Scanning the Internet for External Cloud Exposures via SSL Certs
Measuring Private Cloud Resiliency
1. Simulating Live Cyber Attacks and Application
Traffic to Measure Private Cloud Resiliency
2. Agenda
• Benefits of Private Cloud Deployment: An Introduction to Global
Pharmaceutical Company, Pharma Inc.
• Legacy Testing & Risks
• Steps to Testing and Measuring Private Cloud Resiliency
• Demonstration
• Lessons Learned and Results
2
3. Case Study: Pharma Inc.
• A top pharmaceutical organization was interested in testing the resiliency of
its private cloud applications.
• Goals:
• Perform low cost, advanced research
• Build a higher performing network that was resilient to attack and massive user load
• Understand capacity of current infrastructure and plan for growth
• Validate network equipment devices and systems
3
4. Challenges of Measuring Resiliency
Cloud computing is marked by constant evolution.
• Application protocol updates
• Advanced Persistent Threats
Functional testing is necessary, but not sufficient.
• Require enormous test infrastructure to generate traffic
volume.
• Test with stateless traffic.
• Require add-on testing products to simulate security
attacks and malformed traffic.
4
5. 3 Steps to Measuring Private Cloud Resiliency
1. Functional Testing
2. Enhance Functional Testing with Load
3. Testing Performance and Security Under Load
5
10. Lessons Learned
1. Functional testing is not sufficient
• Organizations must test and measure performance and security under real world
conditions to validate their cloud infrastructure
• Infrastructure must be tested at extreme current and future load, not in a sterile
environment to determine capacity
2. Enhance functional testing with load
• Growing application traffic can put a strain on network infrastructures
• Organizations must know how their network will perform with their unique mix
application traffic
3. Testing both performance and security
• Security and performance testing cannot be performed in isolation
• Live security attacks and malformed packets must be used to validate security and
identify vulnerabilities
10
11. Pharma Inc. Results
• Precise analysis of resiliency and capacity under real world conditions
allowed Pharma Inc. to optimize their private cloud deployment with:
• Improved ability to plan for production rollout
• Insight to improve performance of cloud applications and address critical
security vulnerabilities
• Reduction of planned load testing investment by 80%
11