Preventing cloud data breaches in open source
Frank Karlitschek started the ownCloud project in 2010 to return control over the storing and sharing of information to consumers. In 2016 he initiated the Nextcloud project to bring this idea to the next level. He has been involved with a variety of Free Software projects including having been a board member for the KDE community. Frank has spoken at MIT, CERN and ETH and keynoted LinuxCon, Latinoware, Akademy, FOSSASIA, openSUSE Con and many other conferences.
The privacy and the personal data on the internet are under attack by hackers and international espionage programs. It is important to keep data safe and secure to protect the privacy of the users.
Open source software like Nextcloud and openSUSE are key to provide the necessary tools to the users to protect their data and run their own infrastructure.
But to provide the expected security to the users it is necessary that the software is configured correctly and always has the latest security patches. It was lately discovered by Nextcloud that a big number of cloud services running on the internet are not secured properly. Some of them, even operated by big organisations, are even trivial to hack. This is a challenge for the open source community that we need to address.
This talk will cover the current problems with insecure services that were discovered by Nextcloud and discussed possible steps to improve the situation. Examples are easier to understand administration interfaces, better notifications to the admins if actions are needed and potentially live patching of software. The talk will discuss potential consequences and new challanges for Linux distributions around software distribution and better guiding of admins to make the right decissions around security.
It will also discuss the current and upcoming federation features of Nextcloud and how to become part of the community.
- 2017 May 27 15:15
- 1 h
- Saal (Main Hall)
- openSUSE Conference 2017