Talk: Do They Deliver – Practical Security and Load Testing of Cloud Service Providers
No technology has produced more hot air and confusion than All Things Cloud™. This is not meant to be the introduction for yet another rant. It serves to illustrate what happens when you talk about complex infrastructure and use too much simplification. The Cloud infrastructure is no off-the-shelf gadget you can buy by the dozen, (virtually) connect and put on-line. It may be bigger, it may handle more load that your own infrastructure, and it may be more secure. The problem is how do you do find out? What metric tells you this? How do you compare and evaluate? This is where you might need some new tools. Matthias Luft, a security consultant at ERNW, will address this problem in his talk.
…To provide a toolset for measuring potential profits for performing this shift, we want to introduce skyscraper: It is a framework für load testing cloud based applications including a specially developed demo application for major cloud platforms. Using skyscraper, the results of several load tests are illustrated to show possibilities and caveats of the scalability of cloud based infrastructures. The evaluations were performed against the platforms of several major cloud service providers hosting the demo application of skyscraper. This demo application is utilizing all possibilities to improve scalability and security of cloudified applications, so a guide to the security and scalability features and limitations of cloud platforms is presented in addition.
Matthias explores the security and load tests in his master thesis. The skyscraper application is part of this work and serves as a probe to establish a baseline.