rightscale webinar: compliance in the cloud

Download RightScale Webinar: Compliance in the Cloud

Post on 20-Aug-2015




2 download

Embed Size (px)


  1. 1. Compliance in the Cloud September 27, 2012 Watch the video of this webinar
  2. 2. # 2Your Panel TodayPresenting:Hunter Williams, Business Development, RightScalePaul Jacoby, Vice President, Client Services, LogicworksKyle Hultman, Senior Solutions Architect, LogicworksQ&A:David Manriquez, Account Manager, RightScale Please use the Questions window to ask questions any time!
  3. 3. # 3Agenda for Today Why cloud management? Compliance in the context of Web Infrastructure Use Case Highlights:oBusiness challengeoPrivate CloudoSecurity overlayoRightScale incorporation Compliance is more than just securityPlease use the Questions window to ask questions any time!
  4. 4. # 4Why Cloud Management?Abstraction withVisibility andCustomization ControlComplete customizationOne place to managewithout the hassleyour infrastructureChoose Your Own Automation is theCloudsCoreVendor freedom across Massively scalable andhardware and software super agile applicationsTap into CloudExpertiseExperienced architectsand support teams
  5. 5. # 5RightScale Pioneered Cloud Management
  6. 6. # 6RightScale Cloud Management Governance ControlsAutomation Engine Control access and security, track Monitor, alert, auto-scale, and usage, and access logs automate operations MultiCloud MarketplaceConfiguration Framework Access cloud-ready, customizableProvision servers and execute scripts ServerTemplates with consistency MultiCloud PlatformManage public, private, and hybridclouds
  7. 7. # 7Automation EngineRequests per Requests persecondsecond Each color band is isMonitoring and alerting Each color bandfor1 serverfor1 server Server and application Escalations and triggers Auto-scalingLooks like load is is evenly distributed across 6 of 8 servers Looks like load evenly distributed across 6 of 8 servers Operational automation Database backup, failover, recovery Script execution Code deploys and patches
  8. 8. # 8Configuration FrameworkRightScale ServerTemplatesReproducible: PredictabledeploymentDynamic: Configuration fromscripts at boot timeMulti-cloud: Cloud agnosticand portableModular: Role and behaviorabstracted from cloudinfrastructure
  9. 9. # 9Governance Controls Access and security Authentication, roles, permissions Umbrella accounts and sharing Auditing and logging Server logs Infrastructure audits and tracking Usage and cost metering Cost tracking and quotas Real-time run rate projections
  10. 10. # 10Introduction to Logicworks Founded in 1993 Design, build manage, monitor and maintain mission critical infrastructures Work across industry verticals, with SaaS, Healthcare, Media/Advertising, Financial Services and startups Help our clients win their deals by acting as infrastructure security experts Combine the efficiency and flexibility of cloud computing with our decades of experience in complex managed hosting to identify and design the right hosting solution for our clients
  11. 11. # 11The Cloud, Your Way: Public. Private. HybridUNCOMPROMISING SUPPORT PUBLIC CLOUDPRIVATE CLOUD HYBRID CLOUD Ideal for: Companies that Ideal for: Software, Own the base, rent the spikehave computing resource healthcare, financial service,needs that vary over time and ecommerce companies Ideal for: Companies that want to leverage cloud efficiency Flexibility and scalability High availability, and flexibility while protectingwith Logicworksperformance, compliancesensitive data and proprietaryperformance and reliability and redundancy information Complex Managed Hosting Combines the benefit of dedicated capacity with flexible, usage based consumption
  12. 12. # 12How Logicworks Differentiates Itself
  13. 13. # 13Impact of ComplianceSO WHY ARE YOUCompliance impactsON THIS CALL?businesses differently Range of compliance needsDrivers to complianceare different Audit questions forapplications and internalprocesses Necessary documentation Best practices
  14. 14. # 14Compliance is Always ChangingA RECENT EXAMPLE OF ONE OF OURCLIENTS WHAT DRIVESCOMPLIANTINFRASTRUCTURE?Illustrative of how compliancerequirements are ever changing Ability to keep and grow yourclient baseSaaS company delivering service tofinancial institutions Avoiding potentially heavy fines Just having sound security2011: 8 areas required attentionpractices to protectyour customers and2012: 87 areas required attention your businesss IP
  15. 15. # 15What It Takes to Be CompliantACCORDING TO PCI COMPLIANCE AND HIPAA STANDARDS THERE ARE MANYCATEGORIES THAT MUST BE MET TO ACHIEVE COMPLIANCEBuild and maintain secureImplement strong accessclient and administrative networks control measures Regularly monitor and testProtect cardholder data and networksPersonal Health Information Maintain an informationDevelop and maintain a security policyvulnerability managementprogramBackground checks on employees
  16. 16. # 16Compliance Use Case: Background Presently using AWS public cloud for non-compliantand less secure apps Secure computing is done in-house Wanted convenience and cost benefits of cloud: Internal IT needed a solution that satisfied theirbusiness and legal stakeholders Protects company against fines from HIPAA Loss of IP Damage to reputation
  17. 17. # 17
  18. 18. # 18
  19. 19. # 19
  20. 20. # 20
  21. 21. # 21Key Partnerships for Added SecurityLW PARTNERS WITH VASCO FOR MULTI-FACTOR AUTHENTICATION WHICH IS ACRITICAL PART OF MAINTAINING TRUE SECURITY THROUGH: Providing unique identifier for each admin Ensuring lost password, user name doesnt compromise security Randomly generated user token, used in combination with other credentials
  22. 22. # 22Best Practice for ComplianceLOGICWORKS IMPLEMENTS COMPLIANCE BEST PRACTICES COMBINED INTO INTERFACEWITH MANAGEMENT CAPABILITIES:Network segregationUtilizing industry best practicesUse of DMZ and role basedProactive in how we doaccess controlslearning around potential violations around networkManagement checks and configurationbalances To ensure no changes Strict user verifications on all occur without management changes of client and Logicworks approval
  23. 23. # 23Incorporating RightScaleRIGHTSCALE PLAYS A KEY ROLE IN ACHIEVING BOTH CONVENIENCE AND COMPLIANCEBY:Deploying standardizedTrack and audit templatesVMs with non-compliantand compliant templates Provides auditors andoperations the ability to AWS for noncomplianthave an audit trail for templatescompliance Logicworks private cloud for compliant templates
  24. 24. # 24Solution Summary of Use CaseLOGICWORKS WAS ABLE TO DELIVER A SOLUTION THAT SATISFIEDALL THE STAKEHOLDERS: Business users were able to build and deploy applicationsquickly, easily and cost effectively Technical teams were not constantly responding torush requests Security teams no longer had to expend extra resourcesdoing internal audits and creating excessive documentation Legal was satisfied that they had sufficiently mitigatedcorporate risk
  25. 25. # 25Compliance is More Than TechnologyJUST AS IMPORTANT ARE THE PROCESSES WE MUST IMPLEMENTTO ENSURE THAT WE PASS AUDITS FROM BOTH REPORTING OF OUR PRACTICES ANDTHE DOCUMENTATION PERSPECTIVES:Logicworks process for additions, moves and changesHigher frequency of infrastructure and scanning for roguedevices, appropriate firewall rules and any other obviouspoints of intrusion into the system to better protect criticaldataHow data is stored and, when necessary, destroyedData restoration
  26. 26. # 26Compliance & Security: A PartnershipWHILE LOGICWORKS AND OUR PARTNERS CAN DELIVER A SECUREAND COMPLAINT SOLUTION, AS WE HAVE DISCUSSED, TRUE COMPLIANCE AND REALSECURITY ARE THE RESULT OF ALL PARTIES FOLLOWING BEST PRACTICESAND GUIDELINES:Logicworks regularly assists Compliance is a team effortour clients by providing and Logicworks, RightScaleinformation to help them and our other partners aremeet their compliance audits there to assist in helpingto support PCI, HIPAA andbusinesses achieve whateverSSAE16 compliancestandards that they must meetBusiness Associates Agreement
  27. 27. # 27Q&A and Resources Contact RightScale: More Info:1.866.720.0208 Sign up for RightScale Free Edition:RightScale.com/freesales@rightscale.com Whitepapers:@rightscale RightScale.com/whitepapers Webinar archives:RightScale.com/webinars Contact Logicworks:866-FOR-LOGICwww.logicworks.net@logicworks