WTA13 – Secure Clouds?

Attendees: Alain Bohon, Ben Simo, Eusebiu Blindu, Michael Larsen, Mohinder Khosla, Scott Seltzer, Shmuel Gershon, Timothy Western

Date: Saturday, June 25, 2011 (11:00 a.m. – 1:00 p.m. (PDT))

Today our charter was as follows:

We all are the test team for a medium sized company (say 1,000 people). Due to the desire to spread to small regional offices, but keep key documents available we are looking at cloud options to store important documents. we want to make this as easy for our users as possible, so we are exploring numerous options in the marketplace today. There are some famous names like Dropbox, Sugar Sync, etc. that we can consider. The big concern with corporate, however, is security. How can we make sure that what we put online is safe?

Our mission is to explore testing options, and examine various services (pick additional versions if the two I’ve mentioned don’t float your boat), and report back on what we can do to test and confirm this approach (or not confirm it).

With that, we went to town and focused on a number of aspects of Cloud Service security. Things that we considered were the strength of passwords, direct attacks of sites and interfaces, the overloading of interfaces to get documents loading to be stuck in between states, and discussing social engineering, the ability to compromise a network without using a single malicious script. Ben Simo has significant experience in this topic and provided numerous links and suggestions for applications and further information on this topic.

Chat transcript is here. Test charter and ideas via typewith.me is here.