• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Securing Enterprise Assets In The Cloud
 

Securing Enterprise Assets In The Cloud

on

  • 2,246 views

Securing Enterprise Assets In The Cloud

Securing Enterprise Assets In The Cloud

Statistics

Views

Total Views
2,246
Views on SlideShare
2,235
Embed Views
11

Actions

Likes
2
Downloads
0
Comments
0

1 Embed 11

http://www.slideshare.net 11

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Securing Enterprise Assets In The Cloud Securing Enterprise Assets In The Cloud Presentation Transcript

    • Cohesive Flexible Technologies Securing Enterprise Assets in the Cloud Chris Purrington, CohesiveFT Copyright CohesiveFT 2009 1
    • CohesiveFT - on boarding solutions for public, private and hybrid clouds Team looks like this Copyright CohesiveFT 2009 2
    • CohesiveFT - on boarding solutions for public, private and hybrid clouds We do this Copyright CohesiveFT 2009 3
    • The cloud is not a panacea for bad design. But moving applications to the cloud can quickly reduce capital expenditure, speed time to market. Copyright CohesiveFT 2009 4
    • The first question on everyone’s mind: Is my stuff safe up there? ? ? ? ? ? ? ? ? ? ? ? ? Copyright CohesiveFT 2009 5
    • Security and control remain top concerns Copyright CohesiveFT 2009 6
    • Use “your father’s VPN” Copyright CohesiveFT 2009 7
    • Typical VPN: Remote office access Copyright CohesiveFT 2009 8
    • Typical VPN: Remote office access X X X X X Copyright CohesiveFT 2009 9
    • Uhhh...no. Copyright CohesiveFT 2009 10
    • I know...cloud-to-cloud DR Copyright CohesiveFT 2009 11
    • Do x-cloud fail over...somehow.... Cloud A Copyright CohesiveFT 2009 12
    • Somehow... Cloud A Copyright CohesiveFT 2009 13
    • Do this! (somehow) Cloud A Cloud B Copyright CohesiveFT 2009 14
    • Speaking of security... What’s inside this VM? Copyright CohesiveFT 2009 15
    • Speaking of security... What’s inside this VM? Copyright CohesiveFT 2009 16
    • Speaking of security... What’s inside this VM? I know, let’s ask him... Picture from: www.sysadminday.com Copyright CohesiveFT 2009 17
    • Speaking of security... What’s inside this VM? ...or him. Picture from: www.sysadminday.com Copyright CohesiveFT 2009 18
    • Server “assembly” costs are THE Enterprise IT cost 20-year journey from single file deployment to homogenous architecture (the “C” program on Unix) to single file deployment on heterogeneous architecture (the VM to everywhere) As such - assembly error and propagation represents one of the biggest security risks as well Photo credit: Zach Rosing, May 25, 2007, Copyright CohesiveFT 2009 19
    • Do you have evil clones? Good clones? There is going to be a lot of them. Run the numbers... Photo credit: Paramount 10,000,000 - today 250,000,000 - 2015 2,500,000,000 - is not impossible Copyright CohesiveFT 2009 20
    • Repeat after me: “P2V and SLA are mutually EXCLUSIVE!” Why? The 3 rules of hardware computing... 1) When you get a physical machine installed and working - NEVER MOVE IT 2) When you get the software installed and PHYSICAL TO VIRTUAL........easy. working - NEVER TOUCH IT 3) When you “touch it”, don’t tell anyone. Copyright CohesiveFT 2009 21
    • So...I am highlighting 2 issues in securing your assets in the cloud Even if using a cloud...it needs Working from a “bill of materials” to be YOUR infrastructure in approach is the only way to safely YOUR control survive the clone wars Copyright CohesiveFT 2009 22
    • YOUR infrastructure in YOUR control in the clouds Use an “overlay network” that you acquire, configure, deploy and manage. Enterprise IT is about checks, balances, and risk mitigation. Copyright CohesiveFT 2009 23
    • Use an overlay network CONTROL: - Your addressing - Your topology - Your protocols - Your secure communications Copyright CohesiveFT 2009 24
    • I have software that REQUIRES multicast for service discovery This is true of many enterprise software packages (grid computing packages, database clusters, wikis and more).  Even inside the enterprise complexity and lead times prevent shared use of available resources in disparate customer controlled data centers because VLAN reconfiguration would be too expensive.  VPN-Cubed allows you to get the multicast traffic into the overlay network before it is rejected by the underlying network infrastructure. This allows you control of your protocols. Copyright CohesiveFT 2009 25
    • I want to control my own network addresses I am an early adopter of cloud computing and love the flexibility provided by public cloud like Amazon EC2 but I want to control my own network addresses, not be given some different set of VLAN addresses when I reboot my servers.  VPN-Cubed gives you control of your addressing allowing you to give your cloud servers static addresses that only change when YOU want them to.  Local infrastructure control of addressing in the public clouds! Copyright CohesiveFT 2009 26
    • Can’t I use my existing data center NOC? I have completed some of my “datacenter to cloud” migrations but am now under pressure to use new monitoring and management tools.  Can’t I use my existing datacenter NOC (network operations center)?  VPN-Cubed allows you to simply set up an overlay network for the express purpose of connecting cloud VLANS (at EC2 for example) to data center management installations using popular commercial systems like Tivoli, Unicenter, OpenView, as well as leading open source systems like Nagios, Hyperic and GroundWorks. Copyright CohesiveFT 2009 27
    • I want to use EC2 USA and EC2 Europe for both fail over and data privacy issues I am a cloud early adopter and I want to use both Amazon EC2 USA and Amazon EC2 Europe for both fail over and data privacy issues.  How can I securely link the two environments and treat them as one logical network?  VPN-Cubed does this “out of the box” with a pre-packaged solution “VPN-Cubed for EC2” available for self-service clients as well as those needing some professional services support. Copyright CohesiveFT 2009 28
    • Isn’t there a way I can test ISV solutions as if on my local network? I have an ISV who has a solution which I would like to evaluate but it will be quite disruptive for me to install. Can’t I can test their solution as if it was on my local network?  VPN-Cubed allows your ISV to install their solution as a virtual server in a public cloud like EC2, yet make it available to a DMZ or particular set of VLANs in your corporate environment.  The burden of testing the ISV solution should rest with your vendor with minimal impact or workload on your team. Copyright CohesiveFT 2009 29
    • YOUR infrastructure in YOUR control in the clouds THIS or THIS Enterprise IT is about checks, balances, and risk mitigation. Copyright CohesiveFT 2009 30
    • With a BOM approach: - Identity - Customization - Provenance This is an EC2 server... Bill of Materials right? Look again... Copyright CohesiveFT 2009 31
    • With a BOM approach: Bill of Materials Re-master device: - new cloud - new VM type - new OS Make clones with unique IDs, unique MAC addresses It the BOM! Copyright CohesiveFT 2009 32
    • <a little overlay network demo> or <a little BOM demo> or <let’s take some questions> Copyright CohesiveFT 2009 33
    • <thanks> <pjkerpan (at) cohesiveft.com> Copyright CohesiveFT 2009 34