Businesses who want to stay ahead of the curve and achieve maximum efficiency and consistency are adopting cloud infrastructure. Keeping up with dynamic cloud environments, achieving scalable, automated, flexible, and secure cloud infrastructures means increased business agility. But how can you manage security as you migrate to cloud infrastructures?
Join Rishi Vaish, VP of Product at RightScale & Amrit Williams, CTO at CloudPassage as they discuss:
1. Recent findings from RightScale's State of the Cloud survey
2. Why hybrid cloud is the standard of choice
3. Three strategies for existing cloud server workloads
4. Benefits and security challenges of migrating to cloud infrastructures
5. Choosing a hybrid strategy - management and security practices to get the utmost resource flexibility
2. Agenda & Speakers
®
Rishi Vaish
VP of Product
Amrit Williams
CTO
• RightScale’s State of the Cloud
survey
• Why hybrid cloud is the standard of
choice
• 3 strategies for existing cloud server
workloads
• Benefits and security challenges of
migrating to cloud infrastructures
• Choosing a hybrid strategy
12. Segment Your App Portfolio
• Web architecture
• Elastic design
• Monolithic
• Legacy
• Traditional vendors
Cloud-Ready
• Greenfield
• Designed for cloud
Elastic Web
Traditional
14. Best Practice 3; Consider portability
Best Practice:
Plan for
Portability
15. • Lifecycle-based multi-cloud deployment
• Dev vs. Test vs. Staging vs. Prod
• New (Unpredictable) vs. Mature (Steady-State)
• Disaster Recovery
• Private for primary, Public for backup
• Geographic Reach
• Use clouds in different geographies
• Arbitrage costs
• Leverage different clouds based on costs
• Cloudbursting
• Base capacity in private, burst to public
Why Portability?
14
19. Place Cloud Beginners Cloud Focused
#1 Security (31%) Compliance (18%)
#2 Compliance (30%) Cost (17%)
#3 Managing multiple cloud
services (28%)
Performance (15%)
#4 Integration to internal
systems (28%)
Managing multiple cloud
services (13%)
#5 Governance/Control (26%) Security (13%)
Top 5 Challenges Change with Maturity
Top 5 Challenges Change with Cloud Maturity
Source: RightScale 2014 State of the Cloud Report
20. What makes cloud infrastructure great also breaks
existing security approaches
19
Virtualized networks
New topologies
Highly Portable
Highly dynamic
Shared infrastructure
These cloud “pros”
become security “cons”
21. The days of simple infrastructure security…
20
23. The problem becomes more challenging in multi-
cloud environments
22
Cloud Provider A
Cloud Provider B
Private Datacenter
www-
4
!
www-
5
!
www-
6
!
www-
7
!
www-
8
!
www-
9
!
www-10
!
www-
7
!
www-
8
!
www-
9
!
www-10
!
www-1 www-2 www-3 www-4
Workloads become highly transient
across multiple cloud environments.
ww
w-4
ww
w-4
ww
w-4
ww
w-4
24. Traditional Security Solutions Break…
23
Endpoint Security
• Resource intensive
• Licensing models
• Do not work across disparate cloud environments
Virtual Appliances
• No hardware acceleration
• No gateway to deploy against
• Do not well work across disparate cloud environments
Hypervisor Security
• Affects density of virtualized environments
• Limited visibility into workloads themselves
• Cannot deploy into public cloud infrastructures
25. Cloud Security Responsibility Has Added More
Complexity
24
Customer
Responsibility
Provider
Responsibili
ty
Physical Facilities
Compute & Storage
Shared Network
Hypervisor
Virtual Machine
Data
App Code
App Framework
Operating System
“…the customer should assume responsibility
and management of, but not limited to, the
guest operating system.. and associated
application software...”
“it is possible for customers to enhance security
and/or meet more stringent compliance
requirements with the addition of… host
based firewalls, host based intrusion
detection/prevention, encryption and key
management.”
Amazon Web Services: Overview of Security
Processes
Shared Responsibility Model
26. Addressing security & compliance needs as
infrastructure models migrate to cloud
25
• Strong access control
– User-auditing, privilege access monitoring,
multi-factor authentication, device
verification, etc…
• Exposure management
– Vulnerability assessment, configuration
security monitoring, file integrity monitoring,
etc…
• Compromise prevention
– Firewall management, application
whitelisting, intrusion detection /
prevention, data leak prevention, etc.
• Security & compliance intelligence,
adherence to corporate policies
– Reporting and analytics, auditing, and
standardized policy implementation, etc.
Needs Haven’t Changed
• Must work anywhere
– Traditional environments, public cloud
infrastructures, private cloud
infrastructures and hybrid cloud
environments
• Diminished to no visibility and control
– Underlying security and control
maintained by the infrastructure provider
• Hardware device limitations
– Traditional network appliance or security
approaches that leverage underlying
hardware are not effective or appropriate
• Dramatically higher rate of code &
infrastructure change
– Highly transient workloads often in a
Delivery Parameters Have
27. CloudPassage Halo
26
• Highly automated security &
compliance platform
• Builds security directly into
compute workloads
• Secures any compute
workloads, at any scale
• Supports any cloud or
datacenter environment
• SaaS delivery model
28. Halo secure workloads anywhere at any scale and
extends existing security investments
27
Halo API
Halo Portal
29. #28#
#rightscale
Q & A and Resources
Access the 2014 State of the Cloud Report:
RightScale.com/lp/2014-state-of-the-cloud-report
Start a Free Trial of Halo
CloudPassage.com/halo
Check out our blogs
rightscale.com/blog
blog.cloudpassage.com
®