SlideShare une entreprise Scribd logo

Cloud Passage - Securing Servers in Public & Hybrid Clouds

Télécharger en tant que PPTX, PDF
RightScale
RightScale

RightScale Conference Santa Clara 2011: Cloud computing is one of the most disruptive new technologies since the Internet. One of the fastest-growing sectors of cloud computing is infrastructure-as-a-service (IaaS). Cloud-based IaaS offers tremendous scalability, flexibility and speed in deploying information processing compute resources. Security and compliance remain major challenges to adoption of public cloud infrastructure hosting. Technical differences in public cloud environments render many established security models and controls inoperable. In this sesson, Carson Sweet will discuss why security and compliance is different in the cloud, outline a model for securing cloud-based hosting environments and explain best practices for implementing this model.

TechnologieBusiness
1  sur  19
Securing Servers in Public & Hybrid Clouds Carson Sweet CEO, CloudPassage Watch the video of this presentation RightScale User Conference © 2011 CloudPassage Inc.
What’s So Different? © 2011 CloudPassage Inc. www.cloudpassage.com
What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 www-4 – Poor configurations were tolerable public cloud © 2011 CloudPassage Inc. www.cloudpassage.com
What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door www-4 public cloud © 2011 CloudPassage Inc. www.cloudpassage.com
What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door • Sprawling, multiplying exposures – Rapidly growing attack surface area – More servers = more vulnerabilities – More servers ≠ more people www-4 www-5 www-6 www-7 www-8 www-9 www-10 public cloud © 2011 CloudPassage Inc. www.cloudpassage.com
What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door • Sprawling, multiplying exposures – Rapidly growing attack surface area – More servers = more vulnerabilities – More servers ≠ more people www-4 www-5 www-6 • Fraudsters target cloud servers www-7 www-8 www-9 www-10 – Softer targets to penetrate – No perimeter defenses to thwart – Elasticity = more botnet to sell public cloud © 2011 CloudPassage Inc. www.cloudpassage.com
Got Cloud Servers? You Are On The Hook! Responsibility Data AWS Shared Responsibility Model Customer “…the customer should assume App Code responsibility and management of, but not limited to, the guest operating system.. and App Framework associated application software...” Operating System “…it is possible for customers to enhance security and/or meet more stringent Virtual Machine Responsibility compliance requirements with the addition of Hypervisor host based firewalls, host based intrusion Provider detection/prevention, encryption and key management.” Compute & Storage Amazon Web Services: Overview of Security Shared Network Processes Physical Facilities © 2011 CloudPassage Inc. www.cloudpassage.com
How To Secure Cloud Servers Servers in hybrid and public clouds must be self- defending with highly automated controls like… Dynamic network Server compromise & access control intrusion alerting Configuration and Server forensics and package security security analytics Server account Integration & automation visibility & control capabilities © 2011 CloudPassage Inc. www.cloudpassage.com
Architectural Challenges • Inconsistent Control (you don’t own everything) – The only thing you can count on is guest VM ownership • Elasticity (not all servers are steady-state) – Cloudbursting, stale servers, dynamic provisioning • Scalability (handle variable workloads) – May have one dev server or 1,000 number-crunchers • Portability (same controls work anywhere) – Nobody wants multiple tools or IaaS provider lock-in © 2011 CloudPassage Inc. www.cloudpassage.com
How We Did It: HaloTM Architecture • Halo Daemon Halo Daemon www-1 – Ultra light-weight software – Installed on server image Halo – Automatically provisioned www-1 • Halo Compute Grid – Elastic compute grid – Hosted by CloudPassage – Does the heavy lifting for the Halo Halo Daemons (95% or more cycles) Compute Grid © 2011 CloudPassage Inc. www.cloudpassage.com
www-1 www-1 Halo Halo Daemon User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Halo Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
www-1 www-1 Halo Policies & Commands User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
www-1 Halo Results & Updates User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
www-1 www-1 Halo State and Event User Portal Analysis CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
www-1 Alerts, Reports www-1 and Trending Halo User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
HaloTM Functional Capabilities Halo is a security Software-as-a-Service providing all you need to secure your cloud servers. Dynamic network Server compromise & access control intrusion alerting Configuration and Halo GhostPorts server package security access control Server account Halo REST API for visibility & control integration & automation © 2011 CloudPassage Inc. www.cloudpassage.com
Portable = “Works Anywhere” Single pane of glass across hosting models • Scales and bursts with dynamic cloud environments • Not dependant on chokepoints, static networks or fixed IPs • Agnostic to cloud provider, hypervisor or hardware © 2011 CloudPassage Inc. www.cloudpassage.com
RightScale Integration • Deployment via RightScript (today) – Extremely easy access to cloud server security – Included in template = automatic security – No other cloud management console can do this • Self-Securing Server Templates (in R&D phase) – CloudPassage IDs exposures & compliance issues – RightScale consumes data, fixes issues via RightScripts – New and existing servers become compliant “on the fly” © 2011 CloudPassage Inc. www.cloudpassage.com
Questions? Comments? Ideas? © 2011 CloudPassage Inc. www.cloudpassage.com

Recommandé

Tayammum
TayammumTayammum
Tayammumheavnzcharm
 
Aqiqah
Aqiqah Aqiqah
Aqiqah Eva Rosita
 
Angela Brady - Keynote
Angela Brady - KeynoteAngela Brady - Keynote
Angela Brady - KeynoteCivic Agenda
 
Dela u2 act5_el_contrato_y_su_contenido
Dela u2 act5_el_contrato_y_su_contenidoDela u2 act5_el_contrato_y_su_contenido
Dela u2 act5_el_contrato_y_su_contenidoSoporte_Esca_ST
 
Brookfield - White Paper - LGBT Assignees
Brookfield - White Paper - LGBT AssigneesBrookfield - White Paper - LGBT Assignees
Brookfield - White Paper - LGBT Assigneesymcnulty
 
Transforming Xml Data Into Html
Transforming Xml Data Into HtmlTransforming Xml Data Into Html
Transforming Xml Data Into HtmlKarthikeyan Mkr
 
Resume1
Resume1Resume1
Resume1Carrie Carter
 
Sustainable Event Tips
Sustainable Event TipsSustainable Event Tips
Sustainable Event TipsTerra Walker
 

Recommandé

Tayammum
TayammumTayammum
Tayammumheavnzcharm
 
Aqiqah
Aqiqah Aqiqah
Aqiqah Eva Rosita
 
Angela Brady - Keynote
Angela Brady - KeynoteAngela Brady - Keynote
Angela Brady - KeynoteCivic Agenda
 
Dela u2 act5_el_contrato_y_su_contenido
Dela u2 act5_el_contrato_y_su_contenidoDela u2 act5_el_contrato_y_su_contenido
Dela u2 act5_el_contrato_y_su_contenidoSoporte_Esca_ST
 
Brookfield - White Paper - LGBT Assignees
Brookfield - White Paper - LGBT AssigneesBrookfield - White Paper - LGBT Assignees
Brookfield - White Paper - LGBT Assigneesymcnulty
 
Transforming Xml Data Into Html
Transforming Xml Data Into HtmlTransforming Xml Data Into Html
Transforming Xml Data Into HtmlKarthikeyan Mkr
 
Resume1
Resume1Resume1
Resume1Carrie Carter
 
Sustainable Event Tips
Sustainable Event TipsSustainable Event Tips
Sustainable Event TipsTerra Walker
 
Top100 Brands Single
Top100 Brands SingleTop100 Brands Single
Top100 Brands Singledgamache
 
Q4 2013 jnpr financial results slides 1 23 14
Q4 2013 jnpr financial results slides 1 23 14Q4 2013 jnpr financial results slides 1 23 14
Q4 2013 jnpr financial results slides 1 23 14IRJuniperNetworks
 
Water Supply Advisory Committee Draft Agreement on New Supply Options
Water Supply Advisory Committee Draft Agreement on New Supply OptionsWater Supply Advisory Committee Draft Agreement on New Supply Options
Water Supply Advisory Committee Draft Agreement on New Supply OptionsRobert Singleton
 
Multi-homed applications
Multi-homed applicationsMulti-homed applications
Multi-homed applicationsAndreas Ehn
 
Sommet 2010
Sommet 2010Sommet 2010
Sommet 2010zazouzasympatico
 
Pingpong(1)
Pingpong(1)Pingpong(1)
Pingpong(1)Pensil Dan Pemadam
 
Rekod kehadiran kelab
Rekod kehadiran kelabRekod kehadiran kelab
Rekod kehadiran kelabIsmail Baihaqie MY
 
emediaIT - Mobility Solutions - 2011.03.01
emediaIT - Mobility Solutions - 2011.03.01emediaIT - Mobility Solutions - 2011.03.01
emediaIT - Mobility Solutions - 2011.03.01Venketash (Pat) Ramadass
 
ORACLE HCM_2708
ORACLE HCM_2708ORACLE HCM_2708
ORACLE HCM_2708smertnik705
 
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbag
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbagOpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbag
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbagme_slideshare_2
 
Salam Base Business
Salam Base BusinessSalam Base Business
Salam Base BusinessHaziq Jadoon
 
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...IBM India Smarter Computing
 
10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT Governance10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT GovernanceRightScale
 
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsKubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsRightScale
 
Optimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleOptimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleRightScale
 
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About NowPrepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About NowRightScale
 
How to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your EnterpriseHow to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your EnterpriseRightScale
 
Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)RightScale
 
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBMComparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBMRightScale
 
How to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale OptimaHow to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale OptimaRightScale
 
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...RightScale
 
Using RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider ToolsUsing RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider ToolsRightScale
 

Contenu connexe

En vedette

Top100 Brands Single
Top100 Brands SingleTop100 Brands Single
Top100 Brands Singledgamache
 
Q4 2013 jnpr financial results slides 1 23 14
Q4 2013 jnpr financial results slides 1 23 14Q4 2013 jnpr financial results slides 1 23 14
Q4 2013 jnpr financial results slides 1 23 14IRJuniperNetworks
 
Water Supply Advisory Committee Draft Agreement on New Supply Options
Water Supply Advisory Committee Draft Agreement on New Supply OptionsWater Supply Advisory Committee Draft Agreement on New Supply Options
Water Supply Advisory Committee Draft Agreement on New Supply OptionsRobert Singleton
 
Multi-homed applications
Multi-homed applicationsMulti-homed applications
Multi-homed applicationsAndreas Ehn
 
emediaIT - Mobility Solutions - 2011.03.01
emediaIT - Mobility Solutions - 2011.03.01emediaIT - Mobility Solutions - 2011.03.01
emediaIT - Mobility Solutions - 2011.03.01Venketash (Pat) Ramadass
 
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbag
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbagOpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbag
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbagme_slideshare_2
 
Salam Base Business
Salam Base BusinessSalam Base Business
Salam Base BusinessHaziq Jadoon
 
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...IBM India Smarter Computing
 

En vedette (12)

Top100 Brands Single
Top100 Brands SingleTop100 Brands Single
Top100 Brands Single
 
Q4 2013 jnpr financial results slides 1 23 14
Q4 2013 jnpr financial results slides 1 23 14Q4 2013 jnpr financial results slides 1 23 14
Q4 2013 jnpr financial results slides 1 23 14
 
Water Supply Advisory Committee Draft Agreement on New Supply Options
Water Supply Advisory Committee Draft Agreement on New Supply OptionsWater Supply Advisory Committee Draft Agreement on New Supply Options
Water Supply Advisory Committee Draft Agreement on New Supply Options
 
Multi-homed applications
Multi-homed applicationsMulti-homed applications
Multi-homed applications
 
Sommet 2010
Sommet 2010Sommet 2010
Sommet 2010
 
Pingpong(1)
Pingpong(1)Pingpong(1)
Pingpong(1)
 
Rekod kehadiran kelab
Rekod kehadiran kelabRekod kehadiran kelab
Rekod kehadiran kelab
 
emediaIT - Mobility Solutions - 2011.03.01
emediaIT - Mobility Solutions - 2011.03.01emediaIT - Mobility Solutions - 2011.03.01
emediaIT - Mobility Solutions - 2011.03.01
 
ORACLE HCM_2708
ORACLE HCM_2708ORACLE HCM_2708
ORACLE HCM_2708
 
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbag
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbagOpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbag
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbag
 
Salam Base Business
Salam Base BusinessSalam Base Business
Salam Base Business
 
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...
 

Plus de RightScale

10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT Governance10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT GovernanceRightScale
 
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsKubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsRightScale
 
Optimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleOptimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleRightScale
 
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About NowPrepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About NowRightScale
 
How to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your EnterpriseHow to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your EnterpriseRightScale
 
Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)RightScale
 
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBMComparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBMRightScale
 
How to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale OptimaHow to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale OptimaRightScale
 
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...RightScale
 
Using RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider ToolsUsing RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider ToolsRightScale
 
Best Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and ComplianceBest Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and ComplianceRightScale
 
Automating Multi-Cloud Policies for AWS, Azure, Google, and More
Automating Multi-Cloud Policies for AWS, Azure, Google, and MoreAutomating Multi-Cloud Policies for AWS, Azure, Google, and More
Automating Multi-Cloud Policies for AWS, Azure, Google, and MoreRightScale
 
The 5 Stages of Cloud Management for Enterprises
The 5 Stages of Cloud Management for EnterprisesThe 5 Stages of Cloud Management for Enterprises
The 5 Stages of Cloud Management for EnterprisesRightScale
 
9 Ways to Reduce Cloud Storage Costs
9 Ways to Reduce Cloud Storage Costs9 Ways to Reduce Cloud Storage Costs
9 Ways to Reduce Cloud Storage CostsRightScale
 
Serverless Comparison: AWS vs Azure vs Google vs IBM
Serverless Comparison: AWS vs Azure vs Google vs IBMServerless Comparison: AWS vs Azure vs Google vs IBM
Serverless Comparison: AWS vs Azure vs Google vs IBMRightScale
 
Best Practices for Cloud Managed Services Providers: The Path to CMP Success
Best Practices for Cloud Managed Services Providers: The Path to CMP SuccessBest Practices for Cloud Managed Services Providers: The Path to CMP Success
Best Practices for Cloud Managed Services Providers: The Path to CMP SuccessRightScale
 
Cloud Storage Comparison: AWS vs Azure vs Google vs IBM
Cloud Storage Comparison: AWS vs Azure vs Google vs IBMCloud Storage Comparison: AWS vs Azure vs Google vs IBM
Cloud Storage Comparison: AWS vs Azure vs Google vs IBMRightScale
 
2018 Cloud Trends: RightScale State of the Cloud Report
2018 Cloud Trends: RightScale State of the Cloud Report2018 Cloud Trends: RightScale State of the Cloud Report
2018 Cloud Trends: RightScale State of the Cloud ReportRightScale
 
Got a Multi-Cloud Strategy? How RightScale CMP Helps
Got a Multi-Cloud Strategy? How RightScale CMP HelpsGot a Multi-Cloud Strategy? How RightScale CMP Helps
Got a Multi-Cloud Strategy? How RightScale CMP HelpsRightScale
 
How to Manage Cloud Costs with RightScale Optima
How to Manage Cloud Costs with RightScale OptimaHow to Manage Cloud Costs with RightScale Optima
How to Manage Cloud Costs with RightScale OptimaRightScale
 

Plus de RightScale (20)

10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT Governance10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT Governance
 
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsKubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
 
Optimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleOptimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScale
 
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About NowPrepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
 
How to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your EnterpriseHow to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your Enterprise
 
Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)
 
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBMComparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
 
How to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale OptimaHow to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale Optima
 
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
 
Using RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider ToolsUsing RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider Tools
 
Best Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and ComplianceBest Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and Compliance
 
Automating Multi-Cloud Policies for AWS, Azure, Google, and More
Automating Multi-Cloud Policies for AWS, Azure, Google, and MoreAutomating Multi-Cloud Policies for AWS, Azure, Google, and More
Automating Multi-Cloud Policies for AWS, Azure, Google, and More
 
The 5 Stages of Cloud Management for Enterprises
The 5 Stages of Cloud Management for EnterprisesThe 5 Stages of Cloud Management for Enterprises
The 5 Stages of Cloud Management for Enterprises
 
9 Ways to Reduce Cloud Storage Costs
9 Ways to Reduce Cloud Storage Costs9 Ways to Reduce Cloud Storage Costs
9 Ways to Reduce Cloud Storage Costs
 
Serverless Comparison: AWS vs Azure vs Google vs IBM
Serverless Comparison: AWS vs Azure vs Google vs IBMServerless Comparison: AWS vs Azure vs Google vs IBM
Serverless Comparison: AWS vs Azure vs Google vs IBM
 
Best Practices for Cloud Managed Services Providers: The Path to CMP Success
Best Practices for Cloud Managed Services Providers: The Path to CMP SuccessBest Practices for Cloud Managed Services Providers: The Path to CMP Success
Best Practices for Cloud Managed Services Providers: The Path to CMP Success
 
Cloud Storage Comparison: AWS vs Azure vs Google vs IBM
Cloud Storage Comparison: AWS vs Azure vs Google vs IBMCloud Storage Comparison: AWS vs Azure vs Google vs IBM
Cloud Storage Comparison: AWS vs Azure vs Google vs IBM
 
2018 Cloud Trends: RightScale State of the Cloud Report
2018 Cloud Trends: RightScale State of the Cloud Report2018 Cloud Trends: RightScale State of the Cloud Report
2018 Cloud Trends: RightScale State of the Cloud Report
 
Got a Multi-Cloud Strategy? How RightScale CMP Helps
Got a Multi-Cloud Strategy? How RightScale CMP HelpsGot a Multi-Cloud Strategy? How RightScale CMP Helps
Got a Multi-Cloud Strategy? How RightScale CMP Helps
 
How to Manage Cloud Costs with RightScale Optima
How to Manage Cloud Costs with RightScale OptimaHow to Manage Cloud Costs with RightScale Optima
How to Manage Cloud Costs with RightScale Optima
 

Dernier

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Dernier (20)

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

Cloud Passage - Securing Servers in Public & Hybrid Clouds

  • 1. Securing Servers in Public & Hybrid Clouds Carson Sweet CEO, CloudPassage Watch the video of this presentation RightScale User Conference © 2011 CloudPassage Inc.
  • 2. What’s So Different? © 2011 CloudPassage Inc. www.cloudpassage.com
  • 3. What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 www-4 – Poor configurations were tolerable public cloud © 2011 CloudPassage Inc. www.cloudpassage.com
  • 4. What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door www-4 public cloud © 2011 CloudPassage Inc. www.cloudpassage.com
  • 5. What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door • Sprawling, multiplying exposures – Rapidly growing attack surface area – More servers = more vulnerabilities – More servers ≠ more people www-4 www-5 www-6 www-7 www-8 www-9 www-10 public cloud © 2011 CloudPassage Inc. www.cloudpassage.com
  • 6. What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door • Sprawling, multiplying exposures – Rapidly growing attack surface area – More servers = more vulnerabilities – More servers ≠ more people www-4 www-5 www-6 • Fraudsters target cloud servers www-7 www-8 www-9 www-10 – Softer targets to penetrate – No perimeter defenses to thwart – Elasticity = more botnet to sell public cloud © 2011 CloudPassage Inc. www.cloudpassage.com
  • 7. Got Cloud Servers? You Are On The Hook! Responsibility Data AWS Shared Responsibility Model Customer “…the customer should assume App Code responsibility and management of, but not limited to, the guest operating system.. and App Framework associated application software...” Operating System “…it is possible for customers to enhance security and/or meet more stringent Virtual Machine Responsibility compliance requirements with the addition of Hypervisor host based firewalls, host based intrusion Provider detection/prevention, encryption and key management.” Compute & Storage Amazon Web Services: Overview of Security Shared Network Processes Physical Facilities © 2011 CloudPassage Inc. www.cloudpassage.com
  • 8. How To Secure Cloud Servers Servers in hybrid and public clouds must be self- defending with highly automated controls like… Dynamic network Server compromise & access control intrusion alerting Configuration and Server forensics and package security security analytics Server account Integration & automation visibility & control capabilities © 2011 CloudPassage Inc. www.cloudpassage.com
  • 9. Architectural Challenges • Inconsistent Control (you don’t own everything) – The only thing you can count on is guest VM ownership • Elasticity (not all servers are steady-state) – Cloudbursting, stale servers, dynamic provisioning • Scalability (handle variable workloads) – May have one dev server or 1,000 number-crunchers • Portability (same controls work anywhere) – Nobody wants multiple tools or IaaS provider lock-in © 2011 CloudPassage Inc. www.cloudpassage.com
  • 10. How We Did It: HaloTM Architecture • Halo Daemon Halo Daemon www-1 – Ultra light-weight software – Installed on server image Halo – Automatically provisioned www-1 • Halo Compute Grid – Elastic compute grid – Hosted by CloudPassage – Does the heavy lifting for the Halo Halo Daemons (95% or more cycles) Compute Grid © 2011 CloudPassage Inc. www.cloudpassage.com
  • 11. www-1 www-1 Halo Halo Daemon User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Halo Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
  • 12. www-1 www-1 Halo Policies & Commands User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
  • 13. www-1 Halo Results & Updates User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
  • 14. www-1 www-1 Halo State and Event User Portal Analysis CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
  • 15. www-1 Alerts, Reports www-1 and Trending Halo User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
  • 16. HaloTM Functional Capabilities Halo is a security Software-as-a-Service providing all you need to secure your cloud servers. Dynamic network Server compromise & access control intrusion alerting Configuration and Halo GhostPorts server package security access control Server account Halo REST API for visibility & control integration & automation © 2011 CloudPassage Inc. www.cloudpassage.com
  • 17. Portable = “Works Anywhere” Single pane of glass across hosting models • Scales and bursts with dynamic cloud environments • Not dependant on chokepoints, static networks or fixed IPs • Agnostic to cloud provider, hypervisor or hardware © 2011 CloudPassage Inc. www.cloudpassage.com
  • 18. RightScale Integration • Deployment via RightScript (today) – Extremely easy access to cloud server security – Included in template = automatic security – No other cloud management console can do this • Self-Securing Server Templates (in R&D phase) – CloudPassage IDs exposures & compliance issues – RightScale consumes data, fixes issues via RightScripts – New and existing servers become compliant “on the fly” © 2011 CloudPassage Inc. www.cloudpassage.com
  • 19. Questions? Comments? Ideas? © 2011 CloudPassage Inc. www.cloudpassage.com

Notes de l'éditeur

  1. y
  2. y
  3. y
  4. y
  5. y