best practice public cloud security
TRANSCRIPT
Cloudsecurityispartofyourwidersecuritystrategy
DATACENTERASASERVICE
COLOCATION CLOUDCOMPUTING
INFRASTRUCTUREASASERVICE
MANAGEDSERVICES
GLOBALFACILITIES
2
DatapipeAccessControlModuleforAWS(DACMA)
• ClientsretainownershipoftheirAWSrootaccountcredentials
• DoesnotrequireDatapipeaccesstotheclientaccountkeys
• Providesanadditionalsecuritylayerforenterpriseclients
• RequiresnoextrastepsoncesetupandreducestheriskofdisruptionofserviceordatabreachduetounauthorizedaccessofanAWSenvironmentfromsupportpersonnel
5
HowDACMAworks
6
BrowserorApplication
DATAPIPE
1UseraccessesCMS
DatapipeCloudManagementSystem(CMS)
Signinwithtoken
SSO 2
AWSPLATFORM
DatapipeAWSAccount
EmployeeIAM EmployeeIAM…
EmployeeIAM
DatapipeRole
AWSManagementConsole
5
KeyVaultTokenSeeds APIKeys
Retrieve AWSlogindata
4
“Client”AWSAccount
STS
5
5
6
LDAP
Retrievedepartmentattributes
3
DatapipeSupportPersonnelAWSrolebasedpermissionspassedviaLDAP
Governance:SystemLifecycle
Monitoring/Queuing Event
Auto Scaling
Server Images
New Instance
Code Repository
Elastic LoadBalancer
Configuration Management
Web Zone
Security Console
Role Registration
Policy Maintainer
11
• Securitycontroldeploymentintegrateddirectly intothesystemlifecycle
• Appropriatecontrolsautomaticallydeployedduringserverpersonalizationprocess
• Puppet,user-data,customservertemplatesallusedinconjunctiontofacilitatedynamicsystemdeployments
Completeendtoendassessmentandmanagement
Datapipe Security Controls
Physical Controls
Technical Controls
Administrative Controls
Andacompletesetofcomplianceservices
• Industry-leadingcompliantsolutions optimizedfor:
• WegobeyondtherequirementsdictatedbyHIPAA,PCIDSS,SOXandFISMA
• Ourgoalistoensureacontinuous compliance record thatreaffirmsthesecurityandintegrityofyourorganization
• Ourstaffarehighlyskilledwithindustrysecuritycertificationsincluding:CISSP,CISA,CISM,CCSK,MCSE:Security,PCIISA,C|EH,C|CISO,ISO27001LeadAuditor,andSecurity+Certifications
11
HEALTHCARE E-COMMERCE GOVERNMENT FINANCIALSERVICES
Mitigatetheriskinvolvedwithhybriddeployments
1. Securitymanagementbycloudsecurityexperts2. Securitybestpracticesdeployedtoreducerisk3. Securityintegrationwiththesystemlifecycle4. Innovationwithinthecloudsecurityarena
12