rightscale webinar: security and compliance in the cloud

Download RightScale Webinar: Security and Compliance in the Cloud

Post on 20-Aug-2015




3 download

Embed Size (px)


  2. 2. Bart Falzarano Director of Security & Compliance, RightScale Roberto Monge Cloud Solutions Engineer, RightScale Q&A Steve Kochenderfer Sales Development Representative, RightScale Please use the Questions window to ask questions at any time Your Panel Today
  3. 3. Data Breaches/Security Threats Evaluating Security of IaaS providers Addressing Security Gaps with Vanilla/Out-of-the-Box Cloud Infrastructure Live Demo of the RightScale Approach Q & A Agenda
  4. 4. Data Breaches Occur Everywhere http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  5. 5. Data Breaches -Misconfigurations/Improper Design Data Loss -Cloud Provider suffers Data loss or Customer loses encryption keys Account Hijacking -Phishing, Cross-Site Scripting XSS bugs Secret keys sniffed on the network or stored on Laptops/Desktops Denial of Service DoS & DDoS attacks Malicious Insiders Abuse of Cloud Services -Use array of servers to stage DDoS, crack encryption keys, distribute malware Most Threats are Not Cloud Specific
  6. 6. Evaluating the Security of IaaS Cloud Providers Cloud Provider PCIDSS1 HIPAA SSAE16 ISO27001 CSA FedRAMP Additional certifications, notes, and references SOC1 SOC2 SOC 3 Amazon AWS ITAR, FIPS140-2, DIACAP, FISMA Amazon AWS GovCloud (US) environment FedRAMP issued for both AWS GovCloud (US) and AWS US East/West regions For complete scope reference: http://aws.amazon.com/compliance/ Microsoft Windows Azure - - CSA CCM audit completed as part of their SOC2 assessment For complete scope reference: http://www.windowsazure.com/en-us/support/trust-center/compliance/ Rackspace - - - Safe Harbor Certified EU Directive 95/46/EC on the protection of personal data SOC2 -Security and Availability Only For complete scope reference: http://www.rackspace.com/about/whyrackspace/ Google Compute Engine - - - Data is encrypted on local ephemeral disk and persistent disk. All data written to disk in Compute Engine is encrypted at rest using the AES-128-CBC algorithm For complete scope reference: https://cloud.google.com/products/compute-engine/
  7. 7. Public Clouds Expand Security Capabilities Network Security Secure access with SSL VPC and ingress/egress firewalls Private subnets w/VPC & IPSEC VPN Dedicated connections (Direct Connect), Separate Regions (GovCloud) Data Security Advanced Encryption Standard (AES) 256, a secure symmetric-key encryption standard using 256-bit encryption keys AWS: HSM to manage keys Google: Encrypts data at rest Role-Based Access Control & MFA Process Security Strong physical security controls Self-service provisioning and automation to avoid human errors Deep security expertise at cloud providers Support for customer penetration testing Network monitoring and protection
  8. 8. Place Cloud Beginners Cloud Focused #1 Security (31%) Compliance (18%) #2 Compliance (30%) Cost (17%) #3 Managing multiple cloud services (28%) Performance (15%) #4 Integration to internal systems (28%) Managing multiple cloud services (13%) #5 Governance/Control (26%) Security (13%) Experience in the Cloud Changes Issues Top 5 Challenges Change with Cloud Maturity Source: RightScale 2014 State of the Cloud Report
  9. 9. Enterprises Choosing Multi-Cloud Single private 9% Single public 13% No plans 4% Multiple private 11% Multiple public 15% Hybrid cloud 48% 74% Enterprise Cloud Strategy 1000+ employees Multi-Cloud 74% Source: RightScale 2014 State of the Cloud Report
  10. 10. Application Portfolio Requirements Filters Resource Pools App 1 App 2 App 3 Performance Cost Compliance Geo-location Security Multi-Cloud is an Enterprise Reality App N Hosted Private Public Cloud 2 Public Cloud 1 Vendors Existing DC App 4 App 5 Internal Private Virtualized App 1 App 2 App 3 App 4 App 5 App 6 App 7
  11. 11. Cloud Management & API differences across cloud providers Identity & Access Management / Access Control Change & Configuration Management Network & Data Security Business Continuity Planning/ Disaster Recovery Monitoring/Alerting Incident Response and Assessment Audit and Compliance Security Gaps Remain
  12. 12. How RightScale Addresses The Gaps Standardize & Automate Baseline Security / Standardized configurations, track versions, automate patching, monitoring, alerting, etc. Multi-Cloud Govern many clouds with a single pane of glass Outage-Proof & DR Ensure applications stay up during cloud or data center outages Audit & Compliance Maintain a complete audit trail and comply with regulations Network & Data Security Manage cloud network configurations and encrypt data Access Control Integrate to SSO and control access to cloud credentials
  13. 13. Decentralized Cloud Management
  14. 14. Be Ready To Manage a Portfolio of Clouds Your Cloud Portfolio Self-Service Cloud AnalyticsCloud Management Manage Govern Optimize RightScale Cloud Portfolio Management Public Clouds Private Clouds Virtualized Environments
  15. 15. Single pane of glass o Deep integration to public and private cloud providers o Elevates: Configurations APIs Automation behaviors Access control Billing and governance o Deploy to clouds and virtualized environment o Move between clouds and virtualized Manage Public, Private and Virtualized On-premises Private Clouds RightScale Cloud Portfolio Management Corporate Firewall RightScale Cloud Appliance for vSphere vCenter Server ESXi VMware vSphere Public Clouds Egress only option
  16. 16. Robust Governance API or GUI account provisioning Temporary users SSO integration SAML or OpenID Role based access control Hierarchical organization of accounts Limit access to cloud credentials Cloud resources isolated per account Control Enterprise Access
  17. 17. Enforce Policies o Pre-defined stacks to meet corporate standards o Configured to your security requirements o Define which clouds can be used o Control user options and choices o Control costs through quotas From Rogue to Policy-Based Cloud Usage
  18. 18. Enforce standards o Automate provisioning and configuration across clouds o Version-controlled o Follow standards for versions, patches and configuration o Leverage a variety of scripting languages Standardize with ServerTemplates http://www.rightscale.com/blog/cloud-management-best-practices/rightscale-servertemplates-explained
  19. 19. Enforce standards o Modular building block approach to managing and securing server configurations o Automate baseline security settings / system hardening configurations o Version-controlled / Anti- tamper o Perform system and security configuration audits Enforce Security Configuration Baselines with ServerTemplates
  20. 20. Repeatability and Consistency RightScale Solution Scalable campaigns on tight deadlines Clone-able, customizable environments Deliver SLAs during huge traffic spikes Control infrastructure costs for clientsIncrease Investment Flexibility Reduce Risk Improve IT Efficiency
  21. 21. Monitor, Alert, Automate o Application, cluster and server-level monitoring o 80 built-in server, volume, database, and application monitors. o Assign alerts to any metric. o Customize escalations o Trigger automated scaling, operational scripts, and notifications o Create self-healing servers and deployments Keep Tabs on All Cloud Resources in One Place
  22. 22. Ensure compliance o See who changed what and when o Provide audit logs and reports to satisfy regulators o Available via API to integrate with other systems Gain Visibility with Audit Trails
  23. 23. Intimately Understand your Cloud Spend o Quickly identify & diagnose spikes in activity o Visibility by project & user o Planning and forecasting o Budgets and cost controls o Allocations o Chargeback and showback o Optimize spend Maintain a Pulse on your Cloud Costs
  24. 24. Secure Cloud with Network Manager Clouds Networks Instances Subnets IP Address Bindings Security Groups Network ACLs Routing Tables IP Addresses Abstract Network Security o Manage network configuration across clouds VPCs Subnets Security groups Network gateways o Maintain ability to leverage cloud-specific features o Control permissions and audit changes to network configuration o API and UI access
  25. 25. Visualize Security o Visualize and audit network configuration parameters o Understand which deployments and security groups have which ports open to which IP addresses View Network Security in Context
  26. 26. Protect Confidential Information RightScale Solution Protect PII Deliver visibility & governance Optimize lifecycle automation RightScale gives us visibility. It helped us develop trust with security, finance, development and management. -John Fitch Accelerate Application Delivery Reduce Risk
  27. 27. Data Residency with a Global Cloud Platform
  28. 28. Outage-Proof with Independent Control Plane Replicate > < Failover> < Failover> Your Public Cloud A RightScale Primary RightScale Backup Your Public Cloud B Your Private Cloud RightScale UI RightScale API User BUser A User C Globally Hosted Scalable Resilient SaaS Platform Your Cloud Applications Secure authentication and communication
  29. 29. DEMO
  30. 30. Security Lifecycle Assess/Desi gn Set Policies & Controls/ Implement Monitor & Enforce/ Sustain Measure / Evaluate Security Development Life Cycle
  31. 31. o U.S.-EU Safe Harbor Framework o U.S.-Swiss Safe Harbor Framework o SSAE16 SOC1Type II & SOC2 Type II (in process) RightScale Certifications
  32. 32. Next Steps and Q&A Talk to us today about your requirements: +1 888-989-1856 Learn more request more info: RightScale Security White Paper