Businesses who want to stay ahead of the curve and achieve maximum efficiency and consistency are adopting cloud infrastructure. Keeping up with dynamic cloud environments, achieving scalable, automated, flexible, and secure cloud infrastructures means increased business agility. But how can you manage security as you migrate to cloud infrastructures?
Join Rishi Vaish, VP of Product at RightScale & Amrit Williams, CTO at CloudPassage as they discuss:
Recent findings from RightScale's State of the Cloud survey
Why hybrid cloud is the standard of choice
3 strategies for existing cloud server workloads
Benefits and security challenges of migrating to cloud infrastructures
Choosing a hybrid strategy - management and security practices to get the utmost resource flexibility
2. Agenda & Speakers
ÂŽ
Rishi Vaish
VP of Product
Amrit Williams
CTO
⢠RightScaleâs State of the Cloud
survey
⢠Why hybrid cloud is the standard of
choice
⢠3 strategies for existing cloud server
workloads
⢠Benefits and security challenges of
migrating to cloud infrastructures
⢠Choosing a hybrid strategy
12. Segment Your App Portfolio
⢠Web architecture
⢠Elastic design
⢠Monolithic
⢠Legacy
⢠Traditional vendors
Cloud-Ready
⢠Greenfield
⢠Designed for cloud
Elastic Web
Traditional
14. Best Practice 3; Consider portability
Best Practice:
Plan for
Portability
15. ⢠Lifecycle-based multi-cloud deployment
⢠Dev vs. Test vs. Staging vs. Prod
⢠New (Unpredictable) vs. Mature (Steady-State)
⢠Disaster Recovery
⢠Private for primary, Public for backup
⢠Geographic Reach
⢠Use clouds in different geographies
⢠Arbitrage costs
⢠Leverage different clouds based on costs
⢠Cloudbursting
⢠Base capacity in private, burst to public
Why Portability?
14
19. Place Cloud Beginners Cloud Focused
#1 Security (31%) Compliance (18%)
#2 Compliance (30%) Cost (17%)
#3 Managing multiple cloud
services (28%)
Performance (15%)
#4 Integration to internal
systems (28%)
Managing multiple cloud
services (13%)
#5 Governance/Control (26%) Security (13%)
Top 5 Challenges Change with Maturity
Top 5 Challenges Change with Cloud Maturity
Source: RightScale 2014 State of the Cloud Report
20. What makes cloud infrastructure great also breaks
existing security approaches
19
Virtualized networks
New topologies
Highly Portable
Highly dynamic
Shared infrastructure
These cloud âprosâ
become security âconsâ
21. The days of simple infrastructure securityâŚ
20
23. The problem becomes more challenging in multi-
cloud environments
22
Cloud Provider A
Cloud Provider B
Private Datacenter
www-
4
!
www-
5
!
www-
6
!
www-
7
!
www-
8
!
www-
9
!
www-10
!
www-
7
!
www-
8
!
www-
9
!
www-10
!
www-1 www-2 www-3 www-4
Workloads become highly transient
across multiple cloud environments.
ww
w-4
ww
w-4
ww
w-4
ww
w-4
24. Traditional Security Solutions BreakâŚ
23
Endpoint Security
⢠Resource intensive
⢠Licensing models
⢠Do not work across disparate cloud environments
Virtual Appliances
⢠No hardware acceleration
⢠No gateway to deploy against
⢠Do not well work across disparate cloud environments
Hypervisor Security
⢠Affects density of virtualized environments
⢠Limited visibility into workloads themselves
⢠Cannot deploy into public cloud infrastructures
25. Cloud Security Responsibility Has Added More
Complexity
24
Customer
Responsibility
Provider
Responsibili
ty
Physical Facilities
Compute & Storage
Shared Network
Hypervisor
Virtual Machine
Data
App Code
App Framework
Operating System
ââŚthe customer should assume responsibility
and management of, but not limited to, the
guest operating system.. and associated
application software...â
âit is possible for customers to enhance security
and/or meet more stringent compliance
requirements with the addition of⌠host
based firewalls, host based intrusion
detection/prevention, encryption and key
management.â
Amazon Web Services: Overview of Security
Processes
Shared Responsibility Model
26. Addressing security & compliance needs as
infrastructure models migrate to cloud
25
⢠Strong access control
â User-auditing, privilege access monitoring,
multi-factor authentication, device
verification, etcâŚ
⢠Exposure management
â Vulnerability assessment, configuration
security monitoring, file integrity monitoring,
etcâŚ
⢠Compromise prevention
â Firewall management, application
whitelisting, intrusion detection /
prevention, data leak prevention, etc.
⢠Security & compliance intelligence,
adherence to corporate policies
â Reporting and analytics, auditing, and
standardized policy implementation, etc.
Needs Havenât Changed
⢠Must work anywhere
â Traditional environments, public cloud
infrastructures, private cloud
infrastructures and hybrid cloud
environments
⢠Diminished to no visibility and control
â Underlying security and control
maintained by the infrastructure provider
⢠Hardware device limitations
â Traditional network appliance or security
approaches that leverage underlying
hardware are not effective or appropriate
⢠Dramatically higher rate of code &
infrastructure change
â Highly transient workloads often in a
Delivery Parameters Have
27. CloudPassage Halo
26
⢠Highly automated security &
compliance platform
⢠Builds security directly into
compute workloads
⢠Secures any compute
workloads, at any scale
⢠Supports any cloud or
datacenter environment
⢠SaaS delivery model
28. Halo secure workloads anywhere at any scale and
extends existing security investments
27
Halo API
Halo Portal
29. #28#
#rightscale
Q & A and Resources
Start a Free Trial of Halo
CloudPassage.com/halo
Access the 2014 State of the Cloud Report:
RightScale.com/lp/2014-state-of-the-cloud-report
Check out our blogs
blog.cloudpassage.com
blog.rightscale.com
ÂŽ
Hinweis der Redaktion
A good place to start is by placing your app portfolio into broad categories
The first is cloud native. These are applications that are designed with cloud in mind. You may have some existing applications like this in your portfolio, but you should definitely be adopting cloud-ready architectures for any new applications you create. These are âno brainersâ for putting on cloud.
The second is elastic web. These are applications that have been build with elastic web architectures, for example, your common 3 tier web apps with web server, app server and DB. There may be some refactoring required, but these are good potential candidates for cloud.
The third category includes your traditional legacy applications that may include specialty, proprietary technology and are not designed to scale. These may require more significant rework â so you want to make sure that you will get significant business value from moving them to the cloud
RightScale has taken cloud management to the next level with a new category that we call cloud portfolio management. Or CPM
The RightScale product suite includes two products â Cloud Management and Cloud Analytics.
Cloud Management provides deployment and management of applications for your technical teams.
Cloud Analytics helps technical, business and financial users visualize and optimize cloud costs
We are introducing a new module to our suite or products, Self-Service, which provides governed, curated and simplified on-demand access to complex application stacks to your IT end users through a Service Catalog.
Together, these products help you manage, govern and optimize your applications across your entire cloud portfolio â public, private or virtualized.