thanks, very informative class

Whether this drawback will pull the technology down?

How industry is going to address the issue is more important

security is a major concern with cloud

Hi every body, finally we started

i thought i lost the audio but after waiting a few seconds, close to a minute it went back

refreshing browser

audio seems to be choppy

downloading slide

viewing archive

missed it, been in the field

thank you

see you

thank you

See u all "in session" later on....

we must be paranoid...because those with a sense of "positive paranoia" are the ones who survive. :-)

Good Quote Mitch :)

Thanks again Richard

Safe Travels Richard...Look forward to "seeing" you on the web. :-)

have a good flight!!

Thank you Richard!

@Stiennon; good idea however most cloud servers are in major cities and they seem to be the most targeted. I think small cities should be where the servers are incase of terriorist attacks (physical).

Safe flight!

..and to pick up on Richard's thought, assume the worst and hope for the best..the mantra that keeps law enforcement folks alive.

Thanks for joining us, Richard!

"I'm paranoid. But am I paranoid ENOUGH?"

They are calling my flight folks!  Thanks for your time and great questions/discussion.

a backup strategy is key to alleviate the concerns..that's for sure.

I can always get a copy of my data if I can go back in time. There is a copy of your data in every slice of time. If I can only invent that time machine...

Mitch. You can't be sure that a cloud provider's employees are trustworthy. Assume they are not and build your security accordingly. Just like you cannot assure that your own employees are trustworthy. You need controls, continuous monitoring, separation of duties, etc. 

Richard, how can you be sure that a cloud provider's employees are trustworthy? Or can you?

Kim: I think most users of cloud services share your concern. So they host on redundant clouds.

oh. 

jwallace. Not *all* data. Just the data over ATT's network. which is a big part of the Internet.

I'm doubting that given the speed of delivery. I'm not giving our powers at be that much credit and if that is indeed taking place, we're waaaaay ahead of where we think we are. 

Richard, I guess I'm not concerned so much about the data being "hacked" as being mislaid or lost.  Limited liability for the CSP, I suspect, huge problems for the client.

django1.  I hope not. By now I expected there to be a market for secure computers. Other than Mac that does not exist.  I hope that cloud providers that add security will succeed.

@mitch-Yeah!its the one where the NSA dude who got fired robs the entire country!

Yes, really.

So I believe we should store all data in two or more locations. How important it is determines how many places. Security and sync are the two got cha'z

@KSuhr, really?

KSuhr "Keep in mind that all data sent over the internet goes through a national security database before getting to you and you receipient and they can break the code."

come again?

Keep in mind that all data sent over the internet goes through a national security database before getting to you and you receipient and they can break the code.

re Cloud security: Will it be like OSs not being responsible for device breaches. Rent (buy) your own security service, like McAfee, Norton....

KSuhr - That's great for an individual user but it doesn't scale to midsize or big business. 

If it is on your hard drive and an SD card or even a CD then it is redundantly saved. I have three with the same information.

Kim: If the data is encrypted with AES 256 or better I would feel very comfortable with it residing anywhere at all.  As long as the keys were in a strong box somehwere.

Kim, if the data is not stored redundantly it's in danger of being lost. 

Mary: more unprotected data. And horrible recognition of what *should* be protected. SSNs? Um, yes.

aum007 - Is that the one with the "I'm a Mac" guy?

I think an enterprise which needs to retain data for regulatory or legal reasons will need to be very careful about storing unique copies of that data anywhere except inhouse.  Am I too anxious?

@Mitch-you are speaking just like the theme from Die Hard 4!!!!

@Richard: I read a couple of your comments on the recent data breach at South Carolina's revenue dept. Would you categorize that as a case of unprotected cloud?

@Ariella, The  tape read errors was what worried me

Thales also does a good job on PKI-check them out

http://resources.idgenterprise.com/original/AST-0073572_Securing_Your_PKI_Building_Trust_You_Can_Depend_On_wp.pdf

How can enterprises be sure to hold cloud providers accountable for security? Or can they?

@django1 just like the insurance policies. You don't really want to make use of them but have to have them just in case.

Richard - Good point. Disaster recovery presents opportunities for attackers to attack the backup site and the data in transit. IT needs to think that through. 

Kim Davis: great point. the service provider usually wants to distance themselves from providing security assurances.

I need to test sugarsync also. 

@Ariella, That reminds me during the old days that I had to back up unix and oracle and kept praying tha I hope that we don't need to use those backup tapes

Mitch:  Disaster recovery poses some interesting security questions. It is hard enough to ensure that you can recover from your data center being inundated with flood waters. On top of that you have to have at least as good security in the back up site. Attackers are well aware of the opportunity to take down a primary site so they can attack the backup/recovery site.

@django I back up files on sugarsync now. I haven't had the occassion to test it, though.

One of the big mysteries in this area is how much responsibility the CSP has, and how much the client has.  It's important to get clear on that.

@Ksuhr, I assume you have a GO-list on what to put in your GO-bag, just in case you have to GO...

Is there a cloud provider who will guarentee the back up of files? Or it will all come to the exclusions in the fine print?

KSuhr - That's great for an individual user but I should think it does not scale to business -- big companies. 

@django-i dont blame u.we have to keep looking.

Mary Jander:  If by Big Companies you mean the service providers, yes and no, mostly no. Amazon has great security around their own infrastucture but offer NO security to hosting customers. They leave it up to them.

Thanks for an informative session all

A simple SD card can hold a lot of information and is easy to carry if you have to evacuate. Then no one can break into it.

@Ariella, I looked at those cloud storage services and I havent found the right one yet. I just need to store files, not backup my pc or synchronize data

thanks for an excellent presentation

Richard, is disaster recovery -- on everybody's mind this week -- a security issue?

Aum007.  Yes, but there are plenty of customers who are just jumping into the cloud with no security. When security is present it should induce the wisely reluctant.

Good point. 

Mpouraryan:  Agree loss of control is an issue, but do you really control your existing environment? Does MSFT auto-update for instance?  we trust MSFT, Adobe, Firefox, etc.

@django1 Yes, I once heard a woman decrying the loss of her phone because she had not backed up the photos on it, so they were gone for good.

@Richard-so now its simply a question of convincing  wary consumers?

The big fire in NJ reminds me that I have been tasked by my wife to  upload our photo treasures somewhere where it will be safe

@Richard: Big companies are also claiming to have better security than in house. Is that really an exaggeration at this point?

great presentation.

@Richard-can you please explain in easy to understand terms?

Sure Mitch. Identity Based encryption uses some unique info about you to create the encryption key. An email address is good because it is unique and you will know when it is compromised from Wikipedia: the public key of a user is some unique information about the identity of the user (e.g. a user's email address). This can use the text-value of the name or domain name as a key or the physical IP address it translates to.

great presentation!

Do significant problems arise when you share the cloud with other cloud clients whose security is poor?  Can we expect to find attacks on badly defended cloud clients spilling over to affect responsible clients?

Aum007.  We are almost there. and for some implimentations, like a small app or a startup you *can* have better cloud security than if you do it in-house.

Richard, can you go into a little bit more detail about identity-based encryption? How does that work?

Richard, my brain is too easily strained. 

Although a "fan", I still have problems with not having 100% control....we seem to lose our independence by too much dependence on the cloud. 

Split key is very Cool. And very mathematical.  Check it out on Wikipedia if you want to strain your brain.

@Stiennon good to know about the keys.

Good question, aum007!

@Richard-do u have a timeframe from when Cloud Security will be good enough to surprass Traditional Security(or are we already there)???

django - You're thinking of Instagram. (Took me a minute to figure out where you were going with that.)

@richard - thanks!

Right Mitch.  Wired writer is great example of why NOT to tie everything together.

Did Mr Hoodie buy foxygram also?

Good question, aum007? Richard, how does that split key work? Is that PKI encryption?

Labnuke.  CSA is often cited as the best example of a volunteer org getting ahead of the problem. Great stuff.

Great example of cloud perils: The Wired writer who had his cloud account, iPhone, iPad, and MacBook Pro wiped by an attacker a couple of months ago. Chilling. 

Thank you for the presentation.

when will we have "desktops" on the cloud where the computing power of your device won't really matter much.

24/7  Yes, military grade. Or if you are running Predator drones, no encryption at all. :-(

@Richard-could u elaborate a little more on the Split key from porticor?

@richard - Any thoughts on the Cloud Security Alliance and their framework?

cloudsecurityalliance.org

Thank you for your comments.

thanks for the presentation

Mitch there are apps for that. :-)  Look for Key disocvery solution. Venfi and Entrust do it.  Most orgs have hundreds if not thousands of keys. 

Great Insights Richard..Thanks!!!

@Mitch -this is stuff frm their website

Thanks for the bird eye view

Thanks RIchard for presenting. See everyone tomorrow.

Covered some key points. Good lecture.

And now the text portion of the chat is begun! Any questions or comments for our lecturer, Richard Stiennon?

Richard, is it possible that there have been breaches of major public clouds already -- they just haven't been publicized?

@richard **applause** **applause** **applause**

@Stiennon Hello, thanks for the thorough presentation.

good broadcast

Thanks Richard

Thanks Richard, very good intro of the issues.

@Richard  Thanks for another great presentation

Arielle:  Exactly. crypto guys use the safety depoist box analogy all the time.

Good job

@Mitch yes, we need apps for that -- finding missing keys

Thanks Richard. Great session.

Concise and to the point

hi class!

what type of hardware is on the cloud?

I played around with PGP for my email before, there are places to store your keys

@Mitch-do check them out;they dont store the encryption anywhere,so attackers dont know who and where to attack whom.

Ariella - Yup! And then you have to remember where you kept the key....

@mitch.  This is so true about expecting attacks.

?

That reminds me of how banks had safety deposit boxes set up. The customer and someone at the bank each had to apply a different key to open it.

aum007 - What is foxygram. 

Expect to be attacked. Everyone is attacked. 

Still stuff from foxygram is too cool and u can prevent a lot of key storage/liability/government issues this way.

Mary, true!

How do you get the encryption keys back, if St Peter has them?

For those who are wondering where to store the Encryption and also whether your machine can handle the encryption-I have just the solution

https://foxygr.am

Still, you can pay the PR folk to help you do it.

St. Peter holds the (encryption)keys  to the clouds???

@Mitch, true.

Mary, you can't really restore brand reputation or customer goodwill witha  financial penalty. 

Richard S. noted that the lack of encryption was to blame for a huge data breach in South Carolina recently.

@dmcaarlson-it depends,we need keys which work

Thanks mitch for slide number.  Had to relaunch.

Encryption is so important.

@Mitch  thanks

But compensation might, @Mitch.

Whom maintains the keys in the cloud? I mean will you know whom the admins are

@aum, can we switch to satellites temporarily? How about switching to the internet2 backbone, temporarily also...

Was it a complex password, I wonder?

@Tricia-Your welcome!

Slide 14. 

Contracts and penalties don't fix the damage after it's happened. 

I don't think its practical for manual keying

Slide # ?

@Thinkernetter--you were right. I had to jump outside firewall AND change browser.  U ROCK

dmcaarlson - Yes, thumb-typing a long key isn't hugely practical. 

@aum007 - Tablets can handle encryption, but I think of the manual key entry required for some and wonder if it is practical

@Mitch-Smartphones,it depends on the infra at the backend.

@Mitch-Tablets can handle encryption for sure.

@django-it still possible for a largescale internet outage (like a major intercontentinal cable fault) to mess up a lot of things.

Is it practical to encryp everything? Isn't that expensive computationally? Can smartphones and tablets handle the decryption?

@django-not always!

redundant cloud machines are on different power grids...

Testing....

eahurstjr - Yay!

"Scanstorms." Good word. 

@mpouryan-Did you ??? Congratulations!!!! LOL!!!

I wonder if they had to do a cloud-to-cloud data transfer from NJ right before Sandy hit?

I refreshed and am hearing audio successfully

What drives me nuts is the ones that tells me I have gotten 800 Million. :-)

@Tricia-Two options,try an alternative browser or maybe ur company Firewall is blocking audio transmissions.In that case,u have to wait for the replay.

labnuke - Good point!

@tricia - use a different browser then

Tricia319, try refreshing the page, restarting the browser, or switching browsers. 

@mitch - ask them if they have ever clicked on or seen spam which they did not recognize until too late... they were a target

what about natural disasters?   

Tried that. Doesn't work. It just says blast, live talk radio. Then nothing

Have any of the big public clouds been targeted?  I guess we wouldn't know unless the attacks were successful.

yaab..I was part of it. :-(

How do you convince people that they are a target if they're sure they're not?

Everyone on the Internet is a target. 

@tricia-click on the play button on the player! u will get thru to sound.

People say McDonald's is bad for you but I don't think this is what they meant!

Trcia319, you need to download the slide deck from the link above. This is not a webinar. 

F5 worked. thanks

No assurance that your Cloud provider might not patch/reboot your servers 'by accident'

@eah-great to have u here too!

If the internet has a way of implementing endpoint user identification(e.g. everyone should apply for a token that requires your iris scan or voiceprint), then we will reduce the bad behavior

@tricia - the webinar is on this page at the top click the audio control

@Mitch-good point!All it takes is one weakest link in the chain and we are all in deep-deep trouble!

Was Cornish prosecuted?

Good Afternoon everyone.

Thank you Richard for presenting today.

The link they sent does not allow me to log into the webinar

It just sends me to this page.

Help!

How can you be sure that a cloud provider's employees are trustworthy?

@kim today DDOS servers can be very,very easily done by just manipulating the clowd in the wrong way

``

oops audio gone!

audio dropped for less than a minute due to phone problems. We're back now. 

we did lose audio for a bit, but it's back now.

Ok, thought it was me

just lost audio here

did it just go silent? volume seems low anyway

We seem to have lost our lecturer. Hopefully he'll dial in again soon. Please stand by. 

DDoS defences used to require bringing a whole bunch of servers online.

Any questions or comments for our lecturer?

Hello 7DEErs!

@dagamier-Yeah this is the new player format.you have play it first!

It usually starts automatically.  That's a puzzle.

Hello from Dayton, Ohio

pinhauliu -  Please try refreshing your window, restart your browser, or switch to another browser. 

totally did not notice the play button myself. was wondering why it was still so quiet

No audio for me, either.

jkcurry -  Please try refreshing your window, restart your browser, or switch to another browser. 

Refreshing and clicking (3x) on the audio play button worked for me.

Hello from Ohio, the sun is coming out!

@jkcurry-press the play button on the player.u will get audio!

You have to hit play to here it, it did not start automatically

It works on Chrome also

Ah I did not hit Play!

I have no audio

Yes, we do have audio. Please try refreshing your window, restart your browser, or switch to another browser. 

I have audio on Firefox.  IE sometimes does not cooperate.

I had to click on the "play button" on the audio control to get the audio going

we are really fortunate to have such an experienced lecturer wid us once again!

richard always does amazing lectures!!!

I have no audio

meggstar911 - Sorry to hear you're having problems. Please refresh your window, restart your browser, or switch to another browser. 

Are we there yet?

Good afternoon

refreshing my browser

I have consistent audio.  Try refreshing.

Hello to everyone

Hi Professor Stiennon!

Any audio today

audio keeps dropping?

Howdy howdy!

I have well past 2:00 so I need to update my clock to 2:00 now

Hi Ariella! Welcome, everyone!

@docelder I don't think you're fast. There seems to be a slight delay.

Hello

Hello everyone

My clock must be fast

Good afternoon!

Hi all!

:)

hello

hi all!

Savannah is in the house

hello everyone

Hi There

hi guys!!!

Good afternoon cybernetters!

Afternoon to everyone

Well we're early

hello

I'm here too!

Hi, everybody! Glad to see folks are here nice and early.

hi rachael

Hello everyone

I made it through the internet highway, no floods here, no gas needed either

Congrats Michael :)

Can't be too tight, it let me in.