Keeping Security In-Step with your Application Demand Curve
•Download as PPTX, PDF•
1 like•241 views
This document discusses keeping security scalable with application demand in the cloud. It discusses how AWS infrastructure is constantly monitored and highly available across multiple regions. AWS and customers share responsibility for security. The document recommends automating logging and monitoring, simplifying access controls, enabling encryption, and enforcing authentication. It also discusses how security needs to scale elastically with workloads in the cloud.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Keeping Security In-Step with your Application Demand Curve
Similar to Keeping Security In-Step with your Application Demand Curve (20)
More from Amazon Web Services
More from Amazon Web Services (20)
Recently uploaded
Recently uploaded (20)
Keeping Security In-Step with your Application Demand Curve
- 1. Keeping Security In-Step with your Application Demand Curve Nick Matthews, Solutions Architect, AWS Rob Ayoub, Research Director, IDC Dave Morrissey, Director – Cloud Service Providers, Fortinet
- 2. $6.53M 56% 70% https://www.csid.com/resources/stats/data-breaches/ Increase in theft of hard intellectual property http://www.pwc.com/gx/en/issues/cyber- security/information-security-survey.html Of consumers indicated they’d avoid businesses following a security breach https://www.csid.com/resources/stats/data-breaches/ Average cost of a data breach Your Data and IPAre Your Most Valuable Assets
- 3. In June 2015, IDC released a report which found that most customers can be more secure in AWS than their on-premises environment. How? Automating logging and monitoring Simplifying resource access Making it easy to encrypt properly Enforcing strong authentication AWS Can Be More Secure than Your Existing Environment
- 4. AWS and You Share Responsibility for Security
- 5. Constantly Monitored The AWS infrastructure is protected by extensive network and security monitoring systems: Network access is monitored by AWS security managers daily AWS CloudTrail lets you monitor and record all API calls Amazon Inspector automatically assesses applications for vulnerabilities
- 6. Highly Available The AWS infrastructure footprint helps protect your data from costly downtime 43 Availability Zones in 16 regions for multi-synchronous geographic redundancy Retain control of where your data resides for compliance with regulatory requirements Mitigate the risk of DDoS attacks using services like Route 53 Dynamically grow to meet unforeseen demand using Auto Scaling
- 7. Integrated with Your Existing Resources AWS enables you to improve your security using many of your existing tools and practices Integrate your existing Active Directory Use dedicated connections as a secure, low-latency extension of your data center Provide and manage your own encryption keys if you choose
- 8. Key AWS Certifications and Assurance Programs
- 9. The Importance of Consistent and Scalable Security in the Cloud Rob Ayoub, Research Director, IDC
- 10. Agenda The Move to the Cloud Security Once you Get There The importance of Elastic Security in the Cloud Essential Guidance © IDC Visit us at IDC.com and follow us on Twitter: @IDC
- 11. The Move to the Cloud
- 12. Physically protected No remote connectivity Limited number of users One system In the beginning… © IDC Visit us at IDC.com and follow us on Twitter: @IDC
- 13. ServerClients Security Still On Premise AV HIPS USB Firewall IPS SWG SEG VPN Then We Became Client/Server Security © IDC Visit us at IDC.com and follow us on Twitter: @IDC
- 14. Source: IDC Now We are on the 3rd Platform © IDC Visit us at IDC.com and follow us on Twitter: @IDC
- 15. How would you best describe your organization's current or near-term plans to use Public Cloud or Private Cloud solutions to support production workloads and services? 14.1% 8.0% 21.7% 12.5% 38.2% 20.3% 25.9% 59.3% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2015 2016 Not interested Evaluating Deploying Embracing 129% increase in organizations embracing cloud What Does the Adoption Trend of Cloud Look Like? IDC# US41636616 (August 2016) Source: IDC CloudView, cJanuary, 2016, n=11,350 worldwide respondents; IDC CloudView Survey, December, 2014, n=19,080 worldwide respondents; weighted by GDP and company size © IDC Visit us at IDC.com and follow us on Twitter: @IDC
- 16. Security concerns Not convinced of ROI Reduced customization opportunities Insufficient internal buy-in Don’t have the IT skills Will cost too much OP / Performance concerns Worries around network infrastructure Reliability / Downtime Vendor lock-in Hard to integrate Loss of operational control Regulatory / Compliance issues IT Governance 15% 40% 45% 50%20% 25% 30% 35% Which of the following best describe your organization's main concerns about Cloud and are IMPORTANT INHIBITORS for your organization in considering Public Cloud services or Private Cloud technologies? What’s Holding Organizations Back from Switching to Cloud? © IDC Visit us at IDC.com and follow us on Twitter: @IDCIDC# US41636616 (August 2016) Source: IDC CloudView, January, 2016, n=11,350 worldwide respondents; IDC CloudView Survey, December, 2014, n=19,080 worldwide respondents; weighted by GDP and company size © IDC Visit us at IDC.com and follow us on Twitter: @IDC
- 17. Security Once You Get There
- 18. © IDC Visit us at IDC.com and follow us on Twitter: @IDC Scale Changes Your Perspective…
- 19. Q: What are the top three (3) cyber-attacks that your customer networks are currently experiencing? Phishing Ransomware Spyware Web-borne Malware Similar Threats – New Vectors © IDC Visit us at IDC.com and follow us on Twitter: @IDCSource: IDC-The Channel Company Security Trends Survey 2016
- 20. Network Applications Data © IDC Visit us at IDC.com and follow us on Twitter: @IDC Too Many Vectors!!
- 21. The 2017 Cyber Security Reality Growing number of environments and devices to protect Death of the perimeter Sophistication of cyber miscreants growing rapidly Proliferation of security tool sets Scarcity of qualified information security professionals © IDC Visit us at IDC.com and follow us on Twitter: @IDC 3rd Platform Effects on Security
- 22. The Need for Elastic Security in the Cloud
- 23. Security is not known for being flexible or elastic… © IDC Visit us at IDC.com and follow us on Twitter: @IDC
- 24. © IDC Visit us at IDC.com and follow us on Twitter: @IDC The Times They Are a Changin’
- 25. One HUGE Example of Elasticity © IDC Visit us at IDC.com and follow us on Twitter: @IDC
- 26. At That Scale, Security Must Be Elastic Impossible to manually provision security Workloads/servers need consistent security every time Security must be tailored to the specific cloud environment © IDC Visit us at IDC.com and follow us on Twitter: @IDC
- 27. Cloud Security Adoption: Customer Preferences Q: What are your customer preferences for on-premises and SaaS/cloud SECURITY solutions? Prefer on- premise security solutions 37% Prefer cloud security solutions 21% Prefer adopting a hybrid security approach 42% Cloud, mobility, and Big Data adoption has increasingly impacted enterprise’s security strategies. They add complexity and drive investments in IT infrastructure and data protection. The rising number of cyberattacks and increasing complexities have led to demand for managed security services and more sophisticated security solutions.
- 28. Guidance Enterprises should evaluate a security providers ability to be both flexible based on the environment and elastic in order to meet the demands of modern cloud environments Performance is critical when deploying cloud security products, simply porting an existing product to a VM will not allow for efficiencies in the cloud Inherent automation is key to cloud security products. © IDC Visit us at IDC.com and follow us on Twitter: @IDC
- 29. Dynamic Security for AWS Workloads Dave Morrissey, Director – Cloud Service Providers, Fortinet
- 30. Fortinet Facts Devices shipped >3.1M Unit share worldwide #1 Patents 380 Patents pending 298 In Network Security (IDC) Founded 2000 FY16 Revenue $1.3B Customers >310K Sunnyvale, CA Advanced AWS partner
- 31. Security Must Be Flexible in the Cloud Environment Flexibility Elastic Flexibility Deployment Flexibility
- 32. Global Security Scaling Supported in all 16 AWS Regions. Cloud Formation Templates accessible from GitHub. New Deployments Cloud Formation Templates built specifically for new AWS VPC deployments. Existing AWS Networks Cloud Formation Templates built specifically for existing AWS VPC augments. Flexibility to Scale Security in any Environment
- 33. You select the scale-in/out trigger CPU Utilization Memory Utilization Concurrent Sessions Adds to Security Groups Complements your use of Security Groups Network Segmentation & NACLs. Advanced Security Layers Application Control Antivirus Antispam IPS Flexible Scaling Criteria Threat Research DLP WAF VPN
- 34. Flexible Deployment Options Multiple Auto Scaling Cloud Formation Templates Use the License you already Own On Demand Pay-as-you-Go BYOL New VPC – Two options Existing VPC – Two options Use your BYOL license as your primary instance in each Availability Zone Create On Demand Auto Scale Groups that Build on your BYOL License Create primary instances and Auto Scale Groups with Hourly or Annual usage rates On Demand Hourly will ALWAYS be used as the Auto Scaling Group – true Elasticity
- 35. FortiGate Firewall Auto Scaling…Made Easy Integrates with AWS Services AWS Cloud Formation Template: automates Auto Scaling deployment Amazon CloudWatch: alarms trigger scale- up/down AWS Elastic Load Balancing: distributes inbound traffic equally Amazon Simple Que Service: lifecycle hook posts scaling events Amazon EC2: creates a worker node AZs: launches (2) FortiGates in (2) AZs in a High Availability architecture AWS Identify and Access Management (IAM): creates dynamic roles for EC2 launch and SQS for Auto Scaling lifecycle hook Management Console: enables the Cloud Formation Template deployment
- 36. Q & A Moderators Nick Matthews, nickmatt@amazon.com John Jacobs, jjacobs@fortinet.com Speakers Rob Ayoub, rayoub@idc.com Dave Morrissey, dmorrissey@fortinet.com
- 37. Resources Learn More: www.Fortinet.com/aws Contact Fortinet: awssales@fortinet.com Auto Scaling Guide: https://www.fortinet.com/content/dam/fortinet/assets/solutio ns/aws/dg-fortigate-autoscaling.pdf Configuring your FortiGate Firewall: http://cookbook.fortinet.com/creating-security-policies/ services like Route 53 Admin Guide for your FortiGate Firewall: http://docs.fortinet.com/fortigate/admin-guides
Editor's Notes
- Rob (IDC) hand-off Introduce Dave Morrissey Dave intros self and takes over
- Cloud, aerospace, NASA, Rocket
- Rob (IDC) hand-off Introduce Dave Morrissey Dave intros self and takes over
- I’d like to start with a quick introduction to Fortinet. Fortinet is a US based company that has been providing advanced network security solutions for over 15 years. Fortinet surpasses $1billion in revenue, is highly profitable with $1.4B in cash and zero debt and continues as the #1 Network Security vendor with over 3.1million products shipped to over 310,000 global customers. In fact, Fortinet has 2 TIMES more security products shipped than its closest competitor. From a customer perspective: Fortinet has a large footprint in enterprise, small to mid-sized companies, government, education and healthcare. This is extended to a global customer base of Fortune Companies with 8 of the Top 10 in EMEA and 9 of the Top 10 in APAC. 50 of the 60 worlds largest companies and ALL 10 of the top global Telecom Carriers have chosen Fortinet to protect their networks.
- Rob and IDC hit upon three key areas that Fortinet addresses: Security vendors should allow for environment flexibility – supporting new and existing VPC environments in global regions Elasticity should be flexible – allowing the use of customer defined scale criteria that layers onto existing AWS security Deployment should be flexible – leveraging Cloud Formation Templates to AUTOMATE scaling and simplify the deployment set-up
- Add notes
- Add notes
- Add notes
- Takes minutes …ad 1-2 items to call out In summary: Fortinet has created a set of Cloud Formation Templates that facilitate flexibility in: Your new or existing environment How you set-up the scaling criteria Auto Scaling automation and deployment By creating Templates that enable the use of BYOL licenses in conjunction with On Demand instances – our customers get the best of both worlds with a fixed asset that is always on linked to a dynamic asset that only scales when needed for a true Pay-As-You-Go model and maximum operational and capital efficiency. We look forward to working with you on creating new or augmenting existing VPCs that include Scalable Security capabilities. Thank you…