SlideShare a Scribd company logo

Hybrid and Multi-Cloud Security with RightScale

RightScale
RightScale

While the 2015 State of the Cloud Survey shows that companies still identify security as their number one cloud challenge, the reality is that cloud providers are rapidly enhancing their security capabilities. In this webinar we will discuss best practices for a broad set of cloud security issue across public and hybrid clouds and highlight how RightScale and other third-party tools can help. The Hybrid and Multi-Cloud Security: How RightScale Helps webinar will cover: How visibility over all your cloud accounts is a foundation for cloud security. Controlling access to all your cloud accounts. Workload and data security best practices in the cloud. Secure networking options for public and hybrid clouds. Governance and auditing for cloud usage.

Technology
1 of 29
Download to read offline
HYBRID AND MULTI-CLOUD SECURITY WITH RIGHTSCALE 1
• Bart Falzarano • Director of Security and Compliance • Brian Adler • Principal Cloud Architect Panelists 2
POLLING QUESTIONS
82% of Enterprises Want Multi-Cloud Single private 5% Single public 10% No plans 3% Multiple private 14% Multiple public 13% Hybrid cloud 55% 82% Enterprise Cloud Strategy 1000+ employees Multi-Cloud 82% Source: RightScale 2015 State of the Cloud Report
17% 21% 21% 18% 24% 17% 26% 17% 23% 24% 25% 25% 27% 28% Performance Governance/control Managing costs Managing multiple cloud services Compliance Lack of resources/expertise Security Cloud Challenges 2015 vs. 2014 % of Respondents Reporting These As Significant Challenges 2015 2014 Security Remains #1 Challenge Source: RightScale 2015 State of the Cloud Report
How RightScale Helps with Cloud Security Workload Security Standardized configurations, track versions, automate patching Multi-Cloud Visibility Govern many clouds with a single pane of glass Outage-Proof & DR Ensure applications stay up during cloud or data center outages Audit & Compliance Maintain a complete audit trail and comply with regulations Network & Data Security Manage cloud network configurations and encrypt data Access Control Integrate to SSO and control access to cloud credentials
7 Cloud Provider PCIDSS1 HIPAA SSAE16 ISO27001 CSA FedRAMP FISMA Additional certifications, notes, and referencesSOC 1 SOC2 SOC 3 Amazon AWS ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ITAR, FIPS140-2, DIACAP, MPAA Amazon AWS GovCloud (US) environment FedRAMP issued for both AWS GovCloud (US) and AWS US East/West regions For complete listing see http://aws.amazon.com/compliance/ Microsoft Windows Azure ✔ ✔ ✔ ✔ - ✔ ✔ ✔ ✔ CSA CCM audit completed as part of their SOC2 assessment For complete listing see http://www.windowsazure.com/en- us/support/trust-center/compliance/ Rackspace ✔ ✔ ✔ ✔ ✔ ✔ - - - Safe Harbor Certified – EU Directive 95/46/EC on the protection of personal data SOC2 -Security and Availability Only For complete listing see http://www.rackspace.com/about/whyrackspace/ Google Compute Engine ✔ ✔ ✔ ✔ ✔ ✔ - - - Data is encrypted on local ephemeral disk and persistent disk. All data written to disk in Compute Engine is encrypted at rest using the AES-128-CBC algorithm For complete listing seehttps://cloud.google.com/products/compute-engine/ Cloud Provider Security Certifications Matrix Audit & Compliance
Cloud Security Ecosystem Cloud Provider Enterprise RightScale 3rd Party Vendors Plan for a Cloud Security Ecosystem • CMDB • SIEM /Logging / Auditing • IdP • Configuration Management • Orchestration Workflows • Web Application Firewalls • File-Integrity Monitoring • Continuous Integration • Source Code Repositories
Options Abound o RightScale provides visibility, governance, auditing across clouds o Cloud providers offer cloud-specific security options o 3rd party vendors offer multi-cloud options o Ability for segregation of duties: encryption provider vs cloud storage provider Capability Who? Encrypt data in transit Vendor, Enterprise Encrypt data at rest Vendor, Cloud, Enterprise Secure communications RightScale, Cloud, Enterprise, Vendor Systems Configuration /Network segmentation Cloud, Enterprise, RightScale Integrate with IAM RightScale, Cloud, Enterprise, Vendors Privileged identity management RightScale, Cloud, Enterprise Backup/Replicate data RightScale, Cloud, Enterprise, Vendor Coordinate BC & DR RightScale, Cloud, Enterprise, Vendor Log cloud activity RightScale, Cloud, Enterprise, Vendor Shared Responsibility for Cloud Security
Visibility • Can you see all your cloud accounts and instances? • Connect to all your clouds • Gain visibility to all your accounts You Can’t Control What You Can’t See 10 Many Accounts Across Clouds AWS Azure Google CloudStack OpenStack vSphere Account Account Account Account Account Account Account Account Account Account Account Account Account Account Account Account Account AccountAccount
Single pane of glass • Multi-cloud access • Public clouds • Private clouds • Virtualized • Control access • Standardize configuration • Patch and update • Audit trails RightScale: Multi-Cloud Visibility 11 AWS Azure Google CloudStack OpenStack vSphere
• Mostly the same • Govern and enforce user access • Configure Role Management • Context Based Access Control • Enable Audit reporting • 3rd Party Identity Providers • SSO SAML, MFA, Oauth, ADFS • But… • How do you handle multiple clouds and accounts? • So how do you control cloud credentials? Considerations for IAM in Cloud 12 “Should this person (user) who performs this job function and therefore has these roles assigned (role) be allowed to access this type of data as it applies to this particular account (context)?”
13 • Using Amazon IAM with RightScale o Our support portal page contains information on using Amazon AWS IAM with RightScale o By following this configuration guideline we do not require our customers to register their master AWS Access ID and Secret key account with us. Secure AWS Access Control http://support.rightscale.com/06-FAQs/How_do_I_use_Amazon_IAM_with_RightScale%3F Control Cloud Credentials
What you get: • Aggregate accounts across clouds • Hierarchical organization of accounts • Security and access controls • SSO integration RightScale Multi-Cloud Access Controls 14 User BUser A User EUser DUser C Enterprise Account Cloud Account Cloud Account Cloud Account Cloud Account Cloud Account Cloud Account Account 2Account 1 RightScale Access Control Authenticate with passwords or SSO Authenticate with cloud credentials
• AD Agents/Connectors • Okta, Ping Identity, OneLogin • Enterprise Directory Services • Active Directory Federation Services ADFS • Large Scale Provisioning • RightScale API for user provisioning • AD / LDAP integration http://tinyurl.com/m269g4j Active Directory / LDAP Integration 15
• Asymmetric keys private/public • Key Management • NISTIR 7966 http://tinyurl.com/lhtujnv • Key storage options • Hardware Security Modules • On-premise • Cloud services • RightScale • Encryption of keys -MUST Key Management -- SSH 16
Enforce Policies • Catalog of templates that meet corporate standards • Configured to your security requirements • Define which clouds can be used • Control user options and choices • Orchestrate and automate deployment and operations Workload Security: From Rogue to Policy-Based 17 Basic instances Stacks for Dev or Prod Applications
Standardization • Automate provisioning and configuration • Version-controlled • Follow standards for versions, patches and configuration • Leverage a variety of scripting languages • Modular and auditable • Define Security Configuration Baselines Standardize Server Configurations AWS Azure Google CloudStack OpenStack vSphere Multi-Cloud Image Configuration Scripts Containers 18
Standardize System Configurations 19 Load Balancers App Servers Master DB Slave DB Replicate > DNS Configure a system: Cloud Application Template (CAT) Configure a server: • ServerTemplates (portable) • Docker container (portable) • AMI • CloudFormation • VM template
Increase IT efficiency o Bring your own configuration management o Clone existing architectures o Updates and patches o Monitor and alert o Auto-scale up and down Patch and Update
Compliance Requirements o PCI E-Commerce o HIPAA / PHI/ 21CFR11 o NPI / PII o FTI IRS PUB1075 o MPAA o Data Protection / Encryption • In-transit: MUST • At rest: MUST • In process: DEPENDS o Considerations in the Cloud • Select the right cloud provider • Some cloud providers encrypt by default • Review their security documents • Most Cloud Providers will sign BAA • Segregate workloads Data Security
Data Residency with a Global Cloud Platform Amazon Web Services Google Cloud Platform IBM SoftLayer Rackspace Windows Azure Public Clouds Singapore Hong Kong Japan Texas DC Area SF Area Seattle Chicago Dublin London Amsterdam Oregon São Paulo Midwest Beijing Sydney W Europe Private Clouds CloudStack OpenStack vSphere Melbourne Toronto Mexico City Taiwan 22
• HTTPS / TLS • IP address White Listing • Private Network connections –Direct Connect, ExpressRoute, etc. • VPN IPSEC Secure Cloud Connections 23 AWS Cage Customer Cage AWS Direct Connect Azure Cage Customer Cage Azure ExpressRoute Restful APIs
Comply with policies • Quickly Audit Security Groups • Interactive Network Visualization • Maintain Security and Compliance Network Visibility 24
Architect for SLAs • HA/DR reference architectures • Cross-region and cross- cloud • Auto-scale to meet demand • Hybrid cloudbursting • Monitor and automate failover • Hot, warm, and cold DR scenarios Implement DR Architectures for your Apps 25 Load Balancers App Servers Slave DB Master DB App Servers Slave DB < Replicate Replicate > Load Balancers PRIMARY WARM DR DNS
Ensure availability o Separate management plane from cloud and cloud applications o RightScale platform is fully redundant o Automate failover processes for hot, warm or cold DR Outage-Proof with Independent Control Plane
Ensure compliance o See who changed what and when o Provide audit logs and reports to satisfy regulators o Available via API to integrate with other systems Gain Visibility with Audit Trails
Optimize cloud spend o Visibility o Planning and forecasting o Budgets and cost controls o Allocations o Chargeback and showback o Optimize spend Track all Cloud Usage and Costs
• RightScale Certifications • State of the Cloud Report • www.rightscale.com/2015-cloud-report • Private and Hybrid Cloud Whitepaper • www.rightscale.com/private-hybrid-cloud-whitepaper Questions? 29 SSAE16 SOC1 and SOC2 Type II PCI DSS SAQ C CompliantU.S.-EU Safe Harbor Framework and U.S.-Swiss Safe Harbor Framework

Recommended

API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
Akana
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy
Mohit Kumar
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Ajin Abraham
 
PACE-IT, Security+3.7: Overview of Security Assessment Tools
PACE-IT, Security+3.7: Overview of Security Assessment ToolsPACE-IT, Security+3.7: Overview of Security Assessment Tools
PACE-IT, Security+3.7: Overview of Security Assessment Tools
Pace IT at Edmonds Community College
 
Model-Driven Security with Modularity and Reusability for Engineering Secure ...
Model-Driven Security with Modularity and Reusability for Engineering Secure ...Model-Driven Security with Modularity and Reusability for Engineering Secure ...
Model-Driven Security with Modularity and Reusability for Engineering Secure ...
Phu H. Nguyen
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Ajin Abraham
 
10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT Governance10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT Governance
RightScale
 
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsKubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
RightScale
 

Recommended

API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
Akana
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy
Mohit Kumar
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Ajin Abraham
 
PACE-IT, Security+3.7: Overview of Security Assessment Tools
PACE-IT, Security+3.7: Overview of Security Assessment ToolsPACE-IT, Security+3.7: Overview of Security Assessment Tools
PACE-IT, Security+3.7: Overview of Security Assessment Tools
Pace IT at Edmonds Community College
 
Model-Driven Security with Modularity and Reusability for Engineering Secure ...
Model-Driven Security with Modularity and Reusability for Engineering Secure ...Model-Driven Security with Modularity and Reusability for Engineering Secure ...
Model-Driven Security with Modularity and Reusability for Engineering Secure ...
Phu H. Nguyen
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Ajin Abraham
 
10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT Governance10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT Governance
RightScale
 
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsKubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
RightScale
 
Optimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleOptimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScale
RightScale
 
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About NowPrepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
RightScale
 
How to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your EnterpriseHow to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your Enterprise
RightScale
 
Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)
RightScale
 
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBMComparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
RightScale
 
How to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale OptimaHow to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale Optima
RightScale
 
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
RightScale
 
Using RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider ToolsUsing RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider Tools
RightScale
 
Best Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and ComplianceBest Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and Compliance
RightScale
 
Automating Multi-Cloud Policies for AWS, Azure, Google, and More
Automating Multi-Cloud Policies for AWS, Azure, Google, and MoreAutomating Multi-Cloud Policies for AWS, Azure, Google, and More
Automating Multi-Cloud Policies for AWS, Azure, Google, and More
RightScale
 
The 5 Stages of Cloud Management for Enterprises
The 5 Stages of Cloud Management for EnterprisesThe 5 Stages of Cloud Management for Enterprises
The 5 Stages of Cloud Management for Enterprises
RightScale
 
9 Ways to Reduce Cloud Storage Costs
9 Ways to Reduce Cloud Storage Costs9 Ways to Reduce Cloud Storage Costs
9 Ways to Reduce Cloud Storage Costs
RightScale
 
Serverless Comparison: AWS vs Azure vs Google vs IBM
Serverless Comparison: AWS vs Azure vs Google vs IBMServerless Comparison: AWS vs Azure vs Google vs IBM
Serverless Comparison: AWS vs Azure vs Google vs IBM
RightScale
 
Best Practices for Cloud Managed Services Providers: The Path to CMP Success
Best Practices for Cloud Managed Services Providers: The Path to CMP SuccessBest Practices for Cloud Managed Services Providers: The Path to CMP Success
Best Practices for Cloud Managed Services Providers: The Path to CMP Success
RightScale
 
Cloud Storage Comparison: AWS vs Azure vs Google vs IBM
Cloud Storage Comparison: AWS vs Azure vs Google vs IBMCloud Storage Comparison: AWS vs Azure vs Google vs IBM
Cloud Storage Comparison: AWS vs Azure vs Google vs IBM
RightScale
 
2018 Cloud Trends: RightScale State of the Cloud Report
2018 Cloud Trends: RightScale State of the Cloud Report2018 Cloud Trends: RightScale State of the Cloud Report
2018 Cloud Trends: RightScale State of the Cloud Report
RightScale
 
Got a Multi-Cloud Strategy? How RightScale CMP Helps
Got a Multi-Cloud Strategy? How RightScale CMP HelpsGot a Multi-Cloud Strategy? How RightScale CMP Helps
Got a Multi-Cloud Strategy? How RightScale CMP Helps
RightScale
 
How to Manage Cloud Costs with RightScale Optima
How to Manage Cloud Costs with RightScale OptimaHow to Manage Cloud Costs with RightScale Optima
How to Manage Cloud Costs with RightScale Optima
RightScale
 
Top 10 Cloud Trends for 2018 and Actions You Can Take Now
Top 10 Cloud Trends for 2018 and Actions You Can Take NowTop 10 Cloud Trends for 2018 and Actions You Can Take Now
Top 10 Cloud Trends for 2018 and Actions You Can Take Now
RightScale
 
AWS re:Invent 2017 Recap
AWS re:Invent 2017 RecapAWS re:Invent 2017 Recap
AWS re:Invent 2017 Recap
RightScale
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
 

More Related Content

More from RightScale

More from RightScale (20)

Optimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleOptimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScale
 
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About NowPrepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
 
How to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your EnterpriseHow to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your Enterprise
 
Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)
 
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBMComparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
 
How to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale OptimaHow to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale Optima
 
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
 
Using RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider ToolsUsing RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider Tools
 
Best Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and ComplianceBest Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and Compliance
 
Automating Multi-Cloud Policies for AWS, Azure, Google, and More
Automating Multi-Cloud Policies for AWS, Azure, Google, and MoreAutomating Multi-Cloud Policies for AWS, Azure, Google, and More
Automating Multi-Cloud Policies for AWS, Azure, Google, and More
 
The 5 Stages of Cloud Management for Enterprises
The 5 Stages of Cloud Management for EnterprisesThe 5 Stages of Cloud Management for Enterprises
The 5 Stages of Cloud Management for Enterprises
 
9 Ways to Reduce Cloud Storage Costs
9 Ways to Reduce Cloud Storage Costs9 Ways to Reduce Cloud Storage Costs
9 Ways to Reduce Cloud Storage Costs
 
Serverless Comparison: AWS vs Azure vs Google vs IBM
Serverless Comparison: AWS vs Azure vs Google vs IBMServerless Comparison: AWS vs Azure vs Google vs IBM
Serverless Comparison: AWS vs Azure vs Google vs IBM
 
Best Practices for Cloud Managed Services Providers: The Path to CMP Success
Best Practices for Cloud Managed Services Providers: The Path to CMP SuccessBest Practices for Cloud Managed Services Providers: The Path to CMP Success
Best Practices for Cloud Managed Services Providers: The Path to CMP Success
 
Cloud Storage Comparison: AWS vs Azure vs Google vs IBM
Cloud Storage Comparison: AWS vs Azure vs Google vs IBMCloud Storage Comparison: AWS vs Azure vs Google vs IBM
Cloud Storage Comparison: AWS vs Azure vs Google vs IBM
 
2018 Cloud Trends: RightScale State of the Cloud Report
2018 Cloud Trends: RightScale State of the Cloud Report2018 Cloud Trends: RightScale State of the Cloud Report
2018 Cloud Trends: RightScale State of the Cloud Report
 
Got a Multi-Cloud Strategy? How RightScale CMP Helps
Got a Multi-Cloud Strategy? How RightScale CMP HelpsGot a Multi-Cloud Strategy? How RightScale CMP Helps
Got a Multi-Cloud Strategy? How RightScale CMP Helps
 
How to Manage Cloud Costs with RightScale Optima
How to Manage Cloud Costs with RightScale OptimaHow to Manage Cloud Costs with RightScale Optima
How to Manage Cloud Costs with RightScale Optima
 
Top 10 Cloud Trends for 2018 and Actions You Can Take Now
Top 10 Cloud Trends for 2018 and Actions You Can Take NowTop 10 Cloud Trends for 2018 and Actions You Can Take Now
Top 10 Cloud Trends for 2018 and Actions You Can Take Now
 
AWS re:Invent 2017 Recap
AWS re:Invent 2017 RecapAWS re:Invent 2017 Recap
AWS re:Invent 2017 Recap
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Recently uploaded (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Hybrid and Multi-Cloud Security with RightScale

  • 1. HYBRID AND MULTI-CLOUD SECURITY WITH RIGHTSCALE 1
  • 2. • Bart Falzarano • Director of Security and Compliance • Brian Adler • Principal Cloud Architect Panelists 2
  • 4. 82% of Enterprises Want Multi-Cloud Single private 5% Single public 10% No plans 3% Multiple private 14% Multiple public 13% Hybrid cloud 55% 82% Enterprise Cloud Strategy 1000+ employees Multi-Cloud 82% Source: RightScale 2015 State of the Cloud Report
  • 5. 17% 21% 21% 18% 24% 17% 26% 17% 23% 24% 25% 25% 27% 28% Performance Governance/control Managing costs Managing multiple cloud services Compliance Lack of resources/expertise Security Cloud Challenges 2015 vs. 2014 % of Respondents Reporting These As Significant Challenges 2015 2014 Security Remains #1 Challenge Source: RightScale 2015 State of the Cloud Report
  • 6. How RightScale Helps with Cloud Security Workload Security Standardized configurations, track versions, automate patching Multi-Cloud Visibility Govern many clouds with a single pane of glass Outage-Proof & DR Ensure applications stay up during cloud or data center outages Audit & Compliance Maintain a complete audit trail and comply with regulations Network & Data Security Manage cloud network configurations and encrypt data Access Control Integrate to SSO and control access to cloud credentials
  • 7. 7 Cloud Provider PCIDSS1 HIPAA SSAE16 ISO27001 CSA FedRAMP FISMA Additional certifications, notes, and referencesSOC 1 SOC2 SOC 3 Amazon AWS ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ITAR, FIPS140-2, DIACAP, MPAA Amazon AWS GovCloud (US) environment FedRAMP issued for both AWS GovCloud (US) and AWS US East/West regions For complete listing see http://aws.amazon.com/compliance/ Microsoft Windows Azure ✔ ✔ ✔ ✔ - ✔ ✔ ✔ ✔ CSA CCM audit completed as part of their SOC2 assessment For complete listing see http://www.windowsazure.com/en- us/support/trust-center/compliance/ Rackspace ✔ ✔ ✔ ✔ ✔ ✔ - - - Safe Harbor Certified – EU Directive 95/46/EC on the protection of personal data SOC2 -Security and Availability Only For complete listing see http://www.rackspace.com/about/whyrackspace/ Google Compute Engine ✔ ✔ ✔ ✔ ✔ ✔ - - - Data is encrypted on local ephemeral disk and persistent disk. All data written to disk in Compute Engine is encrypted at rest using the AES-128-CBC algorithm For complete listing seehttps://cloud.google.com/products/compute-engine/ Cloud Provider Security Certifications Matrix Audit & Compliance
  • 8. Cloud Security Ecosystem Cloud Provider Enterprise RightScale 3rd Party Vendors Plan for a Cloud Security Ecosystem • CMDB • SIEM /Logging / Auditing • IdP • Configuration Management • Orchestration Workflows • Web Application Firewalls • File-Integrity Monitoring • Continuous Integration • Source Code Repositories
  • 9. Options Abound o RightScale provides visibility, governance, auditing across clouds o Cloud providers offer cloud-specific security options o 3rd party vendors offer multi-cloud options o Ability for segregation of duties: encryption provider vs cloud storage provider Capability Who? Encrypt data in transit Vendor, Enterprise Encrypt data at rest Vendor, Cloud, Enterprise Secure communications RightScale, Cloud, Enterprise, Vendor Systems Configuration /Network segmentation Cloud, Enterprise, RightScale Integrate with IAM RightScale, Cloud, Enterprise, Vendors Privileged identity management RightScale, Cloud, Enterprise Backup/Replicate data RightScale, Cloud, Enterprise, Vendor Coordinate BC & DR RightScale, Cloud, Enterprise, Vendor Log cloud activity RightScale, Cloud, Enterprise, Vendor Shared Responsibility for Cloud Security
  • 10. Visibility • Can you see all your cloud accounts and instances? • Connect to all your clouds • Gain visibility to all your accounts You Can’t Control What You Can’t See 10 Many Accounts Across Clouds AWS Azure Google CloudStack OpenStack vSphere Account Account Account Account Account Account Account Account Account Account Account Account Account Account Account Account Account AccountAccount
  • 11. Single pane of glass • Multi-cloud access • Public clouds • Private clouds • Virtualized • Control access • Standardize configuration • Patch and update • Audit trails RightScale: Multi-Cloud Visibility 11 AWS Azure Google CloudStack OpenStack vSphere
  • 12. • Mostly the same • Govern and enforce user access • Configure Role Management • Context Based Access Control • Enable Audit reporting • 3rd Party Identity Providers • SSO SAML, MFA, Oauth, ADFS • But… • How do you handle multiple clouds and accounts? • So how do you control cloud credentials? Considerations for IAM in Cloud 12 “Should this person (user) who performs this job function and therefore has these roles assigned (role) be allowed to access this type of data as it applies to this particular account (context)?”
  • 13. 13 • Using Amazon IAM with RightScale o Our support portal page contains information on using Amazon AWS IAM with RightScale o By following this configuration guideline we do not require our customers to register their master AWS Access ID and Secret key account with us. Secure AWS Access Control http://support.rightscale.com/06-FAQs/How_do_I_use_Amazon_IAM_with_RightScale%3F Control Cloud Credentials
  • 14. What you get: • Aggregate accounts across clouds • Hierarchical organization of accounts • Security and access controls • SSO integration RightScale Multi-Cloud Access Controls 14 User BUser A User EUser DUser C Enterprise Account Cloud Account Cloud Account Cloud Account Cloud Account Cloud Account Cloud Account Account 2Account 1 RightScale Access Control Authenticate with passwords or SSO Authenticate with cloud credentials
  • 15. • AD Agents/Connectors • Okta, Ping Identity, OneLogin • Enterprise Directory Services • Active Directory Federation Services ADFS • Large Scale Provisioning • RightScale API for user provisioning • AD / LDAP integration http://tinyurl.com/m269g4j Active Directory / LDAP Integration 15
  • 16. • Asymmetric keys private/public • Key Management • NISTIR 7966 http://tinyurl.com/lhtujnv • Key storage options • Hardware Security Modules • On-premise • Cloud services • RightScale • Encryption of keys -MUST Key Management -- SSH 16
  • 17. Enforce Policies • Catalog of templates that meet corporate standards • Configured to your security requirements • Define which clouds can be used • Control user options and choices • Orchestrate and automate deployment and operations Workload Security: From Rogue to Policy-Based 17 Basic instances Stacks for Dev or Prod Applications
  • 18. Standardization • Automate provisioning and configuration • Version-controlled • Follow standards for versions, patches and configuration • Leverage a variety of scripting languages • Modular and auditable • Define Security Configuration Baselines Standardize Server Configurations AWS Azure Google CloudStack OpenStack vSphere Multi-Cloud Image Configuration Scripts Containers 18
  • 19. Standardize System Configurations 19 Load Balancers App Servers Master DB Slave DB Replicate > DNS Configure a system: Cloud Application Template (CAT) Configure a server: • ServerTemplates (portable) • Docker container (portable) • AMI • CloudFormation • VM template
  • 20. Increase IT efficiency o Bring your own configuration management o Clone existing architectures o Updates and patches o Monitor and alert o Auto-scale up and down Patch and Update
  • 21. Compliance Requirements o PCI E-Commerce o HIPAA / PHI/ 21CFR11 o NPI / PII o FTI IRS PUB1075 o MPAA o Data Protection / Encryption • In-transit: MUST • At rest: MUST • In process: DEPENDS o Considerations in the Cloud • Select the right cloud provider • Some cloud providers encrypt by default • Review their security documents • Most Cloud Providers will sign BAA • Segregate workloads Data Security
  • 22. Data Residency with a Global Cloud Platform Amazon Web Services Google Cloud Platform IBM SoftLayer Rackspace Windows Azure Public Clouds Singapore Hong Kong Japan Texas DC Area SF Area Seattle Chicago Dublin London Amsterdam Oregon São Paulo Midwest Beijing Sydney W Europe Private Clouds CloudStack OpenStack vSphere Melbourne Toronto Mexico City Taiwan 22
  • 23. • HTTPS / TLS • IP address White Listing • Private Network connections –Direct Connect, ExpressRoute, etc. • VPN IPSEC Secure Cloud Connections 23 AWS Cage Customer Cage AWS Direct Connect Azure Cage Customer Cage Azure ExpressRoute Restful APIs
  • 24. Comply with policies • Quickly Audit Security Groups • Interactive Network Visualization • Maintain Security and Compliance Network Visibility 24
  • 25. Architect for SLAs • HA/DR reference architectures • Cross-region and cross- cloud • Auto-scale to meet demand • Hybrid cloudbursting • Monitor and automate failover • Hot, warm, and cold DR scenarios Implement DR Architectures for your Apps 25 Load Balancers App Servers Slave DB Master DB App Servers Slave DB < Replicate Replicate > Load Balancers PRIMARY WARM DR DNS
  • 26. Ensure availability o Separate management plane from cloud and cloud applications o RightScale platform is fully redundant o Automate failover processes for hot, warm or cold DR Outage-Proof with Independent Control Plane
  • 27. Ensure compliance o See who changed what and when o Provide audit logs and reports to satisfy regulators o Available via API to integrate with other systems Gain Visibility with Audit Trails
  • 28. Optimize cloud spend o Visibility o Planning and forecasting o Budgets and cost controls o Allocations o Chargeback and showback o Optimize spend Track all Cloud Usage and Costs
  • 29. • RightScale Certifications • State of the Cloud Report • www.rightscale.com/2015-cloud-report • Private and Hybrid Cloud Whitepaper • www.rightscale.com/private-hybrid-cloud-whitepaper Questions? 29 SSAE16 SOC1 and SOC2 Type II PCI DSS SAQ C CompliantU.S.-EU Safe Harbor Framework and U.S.-Swiss Safe Harbor Framework