Securing Enterprise Assets In The Cloud

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    1 Favorite

    Securing Enterprise Assets In The Cloud - Presentation Transcript

    1. Cohesive Flexible Technologies Securing Enterprise Assets in the Cloud Chris Purrington, CohesiveFT Copyright CohesiveFT 2009 1
    2. CohesiveFT - on boarding solutions for public, private and hybrid clouds Team looks like this Copyright CohesiveFT 2009 2
    3. CohesiveFT - on boarding solutions for public, private and hybrid clouds We do this Copyright CohesiveFT 2009 3
    4. The cloud is not a panacea for bad design. But moving applications to the cloud can quickly reduce capital expenditure, speed time to market. Copyright CohesiveFT 2009 4
    5. The first question on everyone’s mind: Is my stuff safe up there? ? ? ? ? ? ? ? ? ? ? ? ? Copyright CohesiveFT 2009 5
    6. Security and control remain top concerns Copyright CohesiveFT 2009 6
    7. Use “your father’s VPN” Copyright CohesiveFT 2009 7
    8. Typical VPN: Remote office access Copyright CohesiveFT 2009 8
    9. Typical VPN: Remote office access X X X X X Copyright CohesiveFT 2009 9
    10. Uhhh...no. Copyright CohesiveFT 2009 10
    11. I know...cloud-to-cloud DR Copyright CohesiveFT 2009 11
    12. Do x-cloud fail over...somehow.... Cloud A Copyright CohesiveFT 2009 12
    13. Somehow... Cloud A Copyright CohesiveFT 2009 13
    14. Do this! (somehow) Cloud A Cloud B Copyright CohesiveFT 2009 14
    15. Speaking of security... What’s inside this VM? Copyright CohesiveFT 2009 15
    16. Speaking of security... What’s inside this VM? Copyright CohesiveFT 2009 16
    17. Speaking of security... What’s inside this VM? I know, let’s ask him... Picture from: www.sysadminday.com Copyright CohesiveFT 2009 17
    18. Speaking of security... What’s inside this VM? ...or him. Picture from: www.sysadminday.com Copyright CohesiveFT 2009 18
    19. Server “assembly” costs are THE Enterprise IT cost 20-year journey from single file deployment to homogenous architecture (the “C” program on Unix) to single file deployment on heterogeneous architecture (the VM to everywhere) As such - assembly error and propagation represents one of the biggest security risks as well Photo credit: Zach Rosing, May 25, 2007, Copyright CohesiveFT 2009 19
    20. Do you have evil clones? Good clones? There is going to be a lot of them. Run the numbers... Photo credit: Paramount 10,000,000 - today 250,000,000 - 2015 2,500,000,000 - is not impossible Copyright CohesiveFT 2009 20
    21. Repeat after me: “P2V and SLA are mutually EXCLUSIVE!” Why? The 3 rules of hardware computing... 1) When you get a physical machine installed and working - NEVER MOVE IT 2) When you get the software installed and PHYSICAL TO VIRTUAL........easy. working - NEVER TOUCH IT 3) When you “touch it”, don’t tell anyone. Copyright CohesiveFT 2009 21
    22. So...I am highlighting 2 issues in securing your assets in the cloud Even if using a cloud...it needs Working from a “bill of materials” to be YOUR infrastructure in approach is the only way to safely YOUR control survive the clone wars Copyright CohesiveFT 2009 22
    23. YOUR infrastructure in YOUR control in the clouds Use an “overlay network” that you acquire, configure, deploy and manage. Enterprise IT is about checks, balances, and risk mitigation. Copyright CohesiveFT 2009 23
    24. Use an overlay network CONTROL: - Your addressing - Your topology - Your protocols - Your secure communications Copyright CohesiveFT 2009 24
    25. I have software that REQUIRES multicast for service discovery This is true of many enterprise software packages (grid computing packages, database clusters, wikis and more).  Even inside the enterprise complexity and lead times prevent shared use of available resources in disparate customer controlled data centers because VLAN reconfiguration would be too expensive.  VPN-Cubed allows you to get the multicast traffic into the overlay network before it is rejected by the underlying network infrastructure. This allows you control of your protocols. Copyright CohesiveFT 2009 25
    26. I want to control my own network addresses I am an early adopter of cloud computing and love the flexibility provided by public cloud like Amazon EC2 but I want to control my own network addresses, not be given some different set of VLAN addresses when I reboot my servers.  VPN-Cubed gives you control of your addressing allowing you to give your cloud servers static addresses that only change when YOU want them to.  Local infrastructure control of addressing in the public clouds! Copyright CohesiveFT 2009 26
    27. Can’t I use my existing data center NOC? I have completed some of my “datacenter to cloud” migrations but am now under pressure to use new monitoring and management tools.  Can’t I use my existing datacenter NOC (network operations center)?  VPN-Cubed allows you to simply set up an overlay network for the express purpose of connecting cloud VLANS (at EC2 for example) to data center management installations using popular commercial systems like Tivoli, Unicenter, OpenView, as well as leading open source systems like Nagios, Hyperic and GroundWorks. Copyright CohesiveFT 2009 27
    28. I want to use EC2 USA and EC2 Europe for both fail over and data privacy issues I am a cloud early adopter and I want to use both Amazon EC2 USA and Amazon EC2 Europe for both fail over and data privacy issues.  How can I securely link the two environments and treat them as one logical network?  VPN-Cubed does this “out of the box” with a pre-packaged solution “VPN-Cubed for EC2” available for self-service clients as well as those needing some professional services support. Copyright CohesiveFT 2009 28
    29. Isn’t there a way I can test ISV solutions as if on my local network? I have an ISV who has a solution which I would like to evaluate but it will be quite disruptive for me to install. Can’t I can test their solution as if it was on my local network?  VPN-Cubed allows your ISV to install their solution as a virtual server in a public cloud like EC2, yet make it available to a DMZ or particular set of VLANs in your corporate environment.  The burden of testing the ISV solution should rest with your vendor with minimal impact or workload on your team. Copyright CohesiveFT 2009 29
    30. YOUR infrastructure in YOUR control in the clouds THIS or THIS Enterprise IT is about checks, balances, and risk mitigation. Copyright CohesiveFT 2009 30
    31. With a BOM approach: - Identity - Customization - Provenance This is an EC2 server... Bill of Materials right? Look again... Copyright CohesiveFT 2009 31
    32. With a BOM approach: Bill of Materials Re-master device: - new cloud - new VM type - new OS Make clones with unique IDs, unique MAC addresses It the BOM! Copyright CohesiveFT 2009 32
    33. <a little overlay network demo> or <a little BOM demo> or <let’s take some questions> Copyright CohesiveFT 2009 33
    34. <thanks> <pjkerpan (at) cohesiveft.com> Copyright CohesiveFT 2009 34
    SlideShare Zeitgeist 2009

    + cpurringtoncpurrington Nominate

    custom

    489 views, 1 favs, 0 embeds more stats

    Securing Enterprise Assets In The Cloud

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 489
      • 489 on SlideShare
      • 0 from embeds
    • Comments 0
    • Favorites 1
    • Downloads 0
    Most viewed embeds

    more

    All embeds

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    -->
    What's New

    © 2009 SlideShare Inc. All rights reserved.