Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Securing Servers in Public     & Hybrid Clouds       Carson Sweet       CEO, CloudPassage        Watch the video of this p...
What’s So Different?© 2011 CloudPassage Inc.   www.cloudpassage.com
What’s So Different?  • Servers used to be highly isolated                                                                ...
What’s So Different?  • Servers used to be highly isolated                                                                ...
What’s So Different?  • Servers used to be highly isolated                                                                ...
What’s So Different?  • Servers used to be highly isolated                                                                ...
Got Cloud Servers? You Are OnThe Hook!                                                                                    ...
How To Secure Cloud Servers    Servers in hybrid and public clouds must be self-    defending with highly automated contro...
Architectural Challenges• Inconsistent Control (you don’t own everything)      – The only thing you can count on is guest ...
How We Did It: HaloTM Architecture• Halo Daemon                                   Halo                                    ...
www-1                                                 www-1              Halo                                             ...
www-1                                                 www-1                                                  Halo         ...
www-1                                                  Halo                                                         Result...
www-1                                              www-1                                               Halo               ...
www-1   Alerts, Reports                                                 www-1    and Trending                             ...
HaloTM Functional Capabilities    Halo is a security Software-as-a-Service providing    all you need to secure your cloud ...
Portable = “Works Anywhere”        Single pane of glass across hosting models           • Scales and bursts with dynamic c...
RightScale Integration• Deployment via RightScript (today)      – Extremely easy access to cloud server security      – In...
Questions? Comments? Ideas?© 2011 CloudPassage Inc.   www.cloudpassage.com
Prochain SlideShare
Chargement dans…5
×

Cloud Passage - Securing Servers in Public & Hybrid Clouds

974 vues

Publié le

RightScale Conference Santa Clara 2011: Cloud computing is one of the most disruptive new technologies since the Internet. One of the fastest-growing sectors of cloud computing is infrastructure-as-a-service (IaaS). Cloud-based IaaS offers tremendous scalability, flexibility and speed in deploying information processing compute resources. Security and compliance remain major challenges to adoption of public cloud infrastructure hosting. Technical differences in public cloud environments render many established security models and controls inoperable. In this sesson, Carson Sweet will discuss why security and compliance is different in the cloud, outline a model for securing cloud-based hosting environments and explain best practices for implementing this model.

Publié dans : Technologie, Business
  • Soyez le premier à commenter

Cloud Passage - Securing Servers in Public & Hybrid Clouds

  1. 1. Securing Servers in Public & Hybrid Clouds Carson Sweet CEO, CloudPassage Watch the video of this presentation RightScale User Conference© 2011 CloudPassage Inc.
  2. 2. What’s So Different?© 2011 CloudPassage Inc. www.cloudpassage.com
  3. 3. What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 www-4 – Poor configurations were tolerable public cloud© 2011 CloudPassage Inc. www.cloudpassage.com
  4. 4. What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door www-4 public cloud© 2011 CloudPassage Inc. www.cloudpassage.com
  5. 5. What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door • Sprawling, multiplying exposures – Rapidly growing attack surface area – More servers = more vulnerabilities – More servers ≠ more people www-4 www-5 www-6 www-7 www-8 www-9 www-10 public cloud© 2011 CloudPassage Inc. www.cloudpassage.com
  6. 6. What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door • Sprawling, multiplying exposures – Rapidly growing attack surface area – More servers = more vulnerabilities – More servers ≠ more people www-4 www-5 www-6 • Fraudsters target cloud servers www-7 www-8 www-9 www-10 – Softer targets to penetrate – No perimeter defenses to thwart – Elasticity = more botnet to sell public cloud© 2011 CloudPassage Inc. www.cloudpassage.com
  7. 7. Got Cloud Servers? You Are OnThe Hook! Responsibility Data AWS Shared Responsibility Model Customer “…the customer should assume App Code responsibility and management of, but not limited to, the guest operating system.. and App Framework associated application software...” Operating System “…it is possible for customers to enhance security and/or meet more stringent Virtual Machine Responsibility compliance requirements with the addition of Hypervisor host based firewalls, host based intrusion Provider detection/prevention, encryption and key management.” Compute & Storage Amazon Web Services: Overview of Security Shared Network Processes Physical Facilities© 2011 CloudPassage Inc. www.cloudpassage.com
  8. 8. How To Secure Cloud Servers Servers in hybrid and public clouds must be self- defending with highly automated controls like… Dynamic network Server compromise & access control intrusion alerting Configuration and Server forensics and package security security analytics Server account Integration & automation visibility & control capabilities© 2011 CloudPassage Inc. www.cloudpassage.com
  9. 9. Architectural Challenges• Inconsistent Control (you don’t own everything) – The only thing you can count on is guest VM ownership• Elasticity (not all servers are steady-state) – Cloudbursting, stale servers, dynamic provisioning• Scalability (handle variable workloads) – May have one dev server or 1,000 number-crunchers• Portability (same controls work anywhere) – Nobody wants multiple tools or IaaS provider lock-in© 2011 CloudPassage Inc. www.cloudpassage.com
  10. 10. How We Did It: HaloTM Architecture• Halo Daemon Halo Daemon www-1 – Ultra light-weight software – Installed on server image Halo – Automatically provisioned www-1• Halo Compute Grid – Elastic compute grid – Hosted by CloudPassage – Does the heavy lifting for the Halo Halo Daemons (95% or more cycles) Compute Grid© 2011 CloudPassage Inc. www.cloudpassage.com
  11. 11. www-1 www-1 Halo Halo Daemon User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Halo Compute API Gateway Grid© 2011 CloudPassage Inc. www.cloudpassage.com
  12. 12. www-1 www-1 Halo Policies & Commands User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid© 2011 CloudPassage Inc. www.cloudpassage.com
  13. 13. www-1 Halo Results & Updates User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid© 2011 CloudPassage Inc. www.cloudpassage.com
  14. 14. www-1 www-1 Halo State and Event User Portal Analysis CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid© 2011 CloudPassage Inc. www.cloudpassage.com
  15. 15. www-1 Alerts, Reports www-1 and Trending Halo User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid© 2011 CloudPassage Inc. www.cloudpassage.com
  16. 16. HaloTM Functional Capabilities Halo is a security Software-as-a-Service providing all you need to secure your cloud servers. Dynamic network Server compromise & access control intrusion alerting Configuration and Halo GhostPorts server package security access control Server account Halo REST API for visibility & control integration & automation© 2011 CloudPassage Inc. www.cloudpassage.com
  17. 17. Portable = “Works Anywhere” Single pane of glass across hosting models • Scales and bursts with dynamic cloud environments • Not dependant on chokepoints, static networks or fixed IPs • Agnostic to cloud provider, hypervisor or hardware© 2011 CloudPassage Inc. www.cloudpassage.com
  18. 18. RightScale Integration• Deployment via RightScript (today) – Extremely easy access to cloud server security – Included in template = automatic security – No other cloud management console can do this• Self-Securing Server Templates (in R&D phase) – CloudPassage IDs exposures & compliance issues – RightScale consumes data, fixes issues via RightScripts – New and existing servers become compliant “on the fly”© 2011 CloudPassage Inc. www.cloudpassage.com
  19. 19. Questions? Comments? Ideas?© 2011 CloudPassage Inc. www.cloudpassage.com

×