0
Mike KavisVP ArchitectureInmar
Your Speaker     Mike Kavis has been architecting solutions in the cloud since 2008 and was     the CTO for startup M-Dot ...
®    © 2012 Inmar, Inc. All Rights Reserved.                                     3    Not to be reproduced or distributed ...
How didWhere are                                                                                 we get  we?              ...
Today’s technologies have simply                evolved from lessons learned in the                   past and are being a...
Centralized                                                                                         security              ...
Distributed                                                                                computing®    © 2012 Inmar, Inc...
Best of both worlds:                &centralized           distributed ®     © 2012 Inmar, Inc. All Rights Reserved.      ...
Technology                                                                                                                ...
Securityexpectations                                                                                     We are           ...
What is holding the enterprises back       from cloud adoption?                                                           ...
®    © 2012 Inmar, Inc. All Rights Reserved.                                     12    Not to be reproduced or distributed...
Does this make driving safe?                                                                                13®    © 2012 ...
Cloud       Washing                                                                                14®    © 2012 Inmar, In...
Skills Shortage®    © 2012 Inmar, Inc. All Rights Reserved.                                     15    Not to be reproduced...
What does this                                                                                mean for cloud              ...
“Not in    MY firewall”syndrome                                                                                17®    © 20...
Don’t be fooled. People are the culprits,    not data centers!      Source: http://www.prnewswire.com/news-releases/leadin...
Application & infrastructure controls are     required regardless of where you deploy    Source: http://mds.ricoh.com/chan...
Encrypt in flight and at restAudit reports: Soc2, PCI, SAS-70, etc.Published change controlproceduresMonthly patchingPubli...
21®    © 2012 Inmar, Inc. All Rights Reserved.    Not to be reproduced or distributed without written permission from Inmar
Redundancy Across Zones®    © 2012 Inmar, Inc. All Rights Reserved.                                     22    Not to be re...
Uptime and Scalability strategies                                                                                RESTful S...
Uptime and Scalability strategies      Scale by      Customer                                                             ...
Centralized Logging Strategy                                                                                    Admins hav...
Patching strategies                                                  Certified Versions                                   ...
Hybrid Cloud Strategies®    © 2012 Inmar, Inc. All Rights Reserved.                                     27    Not to be re...
Hybrid Cloud Strategies®    © 2012 Inmar, Inc. All Rights Reserved.                                     28    Not to be re...
• Cloud key management                                                                                  policies          ...
• World class hardened                                                                                  facilities        ...
• World class hardened facility             Additional                                                         • All unnec...
Does your                                                           data center                                           ...
Security must be envisioned,  architected, and built…                                                                     ...
Not bought                                                                                         34®    © 2012 Inmar, In...
A cloud solution built from                                                     or a legacyscratch with security in mind  ...
For more information:  Mike Kavis  Michael.kavis@inmar.com  727.686.5999
Upcoming SlideShare
Loading in...5
×

My Cloud is more Secure than your Data Center

1,721

Published on

Speech at Cloud Camp Charlotte - 11/16/2012.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,721
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
35
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Today’s technologies have simply evolved from lessons learned in the past and are being applied to address new business problems
  • Today’s technologies have simply evolved from lessons learned in the past and are being applied to address new business problems
  • Today’s technologies have simply evolved from lessons learned in the past and are being applied to address new business problems
  • Cloud key management policies – Encrypt & RotateRestricted access – VPN only, Multi Factor AuthenticationProduction environment – need to know access onlyData access – read only restricted to slave DBsHR screening process – drug tests, background checksTermination process – One touch revoke of accessMonthly review of controls with security teamAnnual external audits
  • World class hardened facilityAll unnecessary ports and software removed from imagesVirus scanningIntrusion detection reportingProactive monitoringNew Relic – performance, SLAs, eventsCacti - databaseNagios – infrastructure resourcesWatir – UI and API pinging
  • Transcript of "My Cloud is more Secure than your Data Center"

    1. 1. Mike KavisVP ArchitectureInmar
    2. 2. Your Speaker Mike Kavis has been architecting solutions in the cloud since 2008 and was the CTO for startup M-Dot Network which won the 2010 AWS Startup Challenge. Mike is now the VP of Architecture for Inmar who purchased M- Dot in 2011 and is responsible for Inmar’s Digital Promotions PaaS.® © 2012 Inmar, Inc. All Rights Reserved. 2 Not to be reproduced or distributed without written permission from Inmar
    3. 3. ® © 2012 Inmar, Inc. All Rights Reserved. 3 Not to be reproduced or distributed without written permission from Inmar
    4. 4. How didWhere are we get we? here? 4® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
    5. 5. Today’s technologies have simply evolved from lessons learned in the past and are being applied to address new business problems® © 2012 Inmar, Inc. All Rights Reserved. 5 Not to be reproduced or distributed without written permission from Inmar
    6. 6. Centralized security Attribution: Bundesarchiv, B 145 Bild-F038812-0014 / Schaack, Lothar / CC-BY-SA® © 2012 Inmar, Inc. All Rights Reserved. 6 Not to be reproduced or distributed without written permission from Inmar
    7. 7. Distributed computing® © 2012 Inmar, Inc. All Rights Reserved. 7 Not to be reproduced or distributed without written permission from Inmar
    8. 8. Best of both worlds: &centralized distributed ® © 2012 Inmar, Inc. All Rights Reserved. 8 Not to be reproduced or distributed without written permission from Inmar
    9. 9. Technology evolves and matures asexpectations We are here adoption increases Standards and best practices time emerge over Technology Peak of Trough of Plateau of Trigger Inflated Disillusionment Slope of Enlightenment Productivity time Expectations ® © 2012 Inmar, Inc. All Rights Reserved. 9 Not to be reproduced or distributed without written permission from Inmar
    10. 10. Securityexpectations We are here maturity often lags behind because enterprises are late adopters time Technology Peak of Trough of Plateau of Trigger Inflated Disillusionment Slope of Enlightenment Productivity Expectations ® © 2012 Inmar, Inc. All Rights Reserved. 10 Not to be reproduced or distributed without written permission from Inmar
    11. 11. What is holding the enterprises back from cloud adoption? 11® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
    12. 12. ® © 2012 Inmar, Inc. All Rights Reserved. 12 Not to be reproduced or distributed without written permission from Inmar
    13. 13. Does this make driving safe? 13® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
    14. 14. Cloud Washing 14® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
    15. 15. Skills Shortage® © 2012 Inmar, Inc. All Rights Reserved. 15 Not to be reproduced or distributed without written permission from Inmar
    16. 16. What does this mean for cloud solutions in the enterprise? 16® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
    17. 17. “Not in MY firewall”syndrome 17® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
    18. 18. Don’t be fooled. People are the culprits, not data centers! Source: http://www.prnewswire.com/news-releases/leading-cause-of-data-security-breaches-are-due-to-insiders-not-outsiders-54002222.html Source: http://mds.ricoh.com/change/information_security_governance® © 2012 Inmar, Inc. All Rights Reserved. 18 Not to be reproduced or distributed without written permission from Inmar
    19. 19. Application & infrastructure controls are required regardless of where you deploy Source: http://mds.ricoh.com/change/information_security_governance® © 2012 Inmar, Inc. All Rights Reserved. 19 Not to be reproduced or distributed without written permission from Inmar
    20. 20. Encrypt in flight and at restAudit reports: Soc2, PCI, SAS-70, etc.Published change controlproceduresMonthly patchingPublished monthly performance andUptime SLAs Demands fromLimited system access EnterpriseDR and Business Continuity plans Buyers ® © 2012 Inmar, Inc. All Rights Reserved. 20 Not to be reproduced or distributed without written permission from Inmar
    21. 21. 21® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
    22. 22. Redundancy Across Zones® © 2012 Inmar, Inc. All Rights Reserved. 22 Not to be reproduced or distributed without written permission from Inmar
    23. 23. Uptime and Scalability strategies RESTful Services B2C Site B2B Site OLTP DB Transaction DB Reporting Database® © 2012 Inmar, Inc. All Rights Reserved. 23 Not to be reproduced or distributed without written permission from Inmar
    24. 24. Uptime and Scalability strategies Scale by Customer Gold Customer Services Type XL Servers Standard Freemium Medium Micro Servers Servers Scale by Normal APIs High Demand APIs Long running APIs API Type® © 2012 Inmar, Inc. All Rights Reserved. 24 Not to be reproduced or distributed without written permission from Inmar
    25. 25. Centralized Logging Strategy Admins have total access Web Servers DB Logs | App Svr Logs | Web Logs S Developers access log server only API Servers DB Logs | App Svr Logs | API Logs Y S Database Servers L O DB Logs | App Svr Logs | App Logs Utility Servers G DB Logs | App Svr Logs | App Logs Log Servers® © 2012 Inmar, Inc. All Rights Reserved. 25 Not to be reproduced or distributed without written permission from Inmar
    26. 26. Patching strategies Certified Versions Validate3rd Party software: Patch candidate QAOS, AppServ, DB, etc. S t a g e Deploy Golden Image Server Farms ® © 2012 Inmar, Inc. All Rights Reserved. 26 Not to be reproduced or distributed without written permission from Inmar
    27. 27. Hybrid Cloud Strategies® © 2012 Inmar, Inc. All Rights Reserved. 27 Not to be reproduced or distributed without written permission from Inmar
    28. 28. Hybrid Cloud Strategies® © 2012 Inmar, Inc. All Rights Reserved. 28 Not to be reproduced or distributed without written permission from Inmar
    29. 29. • Cloud key management policies • Restricted access • Production environment • Data access • HR screening process • Termination process • Monthly review of controls with security team • Annual external audits® © 2012 Inmar, Inc. All Rights Reserved. 29 Not to be reproduced or distributed without written permission from Inmar
    30. 30. • World class hardened facilities • Port scanning not allowed • DDoS mitigation strategies • IP Spoofing protection • Disk destruction Perimeter & Network Security from cloud vendors® © 2012 Inmar, Inc. All Rights Reserved. 30 Not to be reproduced or distributed without written permission from Inmar
    31. 31. • World class hardened facility Additional • All unnecessary ports and software removed from Perimeter & images • Virus scanning Network • Intrusion detection reporting Security we • Proactive monitoring provide • New Relic • Cacti • Nagios • Watir® © 2012 Inmar, Inc. All Rights Reserved. 31 Not to be reproduced or distributed without written permission from Inmar
    32. 32. Does your data center pass the test? 32® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
    33. 33. Security must be envisioned, architected, and built… 33® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
    34. 34. Not bought 34® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
    35. 35. A cloud solution built from or a legacyscratch with security in mind datacenter? What is more secure? 35® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
    36. 36. For more information: Mike Kavis Michael.kavis@inmar.com 727.686.5999
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×