SlideShare ist ein Scribd-Unternehmen logo

Cloud Passage - Securing Servers in Public & Hybrid Clouds

•Als PPTX, PDF herunterladen•
•
RightScale
RightScale

RightScale Conference Santa Clara 2011: Cloud computing is one of the most disruptive new technologies since the Internet. One of the fastest-growing sectors of cloud computing is infrastructure-as-a-service (IaaS). Cloud-based IaaS offers tremendous scalability, flexibility and speed in deploying information processing compute resources. Security and compliance remain major challenges to adoption of public cloud infrastructure hosting. Technical differences in public cloud environments render many established security models and controls inoperable. In this sesson, Carson Sweet will discuss why security and compliance is different in the cloud, outline a model for securing cloud-based hosting environments and explain best practices for implementing this model.

TechnologieBusiness
1 von 19
Securing Servers in Public & Hybrid Clouds Carson Sweet CEO, CloudPassage Watch the video of this presentation RightScale User Conference © 2011 CloudPassage Inc.
What’s So Different? © 2011 CloudPassage Inc. www.cloudpassage.com
What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 www-4 – Poor configurations were tolerable public cloud © 2011 CloudPassage Inc. www.cloudpassage.com
What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door www-4 public cloud © 2011 CloudPassage Inc. www.cloudpassage.com
What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door • Sprawling, multiplying exposures – Rapidly growing attack surface area – More servers = more vulnerabilities – More servers ≠ more people www-4 www-5 www-6 www-7 www-8 www-9 www-10 public cloud © 2011 CloudPassage Inc. www.cloudpassage.com
What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door • Sprawling, multiplying exposures – Rapidly growing attack surface area – More servers = more vulnerabilities – More servers ≠ more people www-4 www-5 www-6 • Fraudsters target cloud servers www-7 www-8 www-9 www-10 – Softer targets to penetrate – No perimeter defenses to thwart – Elasticity = more botnet to sell public cloud © 2011 CloudPassage Inc. www.cloudpassage.com
Got Cloud Servers? You Are On The Hook! Responsibility Data AWS Shared Responsibility Model Customer “…the customer should assume App Code responsibility and management of, but not limited to, the guest operating system.. and App Framework associated application software...” Operating System “…it is possible for customers to enhance security and/or meet more stringent Virtual Machine Responsibility compliance requirements with the addition of Hypervisor host based firewalls, host based intrusion Provider detection/prevention, encryption and key management.” Compute & Storage Amazon Web Services: Overview of Security Shared Network Processes Physical Facilities © 2011 CloudPassage Inc. www.cloudpassage.com
How To Secure Cloud Servers Servers in hybrid and public clouds must be self- defending with highly automated controls like… Dynamic network Server compromise & access control intrusion alerting Configuration and Server forensics and package security security analytics Server account Integration & automation visibility & control capabilities © 2011 CloudPassage Inc. www.cloudpassage.com
Architectural Challenges • Inconsistent Control (you don’t own everything) – The only thing you can count on is guest VM ownership • Elasticity (not all servers are steady-state) – Cloudbursting, stale servers, dynamic provisioning • Scalability (handle variable workloads) – May have one dev server or 1,000 number-crunchers • Portability (same controls work anywhere) – Nobody wants multiple tools or IaaS provider lock-in © 2011 CloudPassage Inc. www.cloudpassage.com
How We Did It: HaloTM Architecture • Halo Daemon Halo Daemon www-1 – Ultra light-weight software – Installed on server image Halo – Automatically provisioned www-1 • Halo Compute Grid – Elastic compute grid – Hosted by CloudPassage – Does the heavy lifting for the Halo Halo Daemons (95% or more cycles) Compute Grid © 2011 CloudPassage Inc. www.cloudpassage.com
www-1 www-1 Halo Halo Daemon User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Halo Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
www-1 www-1 Halo Policies & Commands User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
www-1 Halo Results & Updates User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
www-1 www-1 Halo State and Event User Portal Analysis CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
www-1 Alerts, Reports www-1 and Trending Halo User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
HaloTM Functional Capabilities Halo is a security Software-as-a-Service providing all you need to secure your cloud servers. Dynamic network Server compromise & access control intrusion alerting Configuration and Halo GhostPorts server package security access control Server account Halo REST API for visibility & control integration & automation © 2011 CloudPassage Inc. www.cloudpassage.com
Portable = “Works Anywhere” Single pane of glass across hosting models • Scales and bursts with dynamic cloud environments • Not dependant on chokepoints, static networks or fixed IPs • Agnostic to cloud provider, hypervisor or hardware © 2011 CloudPassage Inc. www.cloudpassage.com
RightScale Integration • Deployment via RightScript (today) – Extremely easy access to cloud server security – Included in template = automatic security – No other cloud management console can do this • Self-Securing Server Templates (in R&D phase) – CloudPassage IDs exposures & compliance issues – RightScale consumes data, fixes issues via RightScripts – New and existing servers become compliant “on the fly” © 2011 CloudPassage Inc. www.cloudpassage.com
Questions? Comments? Ideas? © 2011 CloudPassage Inc. www.cloudpassage.com

Empfohlen

Tayammum
TayammumTayammum
Tayammumheavnzcharm
 
Aqiqah
Aqiqah Aqiqah
Aqiqah Eva Rosita
 
Angela Brady - Keynote
Angela Brady - KeynoteAngela Brady - Keynote
Angela Brady - KeynoteCivic Agenda
 
Dela u2 act5_el_contrato_y_su_contenido
Dela u2 act5_el_contrato_y_su_contenidoDela u2 act5_el_contrato_y_su_contenido
Dela u2 act5_el_contrato_y_su_contenidoSoporte_Esca_ST
 
Brookfield - White Paper - LGBT Assignees
Brookfield - White Paper - LGBT AssigneesBrookfield - White Paper - LGBT Assignees
Brookfield - White Paper - LGBT Assigneesymcnulty
 
Transforming Xml Data Into Html
Transforming Xml Data Into HtmlTransforming Xml Data Into Html
Transforming Xml Data Into HtmlKarthikeyan Mkr
 
Resume1
Resume1Resume1
Resume1Carrie Carter
 
Sustainable Event Tips
Sustainable Event TipsSustainable Event Tips
Sustainable Event TipsTerra Walker
 

Empfohlen

Tayammum
TayammumTayammum
Tayammumheavnzcharm
 
Aqiqah
Aqiqah Aqiqah
Aqiqah Eva Rosita
 
Angela Brady - Keynote
Angela Brady - KeynoteAngela Brady - Keynote
Angela Brady - KeynoteCivic Agenda
 
Dela u2 act5_el_contrato_y_su_contenido
Dela u2 act5_el_contrato_y_su_contenidoDela u2 act5_el_contrato_y_su_contenido
Dela u2 act5_el_contrato_y_su_contenidoSoporte_Esca_ST
 
Brookfield - White Paper - LGBT Assignees
Brookfield - White Paper - LGBT AssigneesBrookfield - White Paper - LGBT Assignees
Brookfield - White Paper - LGBT Assigneesymcnulty
 
Transforming Xml Data Into Html
Transforming Xml Data Into HtmlTransforming Xml Data Into Html
Transforming Xml Data Into HtmlKarthikeyan Mkr
 
Resume1
Resume1Resume1
Resume1Carrie Carter
 
Sustainable Event Tips
Sustainable Event TipsSustainable Event Tips
Sustainable Event TipsTerra Walker
 
Top100 Brands Single
Top100 Brands SingleTop100 Brands Single
Top100 Brands Singledgamache
 
Q4 2013 jnpr financial results slides 1 23 14
Q4 2013 jnpr financial results slides 1 23 14Q4 2013 jnpr financial results slides 1 23 14
Q4 2013 jnpr financial results slides 1 23 14IRJuniperNetworks
 
Water Supply Advisory Committee Draft Agreement on New Supply Options
Water Supply Advisory Committee Draft Agreement on New Supply OptionsWater Supply Advisory Committee Draft Agreement on New Supply Options
Water Supply Advisory Committee Draft Agreement on New Supply OptionsRobert Singleton
 
Multi-homed applications
Multi-homed applicationsMulti-homed applications
Multi-homed applicationsAndreas Ehn
 
Sommet 2010
Sommet 2010Sommet 2010
Sommet 2010zazouzasympatico
 
Pingpong(1)
Pingpong(1)Pingpong(1)
Pingpong(1)Pensil Dan Pemadam
 
Rekod kehadiran kelab
Rekod kehadiran kelabRekod kehadiran kelab
Rekod kehadiran kelabIsmail Baihaqie MY
 
emediaIT - Mobility Solutions - 2011.03.01
emediaIT - Mobility Solutions - 2011.03.01emediaIT - Mobility Solutions - 2011.03.01
emediaIT - Mobility Solutions - 2011.03.01Venketash (Pat) Ramadass
 
ORACLE HCM_2708
ORACLE HCM_2708ORACLE HCM_2708
ORACLE HCM_2708smertnik705
 
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbag
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbagOpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbag
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbagme_slideshare_2
 
Salam Base Business
Salam Base BusinessSalam Base Business
Salam Base BusinessHaziq Jadoon
 
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...IBM India Smarter Computing
 
10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT Governance10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT GovernanceRightScale
 
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsKubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsRightScale
 
Optimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleOptimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleRightScale
 
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About NowPrepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About NowRightScale
 
How to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your EnterpriseHow to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your EnterpriseRightScale
 
Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)RightScale
 
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBMComparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBMRightScale
 
How to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale OptimaHow to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale OptimaRightScale
 
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...RightScale
 
Using RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider ToolsUsing RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider ToolsRightScale
 

Weitere ähnliche Inhalte

Andere mochten auch

Top100 Brands Single
Top100 Brands SingleTop100 Brands Single
Top100 Brands Singledgamache
 
Q4 2013 jnpr financial results slides 1 23 14
Q4 2013 jnpr financial results slides 1 23 14Q4 2013 jnpr financial results slides 1 23 14
Q4 2013 jnpr financial results slides 1 23 14IRJuniperNetworks
 
Water Supply Advisory Committee Draft Agreement on New Supply Options
Water Supply Advisory Committee Draft Agreement on New Supply OptionsWater Supply Advisory Committee Draft Agreement on New Supply Options
Water Supply Advisory Committee Draft Agreement on New Supply OptionsRobert Singleton
 
Multi-homed applications
Multi-homed applicationsMulti-homed applications
Multi-homed applicationsAndreas Ehn
 
emediaIT - Mobility Solutions - 2011.03.01
emediaIT - Mobility Solutions - 2011.03.01emediaIT - Mobility Solutions - 2011.03.01
emediaIT - Mobility Solutions - 2011.03.01Venketash (Pat) Ramadass
 
ORACLE HCM_2708
ORACLE HCM_2708ORACLE HCM_2708
ORACLE HCM_2708smertnik705
 
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbag
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbagOpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbag
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbagme_slideshare_2
 
Salam Base Business
Salam Base BusinessSalam Base Business
Salam Base BusinessHaziq Jadoon
 
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...IBM India Smarter Computing
 

Andere mochten auch (12)

Top100 Brands Single
Top100 Brands SingleTop100 Brands Single
Top100 Brands Single
 
Q4 2013 jnpr financial results slides 1 23 14
Q4 2013 jnpr financial results slides 1 23 14Q4 2013 jnpr financial results slides 1 23 14
Q4 2013 jnpr financial results slides 1 23 14
 
Water Supply Advisory Committee Draft Agreement on New Supply Options
Water Supply Advisory Committee Draft Agreement on New Supply OptionsWater Supply Advisory Committee Draft Agreement on New Supply Options
Water Supply Advisory Committee Draft Agreement on New Supply Options
 
Multi-homed applications
Multi-homed applicationsMulti-homed applications
Multi-homed applications
 
Sommet 2010
Sommet 2010Sommet 2010
Sommet 2010
 
Pingpong(1)
Pingpong(1)Pingpong(1)
Pingpong(1)
 
Rekod kehadiran kelab
Rekod kehadiran kelabRekod kehadiran kelab
Rekod kehadiran kelab
 
emediaIT - Mobility Solutions - 2011.03.01
emediaIT - Mobility Solutions - 2011.03.01emediaIT - Mobility Solutions - 2011.03.01
emediaIT - Mobility Solutions - 2011.03.01
 
ORACLE HCM_2708
ORACLE HCM_2708ORACLE HCM_2708
ORACLE HCM_2708
 
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbag
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbagOpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbag
OpenStack Summit 2015 Tokyo Heat-Translator and TOSCA vbrownbag
 
Salam Base Business
Salam Base BusinessSalam Base Business
Salam Base Business
 
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...
Towards an Open Data Center with an Interoperable Network (ODIN) : Volume 2: ...
 

Mehr von RightScale

10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT Governance10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT GovernanceRightScale
 
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsKubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsRightScale
 
Optimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleOptimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleRightScale
 
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About NowPrepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About NowRightScale
 
How to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your EnterpriseHow to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your EnterpriseRightScale
 
Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)RightScale
 
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBMComparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBMRightScale
 
How to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale OptimaHow to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale OptimaRightScale
 
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...RightScale
 
Using RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider ToolsUsing RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider ToolsRightScale
 
Best Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and ComplianceBest Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and ComplianceRightScale
 
Automating Multi-Cloud Policies for AWS, Azure, Google, and More
Automating Multi-Cloud Policies for AWS, Azure, Google, and MoreAutomating Multi-Cloud Policies for AWS, Azure, Google, and More
Automating Multi-Cloud Policies for AWS, Azure, Google, and MoreRightScale
 
The 5 Stages of Cloud Management for Enterprises
The 5 Stages of Cloud Management for EnterprisesThe 5 Stages of Cloud Management for Enterprises
The 5 Stages of Cloud Management for EnterprisesRightScale
 
9 Ways to Reduce Cloud Storage Costs
9 Ways to Reduce Cloud Storage Costs9 Ways to Reduce Cloud Storage Costs
9 Ways to Reduce Cloud Storage CostsRightScale
 
Serverless Comparison: AWS vs Azure vs Google vs IBM
Serverless Comparison: AWS vs Azure vs Google vs IBMServerless Comparison: AWS vs Azure vs Google vs IBM
Serverless Comparison: AWS vs Azure vs Google vs IBMRightScale
 
Best Practices for Cloud Managed Services Providers: The Path to CMP Success
Best Practices for Cloud Managed Services Providers: The Path to CMP SuccessBest Practices for Cloud Managed Services Providers: The Path to CMP Success
Best Practices for Cloud Managed Services Providers: The Path to CMP SuccessRightScale
 
Cloud Storage Comparison: AWS vs Azure vs Google vs IBM
Cloud Storage Comparison: AWS vs Azure vs Google vs IBMCloud Storage Comparison: AWS vs Azure vs Google vs IBM
Cloud Storage Comparison: AWS vs Azure vs Google vs IBMRightScale
 
2018 Cloud Trends: RightScale State of the Cloud Report
2018 Cloud Trends: RightScale State of the Cloud Report2018 Cloud Trends: RightScale State of the Cloud Report
2018 Cloud Trends: RightScale State of the Cloud ReportRightScale
 
Got a Multi-Cloud Strategy? How RightScale CMP Helps
Got a Multi-Cloud Strategy? How RightScale CMP HelpsGot a Multi-Cloud Strategy? How RightScale CMP Helps
Got a Multi-Cloud Strategy? How RightScale CMP HelpsRightScale
 
How to Manage Cloud Costs with RightScale Optima
How to Manage Cloud Costs with RightScale OptimaHow to Manage Cloud Costs with RightScale Optima
How to Manage Cloud Costs with RightScale OptimaRightScale
 

Mehr von RightScale (20)

10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT Governance10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT Governance
 
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsKubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
 
Optimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleOptimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScale
 
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About NowPrepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
 
How to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your EnterpriseHow to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your Enterprise
 
Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)
 
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBMComparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
 
How to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale OptimaHow to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale Optima
 
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
 
Using RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider ToolsUsing RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider Tools
 
Best Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and ComplianceBest Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and Compliance
 
Automating Multi-Cloud Policies for AWS, Azure, Google, and More
Automating Multi-Cloud Policies for AWS, Azure, Google, and MoreAutomating Multi-Cloud Policies for AWS, Azure, Google, and More
Automating Multi-Cloud Policies for AWS, Azure, Google, and More
 
The 5 Stages of Cloud Management for Enterprises
The 5 Stages of Cloud Management for EnterprisesThe 5 Stages of Cloud Management for Enterprises
The 5 Stages of Cloud Management for Enterprises
 
9 Ways to Reduce Cloud Storage Costs
9 Ways to Reduce Cloud Storage Costs9 Ways to Reduce Cloud Storage Costs
9 Ways to Reduce Cloud Storage Costs
 
Serverless Comparison: AWS vs Azure vs Google vs IBM
Serverless Comparison: AWS vs Azure vs Google vs IBMServerless Comparison: AWS vs Azure vs Google vs IBM
Serverless Comparison: AWS vs Azure vs Google vs IBM
 
Best Practices for Cloud Managed Services Providers: The Path to CMP Success
Best Practices for Cloud Managed Services Providers: The Path to CMP SuccessBest Practices for Cloud Managed Services Providers: The Path to CMP Success
Best Practices for Cloud Managed Services Providers: The Path to CMP Success
 
Cloud Storage Comparison: AWS vs Azure vs Google vs IBM
Cloud Storage Comparison: AWS vs Azure vs Google vs IBMCloud Storage Comparison: AWS vs Azure vs Google vs IBM
Cloud Storage Comparison: AWS vs Azure vs Google vs IBM
 
2018 Cloud Trends: RightScale State of the Cloud Report
2018 Cloud Trends: RightScale State of the Cloud Report2018 Cloud Trends: RightScale State of the Cloud Report
2018 Cloud Trends: RightScale State of the Cloud Report
 
Got a Multi-Cloud Strategy? How RightScale CMP Helps
Got a Multi-Cloud Strategy? How RightScale CMP HelpsGot a Multi-Cloud Strategy? How RightScale CMP Helps
Got a Multi-Cloud Strategy? How RightScale CMP Helps
 
How to Manage Cloud Costs with RightScale Optima
How to Manage Cloud Costs with RightScale OptimaHow to Manage Cloud Costs with RightScale Optima
How to Manage Cloud Costs with RightScale Optima
 

KĂĽrzlich hochgeladen

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĂşjo
 
WhatsApp 9892124323 âś“Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 âś“Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 âś“Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 âś“Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

KĂĽrzlich hochgeladen (20)

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
WhatsApp 9892124323 âś“Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 âś“Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 âś“Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 âś“Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Cloud Passage - Securing Servers in Public & Hybrid Clouds

  • 1. Securing Servers in Public & Hybrid Clouds Carson Sweet CEO, CloudPassage Watch the video of this presentation RightScale User Conference © 2011 CloudPassage Inc.
  • 2. What’s So Different? © 2011 CloudPassage Inc. www.cloudpassage.com
  • 3. What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 www-4 – Poor configurations were tolerable public cloud © 2011 CloudPassage Inc. www.cloudpassage.com
  • 4. What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door www-4 public cloud © 2011 CloudPassage Inc. www.cloudpassage.com
  • 5. What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door • Sprawling, multiplying exposures – Rapidly growing attack surface area – More servers = more vulnerabilities – More servers ≠ more people www-4 www-5 www-6 www-7 www-8 www-9 www-10 public cloud © 2011 CloudPassage Inc. www.cloudpassage.com
  • 6. What’s So Different? • Servers used to be highly isolated private datacenter – Bad guys clearly on the outside – Layers of perimeter security www-1 www-2 www-3 – Poor configurations were tolerable • Cloud servers more exposed – Outside of perimeter protections – Little network control or visibility – No idea who’s next door • Sprawling, multiplying exposures – Rapidly growing attack surface area – More servers = more vulnerabilities – More servers ≠ more people www-4 www-5 www-6 • Fraudsters target cloud servers www-7 www-8 www-9 www-10 – Softer targets to penetrate – No perimeter defenses to thwart – Elasticity = more botnet to sell public cloud © 2011 CloudPassage Inc. www.cloudpassage.com
  • 7. Got Cloud Servers? You Are On The Hook! Responsibility Data AWS Shared Responsibility Model Customer “…the customer should assume App Code responsibility and management of, but not limited to, the guest operating system.. and App Framework associated application software...” Operating System “…it is possible for customers to enhance security and/or meet more stringent Virtual Machine Responsibility compliance requirements with the addition of Hypervisor host based firewalls, host based intrusion Provider detection/prevention, encryption and key management.” Compute & Storage Amazon Web Services: Overview of Security Shared Network Processes Physical Facilities © 2011 CloudPassage Inc. www.cloudpassage.com
  • 8. How To Secure Cloud Servers Servers in hybrid and public clouds must be self- defending with highly automated controls like… Dynamic network Server compromise & access control intrusion alerting Configuration and Server forensics and package security security analytics Server account Integration & automation visibility & control capabilities © 2011 CloudPassage Inc. www.cloudpassage.com
  • 9. Architectural Challenges • Inconsistent Control (you don’t own everything) – The only thing you can count on is guest VM ownership • Elasticity (not all servers are steady-state) – Cloudbursting, stale servers, dynamic provisioning • Scalability (handle variable workloads) – May have one dev server or 1,000 number-crunchers • Portability (same controls work anywhere) – Nobody wants multiple tools or IaaS provider lock-in © 2011 CloudPassage Inc. www.cloudpassage.com
  • 10. How We Did It: HaloTM Architecture • Halo Daemon Halo Daemon www-1 – Ultra light-weight software – Installed on server image Halo – Automatically provisioned www-1 • Halo Compute Grid – Elastic compute grid – Hosted by CloudPassage – Does the heavy lifting for the Halo Halo Daemons (95% or more cycles) Compute Grid © 2011 CloudPassage Inc. www.cloudpassage.com
  • 11. www-1 www-1 Halo Halo Daemon User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Halo Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
  • 12. www-1 www-1 Halo Policies & Commands User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
  • 13. www-1 Halo Results & Updates User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
  • 14. www-1 www-1 Halo State and Event User Portal Analysis CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
  • 15. www-1 Alerts, Reports www-1 and Trending Halo User Portal CloudPassage https Halo Policies, https Commands, RESTful Reports Compute API Gateway Grid © 2011 CloudPassage Inc. www.cloudpassage.com
  • 16. HaloTM Functional Capabilities Halo is a security Software-as-a-Service providing all you need to secure your cloud servers. Dynamic network Server compromise & access control intrusion alerting Configuration and Halo GhostPorts server package security access control Server account Halo REST API for visibility & control integration & automation © 2011 CloudPassage Inc. www.cloudpassage.com
  • 17. Portable = “Works Anywhere” Single pane of glass across hosting models • Scales and bursts with dynamic cloud environments • Not dependant on chokepoints, static networks or fixed IPs • Agnostic to cloud provider, hypervisor or hardware © 2011 CloudPassage Inc. www.cloudpassage.com
  • 18. RightScale Integration • Deployment via RightScript (today) – Extremely easy access to cloud server security – Included in template = automatic security – No other cloud management console can do this • Self-Securing Server Templates (in R&D phase) – CloudPassage IDs exposures & compliance issues – RightScale consumes data, fixes issues via RightScripts – New and existing servers become compliant “on the fly” © 2011 CloudPassage Inc. www.cloudpassage.com
  • 19. Questions? Comments? Ideas? © 2011 CloudPassage Inc. www.cloudpassage.com

Hinweis der Redaktion

  1. y
  2. y
  3. y
  4. y
  5. y