In this webinar we will demonstrate the combined power of RightScale and Logicworks, and how to achieve security compliance standards in the cloud. Learn about Logicworks’ approach to compliance from a business level perspective and how to use RightScale to manage servers in compliant environments.
In this webinar, we’ll discuss:
- Business objectives that drive compliance in the public IaaS cloud
- The fundamentals of both PCI and HIPAA compliance
- A case example that demonstrates compliance applied to the Logicworks environment build model
We will conclude with an assessment of how to satisfy both the technical and business level objectives at your organization. This webinar will give you a greater understanding of how compliance needs can be met in the cloud.
1. Compliance in the Cloud
September 27, 2012
Watch the video of this webinar
2. # 2
Your Panel Today
Presenting:
•Hunter Williams, Business Development, RightScale
•Paul Jacoby, Vice President, Client Services, Logicworks
•Kyle Hultman, Senior Solutions Architect, Logicworks
Q&A:
David Manriquez, Account Manager, RightScale
Please use the “Questions” window to ask questions any time!
3. # 3
Agenda for Today
• Why cloud management?
• Compliance in the context of Web Infrastructure
• Use Case Highlights:
o
Business challenge
o
Private Cloud
o
Security overlay
o
RightScale incorporation
• Compliance is more than just security
Please use the “Questions” window to ask questions any time!
4. # 4
Why Cloud Management?
Abstraction with Visibility and
Customization Control
Complete customization One place to manage
without the hassle your infrastructure
Choose Your Own Automation is the
Clouds Core
Vendor freedom across Massively scalable and
hardware and software super agile applications
Tap into Cloud
Expertise
Experienced architects
and support teams
6. # 6
RightScale Cloud Management
Governance Controls Automation Engine
Control access and security, track Monitor, alert, auto-scale, and
usage, and access logs automate operations
MultiCloud Marketplace™ Configuration Framework
Access cloud-ready, customizable Provision servers and execute scripts
ServerTemplates™ with consistency
MultiCloud Platform
Manage public, private, and hybrid
clouds
7. # 7
Automation Engine
Requests per
Requests per
second
second
•
Each color band is is
Monitoring and alerting
Each color band
for1 server
for1 server
• Server and application
• Escalations and triggers
• Auto-scaling Looks like load is is evenly distributed across 6 of 8 servers
Looks like load evenly distributed across 6 of 8 servers
• Operational automation
• Database backup, failover,
recovery
• Script execution
• Code deploys and patches
8. # 8
Configuration Framework
RightScale ServerTemplates™
•Reproducible: Predictable
deployment
•Dynamic: Configuration from
scripts at boot time
•Multi-cloud: Cloud agnostic
and portable
•Modular: Role and behavior
abstracted from cloud
infrastructure
9. # 9
Governance Controls
• Access and security
• Authentication, roles,
permissions
• Umbrella accounts and sharing
• Auditing and logging
• Server logs
• Infrastructure audits and
tracking
• Usage and cost metering
• Cost tracking and quotas
• Real-time run rate projections
10. # 10
Introduction to Logicworks
• Founded in 1993
• Design, build manage, monitor and
maintain mission critical infrastructures
• Work across industry verticals, with SaaS,
Healthcare, Media/Advertising, Financial
Services and startups
• Help our clients win their deals by acting as
infrastructure security experts
• Combine the efficiency and flexibility of
cloud computing with our decades of
experience in complex managed hosting to
identify and design the right hosting
solution for our clients
11. # 11
The Cloud, Your Way: Public. Private. Hybrid
UNCOMPROMISING SUPPORT
PUBLIC CLOUD PRIVATE CLOUD HYBRID CLOUD
Ideal for: Companies that Ideal for: Software, “Own the base, rent the spike”
have computing resource healthcare, financial service,
needs that vary over time and ecommerce companies Ideal for: Companies that want
to leverage cloud efficiency
Flexibility and scalability High availability, and flexibility while protecting
with Logicworks’ performance, compliance sensitive data and proprietary
performance and reliability and redundancy information
Complex Managed Hosting Combines the benefit of
dedicated capacity with
flexible, usage based
consumption
13. # 13
Impact of Compliance
SO WHY ARE YOU
Compliance impacts
ON THIS CALL?
businesses differently
• Range of compliance needs
Drivers to compliance
are different • Audit questions for
applications and internal
processes
• Necessary documentation
• Best practices
14. # 14
Compliance is Always Changing
A RECENT EXAMPLE OF ONE OF OUR
CLIENTS WHAT DRIVES
COMPLIANT
INFRASTRUCTURE?
Illustrative of how compliance
requirements are ever changing • Ability to keep and grow your
client base
SaaS company delivering service to
financial institutions • Avoiding potentially heavy fines
• Just having sound security
2011: 8 areas required attention
practices to protect
your customer‘s and
2012: 87 areas required attention your business’s IP
15. # 15
What It Takes to Be Compliant
ACCORDING TO PCI COMPLIANCE AND HIPAA STANDARDS THERE ARE MANY
CATEGORIES THAT MUST BE MET TO ACHIEVE COMPLIANCE
Build and maintain secure Implement strong access
client and administrative networks control measures
Regularly monitor and test
Protect cardholder data and
networks
Personal Health Information
Maintain an information
Develop and maintain a security policy
vulnerability management
program Background checks on
employees
16. # 16
Compliance Use Case: Background
Presently using AWS public cloud for non-compliant
and less secure apps
Secure computing is done in-house
Wanted convenience and cost benefits of cloud:
• Internal IT needed a solution that satisfied their
business and legal stakeholders
• Protects company against fines from HIPAA
• Loss of IP
• Damage to reputation
21. # 21
Key Partnerships for Added Security
LW PARTNERS WITH VASCO FOR MULTI-FACTOR AUTHENTICATION WHICH IS A
CRITICAL PART OF MAINTAINING TRUE SECURITY THROUGH:
Providing unique identifier for each admin
Ensuring lost password, user name doesn’t
compromise security
Randomly generated user token, used in
combination with other credentials
22. # 22
Best Practice for Compliance
LOGICWORKS IMPLEMENTS COMPLIANCE BEST PRACTICES COMBINED INTO INTERFACE
WITH MANAGEMENT CAPABILITIES:
Network segregation Utilizing industry best
practices
Use of DMZ and role based Proactive in how we do
access controls learning around potential
violations around network
Management checks and
configuration
balances
• To ensure no changes
Strict user verifications on all
occur without management
changes
of client and Logicworks
approval
23. # 23
Incorporating RightScale
RIGHTSCALE PLAYS A KEY ROLE IN ACHIEVING BOTH CONVENIENCE AND COMPLIANCE
BY:
Deploying standardized Track and audit templates
VMs with non-compliant
and compliant templates Provides auditors and
operations the ability to
• AWS for noncompliant have an audit trail for
templates compliance
• Logicworks private
cloud for compliant
templates
24. # 24
Solution Summary of Use Case
LOGICWORKS WAS ABLE TO DELIVER A SOLUTION THAT SATISFIED
ALL THE STAKEHOLDERS:
Business users were able to build and deploy applications
quickly, easily and cost effectively
Technical teams were not constantly responding to
“rush” requests
Security teams no longer had to expend extra resources
doing internal audits and creating excessive documentation
Legal was satisfied that they had sufficiently mitigated
corporate risk
25. # 25
Compliance is More Than Technology
JUST AS IMPORTANT ARE THE PROCESSES WE MUST IMPLEMENT
TO ENSURE THAT WE PASS AUDITS FROM BOTH REPORTING OF OUR PRACTICES AND
THE DOCUMENTATION PERSPECTIVES:
Logicworks process for additions, moves and changes
Higher frequency of infrastructure and scanning for rogue
devices, appropriate firewall rules and any other obvious
points of intrusion into the system to better protect critical
data
How data is stored and, when necessary, destroyed
Data restoration
26. # 26
Compliance & Security: A Partnership
WHILE LOGICWORKS AND OUR PARTNERS CAN DELIVER A SECURE
AND COMPLAINT SOLUTION, AS WE HAVE DISCUSSED, TRUE COMPLIANCE AND REAL
SECURITY ARE THE RESULT OF ALL PARTIES FOLLOWING BEST PRACTICES
AND GUIDELINES:
Logicworks regularly assists Compliance is a team effort
our clients by providing and Logicworks, RightScale
information to help them and our other partners are
meet their compliance audits there to assist in helping
to support PCI, HIPAA and businesses achieve whatever
SSAE16 compliance standards that they must meet
Business Associates Agreement
27. # 27
Q&A and Resources
• Contact RightScale:
More Info:
1.866.720.0208 Sign up for RightScale Free Edition:
RightScale.com/free
sales@rightscale.com Whitepapers:
@rightscale RightScale.com/whitepapers
Webinar archives:
RightScale.com/webinars
• Contact Logicworks:
866-FOR-LOGIC
www.logicworks.net
@logicworks
Individual graphs only work for so many servers, they also don’t show what is happening as an aggregate Stacked graphs stack the contribution of each server on top of one another Walk through what the graph shows