OpenStack Open Source Cloud Security Sprints Forward

OpenStack Hardening GuideFrom the ‘Forget Crawl, Walk, Run- SPRINT!’ files:

One of the most exciting aspects of agile code development is the reliance on code sprints to complete certain tasks. It’s an approach that works also for documentation.

At the OpenStack Summit in Portland this past May, the OpenStack Security Group (OSSG) pledged to sit downto do a documentation sprint to build an OpenStack Hardening Guide.

That work was completed last week, and now the first OpenStack Security Guide is now available.

The contributions came from an elite group of security professionals (don’t let their ‘interesting’ titles scare you..) including:

  • Bryan Payne – Nebulous Fella
  • Robert Clark – Teaboy in chief
  • Keith Basil – Master of w00t!
  • Cody Bunch – Fanatical about OpenStack
  • Malini Bhandaru – Intel
  • Gregg Tally – APL Superstar
  • Eric Lopez – Network Virtualization rake
  • Shawn Wells – 500+ requirements guy
  • Ben de Bont – Aussie Bloke
  • Nathanael Burton – National Security Agency
  • Vibha Fauver – virtAppSec
  • Eric Windisch – Rocks the brown wingtips
  • Adam Hyde – Book Sprint Facilitator Extraordinaire
  • Andrew Hay – Mr. Burmuda

The guide is a 263 page omnibus that is a compelling must read operations manual for security in the OpenStack world. Simply put – installing OpenStack without first taking into consideration the security guidance in this guide is a recipe for disaster, in my opinion.

In addition to proscriptive guidance, the authors have included some interesting fictional case studies for secure cloud deployment. The case studies include ‘Alice’s Private Cloud which is intended to meet FedRamp requirements and Bob’s public cloud.

There is a lot to read – and no it’s not as easy to secure a cloud as simply running Bastille(like we did in the early Linux days). I suspect that the hardening guide is still somewhat of a work in progress, but the core fundamentals are all there.

Anyone that already has an OpenStack cloud or is considering deploying one, would be well served to review the guide.

The free ePub guide is available here.

Sean Michael Kerner is a senior editor at Follow him on Twitter @TechJournalist.

News Around the Web