• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
My Cloud is more Secure than your Data Center
 

My Cloud is more Secure than your Data Center

on

  • 1,826 views

Speech at Cloud Camp Charlotte - 11/16/2012.

Speech at Cloud Camp Charlotte - 11/16/2012.

Statistics

Views

Total Views
1,826
Views on SlideShare
1,110
Embed Views
716

Actions

Likes
0
Downloads
30
Comments
0

9 Embeds 716

http://www.kavistechnology.com 474
http://www.michael-kavis.com 212
http://www.doyoubuzz.com 13
http://feeds.feedburner.com 6
http://www.linkedin.com 6
http://feeds2.feedburner.com 2
https://si0.twimg.com 1
http://core.traackr.com 1
https://www.linkedin.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Today’s technologies have simply evolved from lessons learned in the past and are being applied to address new business problems
  • Today’s technologies have simply evolved from lessons learned in the past and are being applied to address new business problems
  • Today’s technologies have simply evolved from lessons learned in the past and are being applied to address new business problems
  • Cloud key management policies – Encrypt & RotateRestricted access – VPN only, Multi Factor AuthenticationProduction environment – need to know access onlyData access – read only restricted to slave DBsHR screening process – drug tests, background checksTermination process – One touch revoke of accessMonthly review of controls with security teamAnnual external audits
  • World class hardened facilityAll unnecessary ports and software removed from imagesVirus scanningIntrusion detection reportingProactive monitoringNew Relic – performance, SLAs, eventsCacti - databaseNagios – infrastructure resourcesWatir – UI and API pinging

My Cloud is more Secure than your Data Center My Cloud is more Secure than your Data Center Presentation Transcript

  • Mike KavisVP ArchitectureInmar
  • Your Speaker Mike Kavis has been architecting solutions in the cloud since 2008 and was the CTO for startup M-Dot Network which won the 2010 AWS Startup Challenge. Mike is now the VP of Architecture for Inmar who purchased M- Dot in 2011 and is responsible for Inmar’s Digital Promotions PaaS.® © 2012 Inmar, Inc. All Rights Reserved. 2 Not to be reproduced or distributed without written permission from Inmar
  • ® © 2012 Inmar, Inc. All Rights Reserved. 3 Not to be reproduced or distributed without written permission from Inmar
  • How didWhere are we get we? here? 4® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
  • Today’s technologies have simply evolved from lessons learned in the past and are being applied to address new business problems® © 2012 Inmar, Inc. All Rights Reserved. 5 Not to be reproduced or distributed without written permission from Inmar
  • Centralized security Attribution: Bundesarchiv, B 145 Bild-F038812-0014 / Schaack, Lothar / CC-BY-SA® © 2012 Inmar, Inc. All Rights Reserved. 6 Not to be reproduced or distributed without written permission from Inmar
  • Distributed computing® © 2012 Inmar, Inc. All Rights Reserved. 7 Not to be reproduced or distributed without written permission from Inmar
  • Best of both worlds: &centralized distributed ® © 2012 Inmar, Inc. All Rights Reserved. 8 Not to be reproduced or distributed without written permission from Inmar
  • Technology evolves and matures asexpectations We are here adoption increases Standards and best practices time emerge over Technology Peak of Trough of Plateau of Trigger Inflated Disillusionment Slope of Enlightenment Productivity time Expectations ® © 2012 Inmar, Inc. All Rights Reserved. 9 Not to be reproduced or distributed without written permission from Inmar
  • Securityexpectations We are here maturity often lags behind because enterprises are late adopters time Technology Peak of Trough of Plateau of Trigger Inflated Disillusionment Slope of Enlightenment Productivity Expectations ® © 2012 Inmar, Inc. All Rights Reserved. 10 Not to be reproduced or distributed without written permission from Inmar
  • What is holding the enterprises back from cloud adoption? 11® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
  • ® © 2012 Inmar, Inc. All Rights Reserved. 12 Not to be reproduced or distributed without written permission from Inmar
  • Does this make driving safe? 13® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
  • Cloud Washing 14® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
  • Skills Shortage® © 2012 Inmar, Inc. All Rights Reserved. 15 Not to be reproduced or distributed without written permission from Inmar
  • What does this mean for cloud solutions in the enterprise? 16® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
  • “Not in MY firewall”syndrome 17® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
  • Don’t be fooled. People are the culprits, not data centers! Source: http://www.prnewswire.com/news-releases/leading-cause-of-data-security-breaches-are-due-to-insiders-not-outsiders-54002222.html Source: http://mds.ricoh.com/change/information_security_governance® © 2012 Inmar, Inc. All Rights Reserved. 18 Not to be reproduced or distributed without written permission from Inmar
  • Application & infrastructure controls are required regardless of where you deploy Source: http://mds.ricoh.com/change/information_security_governance® © 2012 Inmar, Inc. All Rights Reserved. 19 Not to be reproduced or distributed without written permission from Inmar
  • Encrypt in flight and at restAudit reports: Soc2, PCI, SAS-70, etc.Published change controlproceduresMonthly patchingPublished monthly performance andUptime SLAs Demands fromLimited system access EnterpriseDR and Business Continuity plans Buyers ® © 2012 Inmar, Inc. All Rights Reserved. 20 Not to be reproduced or distributed without written permission from Inmar
  • 21® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
  • Redundancy Across Zones® © 2012 Inmar, Inc. All Rights Reserved. 22 Not to be reproduced or distributed without written permission from Inmar
  • Uptime and Scalability strategies RESTful Services B2C Site B2B Site OLTP DB Transaction DB Reporting Database® © 2012 Inmar, Inc. All Rights Reserved. 23 Not to be reproduced or distributed without written permission from Inmar
  • Uptime and Scalability strategies Scale by Customer Gold Customer Services Type XL Servers Standard Freemium Medium Micro Servers Servers Scale by Normal APIs High Demand APIs Long running APIs API Type® © 2012 Inmar, Inc. All Rights Reserved. 24 Not to be reproduced or distributed without written permission from Inmar
  • Centralized Logging Strategy Admins have total access Web Servers DB Logs | App Svr Logs | Web Logs S Developers access log server only API Servers DB Logs | App Svr Logs | API Logs Y S Database Servers L O DB Logs | App Svr Logs | App Logs Utility Servers G DB Logs | App Svr Logs | App Logs Log Servers® © 2012 Inmar, Inc. All Rights Reserved. 25 Not to be reproduced or distributed without written permission from Inmar
  • Patching strategies Certified Versions Validate3rd Party software: Patch candidate QAOS, AppServ, DB, etc. S t a g e Deploy Golden Image Server Farms ® © 2012 Inmar, Inc. All Rights Reserved. 26 Not to be reproduced or distributed without written permission from Inmar
  • Hybrid Cloud Strategies® © 2012 Inmar, Inc. All Rights Reserved. 27 Not to be reproduced or distributed without written permission from Inmar
  • Hybrid Cloud Strategies® © 2012 Inmar, Inc. All Rights Reserved. 28 Not to be reproduced or distributed without written permission from Inmar
  • • Cloud key management policies • Restricted access • Production environment • Data access • HR screening process • Termination process • Monthly review of controls with security team • Annual external audits® © 2012 Inmar, Inc. All Rights Reserved. 29 Not to be reproduced or distributed without written permission from Inmar
  • • World class hardened facilities • Port scanning not allowed • DDoS mitigation strategies • IP Spoofing protection • Disk destruction Perimeter & Network Security from cloud vendors® © 2012 Inmar, Inc. All Rights Reserved. 30 Not to be reproduced or distributed without written permission from Inmar
  • • World class hardened facility Additional • All unnecessary ports and software removed from Perimeter & images • Virus scanning Network • Intrusion detection reporting Security we • Proactive monitoring provide • New Relic • Cacti • Nagios • Watir® © 2012 Inmar, Inc. All Rights Reserved. 31 Not to be reproduced or distributed without written permission from Inmar
  • Does your data center pass the test? 32® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
  • Security must be envisioned, architected, and built… 33® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
  • Not bought 34® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
  • A cloud solution built from or a legacyscratch with security in mind datacenter? What is more secure? 35® © 2012 Inmar, Inc. All Rights Reserved. Not to be reproduced or distributed without written permission from Inmar
  • For more information: Mike Kavis Michael.kavis@inmar.com 727.686.5999