Overview
Explore the challenges of public cloud PCI compliance in this BSides Rhode Island conference talk. Delve into why cloud security is complex, understand the delineation of responsibility, and learn about introspection and its security applications. Examine strategies for pushing perimeter security to endpoints and the security implications of VM cloning. Gain insights into PCI compliance in public cloud environments, including responsibility matrices and common audit confusions. Discover practical tips and a quick checklist for navigating cloud security and compliance issues.
Syllabus
Intro
Why is Cloud Security Hard?
Delineation of Responsibility
What is Introspection?
Security Uses For Introspection
Pushing Perimeter Security Out To The Endpoints
Gen3 Server Builds
VM Clone Security = Spot The Difference Game
PCI Compliance & Public Cloud
Responsibility Matrix
Gap Example #1
Quick Checklist
What Confuses Auditors
Questions?