Compliance in the Cloud September 27, 2012

Watch the video of this webinar

# 2

Your Panel Today

Presenting:•Hunter Williams, Business Development, RightScale•Paul Jacoby, Vice President, Client Services, Logicworks•Kyle Hultman, Senior Solutions Architect, Logicworks

Q&A:David Manriquez, Account Manager, RightScale

Please use the “Questions” window to ask questions any time!

# 3

Agenda for Today• Why cloud management?• Compliance in the context of Web Infrastructure• Use Case Highlights:

o Business challengeo Private Cloudo Security overlayo RightScale incorporation

• Compliance is more than just security

Please use the “Questions” window to ask questions any time!

# 4

Why Cloud Management?

Abstraction with CustomizationComplete customization without the hassle

Tap into Cloud ExpertiseExperienced architects and support teams

Automation is the CoreMassively scalable and super agile applications

Choose Your Own CloudsVendor freedom across hardware and software

Visibility and ControlOne place to manage your infrastructure

# 5

RightScale Pioneered Cloud Management

# 6

RightScale Cloud Management

MultiCloud PlatformManage public, private, and hybrid

clouds

Configuration FrameworkProvision servers and execute scripts

with consistency

Automation EngineMonitor, alert, auto-scale, and

automate operations

MultiCloud Marketplace™Access cloud-ready, customizable

ServerTemplates™

Governance ControlsControl access and security, track

usage, and access logs

# 7

Automation Engine

• Monitoring and alerting

• Server and application

• Escalations and triggers

• Auto-scaling

• Operational automation

• Database backup, failover, recovery

• Script execution

• Code deploys and patches

Requests per second

Requests per second

Each color band is for1 server

Each color band is for1 server

Looks like load is evenly distributed across 6 of 8 serversLooks like load is evenly distributed across 6 of 8 servers

# 8

RightScale ServerTemplates™

•Reproducible: Predictable deployment

•Dynamic: Configuration from scripts at boot time

•Multi-cloud: Cloud agnostic and portable

•Modular: Role and behavior abstracted from cloud infrastructure

Configuration Framework

# 9

Governance Controls

• Access and security

• Authentication, roles, permissions

• Umbrella accounts and sharing

• Auditing and logging

• Server logs

• Infrastructure audits and tracking

• Usage and cost metering

• Cost tracking and quotas

• Real-time run rate projections

# 10

Introduction to Logicworks• Founded in 1993• Design, build manage, monitor and

maintain mission critical infrastructures• Work across industry verticals, with SaaS,

Healthcare, Media/Advertising, Financial Services and startups

• Help our clients win their deals by acting as infrastructure security experts

• Combine the efficiency and flexibility of cloud computing with our decades of experience in complex managed hosting to identify and design the right hosting solution for our clients

# 11

The Cloud, Your Way: Public. Private. Hybrid

PUBLIC CLOUD

Ideal for: Companies that have computing resource needs that vary over time

Flexibility and scalability with Logicworks’ performance and reliability

PRIVATE CLOUD

Ideal for: Software, healthcare, financial service, and ecommerce companies

High availability, performance, compliance and redundancy

Complex Managed Hosting

HYBRID CLOUD

“Own the base, rent the spike”

Ideal for: Companies that want to leverage cloud efficiency and flexibility while protecting sensitive data and proprietary information

Combines the benefit of dedicated capacity with flexible, usage based consumption

UNCOMPROMISING SUPPORT

# 12

How Logicworks Differentiates Itself

# 13

Impact of Compliance

Compliance impacts businesses differently

Drivers to compliance are different

• Range of compliance needs

• Audit questions for applications and internal processes

• Necessary documentation

• Best practices

SO WHY ARE YOU ON THIS CALL?

# 14

Compliance is Always Changing

Illustrative of how compliance requirements are ever changing • Ability to keep and grow your

client base

• Avoiding potentially heavy fines • Just having sound security practices to protect your customer‘s and your business’s IP

WHAT DRIVES COMPLIANT INFRASTRUCTURE?

A RECENT EXAMPLE OF ONE OF OUR CLIENTS

SaaS company delivering service to financial institutions

2011: 8 areas required attention

2012: 87 areas required attention

# 15

What It Takes to Be Compliant

Build and maintain secure client and administrative networks

ACCORDING TO PCI COMPLIANCE AND HIPAA STANDARDS THERE ARE MANY CATEGORIES THAT MUST BE MET TO ACHIEVE COMPLIANCE

Implement strong access control measures

Protect cardholder data and Personal Health Information

Develop and maintain a vulnerability management program

Regularly monitor and test networks

Maintain an information security policy

Background checks on employees

# 16

Compliance Use Case: Background Presently using AWS public cloud for non-compliant

and less secure apps

Secure computing is done in-house

Wanted convenience and cost benefits of cloud:• Internal IT needed a solution that satisfied their

business and legal stakeholders• Protects company against fines from HIPAA• Loss of IP• Damage to reputation

# 17

# 18

# 19

# 20

# 21

Key Partnerships for Added Security

Providing unique identifier for each admin

Ensuring lost password, user name doesn’t compromise security

Randomly generated user token, used in combination with other credentials

LW PARTNERS WITH VASCO FOR MULTI-FACTOR AUTHENTICATION WHICH IS A CRITICAL PART OF MAINTAINING TRUE SECURITY THROUGH:

# 22

Best Practice for Compliance

Network segregation

LOGICWORKS IMPLEMENTS COMPLIANCE BEST PRACTICES COMBINED INTO INTERFACE WITH MANAGEMENT CAPABILITIES:

Utilizing industry best practices

Use of DMZ and role based access controls

Management checks and balances • To ensure no changes

occur without management of client and Logicworks approval

Proactive in how we do learning around potential violations around network configuration

Strict user verifications on all changes

# 23

Incorporating RightScale

Deploying standardized VMs with non-compliant and compliant templates

• AWS for noncompliant templates

• Logicworks private cloud for compliant templates

RIGHTSCALE PLAYS A KEY ROLE IN ACHIEVING BOTH CONVENIENCE AND COMPLIANCE BY:

Track and audit templates

Provides auditors and operations the ability to have an audit trail for compliance

# 24

Solution Summary of Use Case

Business users were able to build and deploy applications quickly, easily and cost effectively

Technical teams were not constantly responding to “rush” requests

Security teams no longer had to expend extra resources doing internal audits and creating excessive documentation

Legal was satisfied that they had sufficiently mitigated corporate risk

LOGICWORKS WAS ABLE TO DELIVER A SOLUTION THAT SATISFIED ALL THE STAKEHOLDERS:

# 25

Compliance is More Than Technology

Logicworks process for additions, moves and changes

JUST AS IMPORTANT ARE THE PROCESSES WE MUST IMPLEMENT TO ENSURE THAT WE PASS AUDITS FROM BOTH REPORTING OF OUR PRACTICES AND THE DOCUMENTATION PERSPECTIVES:

Higher frequency of infrastructure and scanning for rogue devices, appropriate firewall rules and any other obvious points of intrusion into the system to better protect critical data

How data is stored and, when necessary, destroyed

Data restoration

# 26

Compliance & Security: A Partnership

Logicworks regularly assists our clients by providing information to help them meet their compliance audits to support PCI, HIPAA and SSAE16 compliance

WHILE LOGICWORKS AND OUR PARTNERS CAN DELIVER A SECURE AND COMPLAINT SOLUTION, AS WE HAVE DISCUSSED, TRUE COMPLIANCE AND REAL SECURITY ARE THE RESULT OF ALL PARTIES FOLLOWING BEST PRACTICES AND GUIDELINES:

Compliance is a team effort and Logicworks, RightScale and our other partners arethere to assist in helping businesses achieve whatever standards that they must meet

Business Associates Agreement

# 27

Q&A and Resources• Contact RightScale:

1.866.720.0208 sales@rightscale.com

@rightscale

• Contact Logicworks:866-FOR-LOGIC www.logicworks.net@logicworks

More Info:Sign up for RightScale Free Edition: RightScale.com/freeWhitepapers:

RightScale.com/whitepapersWebinar archives:

RightScale.com/webinars