Strange Loop

Injecting Security at the Cloud Edge

With the increase in public/private hybrid cloud deployments, there is an increased need to ensure and enforce security policies between clouds. A “Secure Edge” proxy layer is a good place to inject and enforce privacy and authentication security protocols. In this talk, I will present how Yahoo uses three open source solutions: Apache Traffic Server, Athenz and Waflz, to implement such a Secure Edge to enable a secure and dynamic hybrid cloud strategy.

Specifically, I will present multiple options for Secure Edge integration that range from basic routing with low edge visibility to more explicit delegation allowing for the Secure Edge to perform policy enforcement. I will also discuss lessons we learned along the way and how those issues are being addressed in the standards world. From this talk, participants will gain an understanding of the options available to secure applications deployed across multiple cloud locations, so they can make informed and secure deployment decisions.

Susan Hinrichs

Aviatrix

Susan Hinrichs is a computer engineer, specializing in networking, security, and system development. She is a committer on the Apache Traffic Server project and a member of the Apache Software Foundation. Susan has recently moved to Aviatrix as a Principal Architect for their multi-cloud platform. The work in this talk is from Susan's work with the Edge team at Yahoo/Verizon Media supporting web proxying and various networking solutions. Susan had previously worked in a variety of positions including teaching computer security at the University of Illinois and freelancing work in networking and security. Susan participated in the tech bubble by working with a network security company that got acquired by Cisco. Susan earned a PhD in Computer Science at Carnegie Mellon University and a BS in Computer Science from the University of Illinois at Urbana-Champaign.