Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

(SEC202) Best Practices for Securely Leveraging the Cloud


Published on

Cloud adoption is driving digital business growth and enabling companies to shift to processes and practices that make innovation continual. As with any paradigm shift, cloud computing requires different rules and a different way of thinking. This presentation will highlight best practices to build and secure scalable systems in the cloud and capitalize on the cloud with confidence and clarity.

In this session we will cover:

Key market drivers and advantages for leveraging cloud architectures.
Foundational design principles to guide strategy for securely leveraging the cloud.
The “Defense in Depth” approach to building secure services in the cloud, whether it’s private, public, or hybrid.
Real-world customer insights from organizations who have successfully adopted the ""Defense in Depth"" approach.

Session sponsored by Sumo Logic.

Published in: Technology

(SEC202) Best Practices for Securely Leveraging the Cloud

  1. 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Joan Pepin, VP of Security/CISO October 2015 SEC202 If You Build It, They Will Come Best Practices for Building Secure Services in the Cloud
  2. 2. Who Am I? • VP of Security/CISO for Sumo Logic • More than 17 years experience establishing policy management, security metrics, and incident response initiatives • Inventor of SecureWorks’ Anomaly Detection Engine • Experience in healthcare, manufacturing, defense, ISPs, and MSPs
  3. 3. What to Expect from This Session • Drivers for leveraging cloud architectures • Foundational principles to guide design strategy • The Defense in Depth approach • Best practices • Q&A
  4. 4. Consider This… 20% of applications are built on cloud-friendly architectures and are ready for cloud. Source: Right Scale By 2018, 59% of the total cloud workloads will be SaaS workloads, up from 41% in 2013. Source: Cisco Cloud IT infrastructure spending will reach $54.6 billion by 2019 accounting for 46.5% of the total spending on IT infrastructure. Source: IDC
  5. 5. Securing Your Future You’re Not Ready
  6. 6. A Giant Server Security in Two Dimensions
  7. 7. The World is Not Flat…
  8. 8. Design Principles for Cloud Architectures Less Is More • Simplicity of design, APIs, interfaces, and data flow all help lead to a secure and scalable system. Automate • Think of your infrastructure as code based—it’s a game changer. • Test, do rapid prototyping, and implement fully automated, API-driven deployment methods. Do the Right Thing • Design in-code reuse and centralize configuration information to keep attack surface to a minimum. • Sanitize and encrypt it. • Don’t trust client-side verification; enforce everything at every layer.
  9. 9. The Defense in Depth Approach Elastic Load Balancing Internet of Things API UI Rec Admin Amazon DynamoDB POD HOP BOX VPN SSH VAULT Amazon S3 1,500 Instances
  10. 10. The Defense in Depth Approach Servers API UI Admin DynamoDB S3 POD HOP BOX 1,500 Instances SSH VAULT POD APM SEIM AWS SEC. GROUP IDS FIM.FW. SRU APLOGS OIS SSM Rec ELB VPN
  11. 11. The Defense in Depth Approach Servers API UI Admin DynamoDB S3 POD HOP BOX SSH VAULT RAW META KEK KEKEK OPS KEKEK MGMT 1,500 Instances Rec ELB VPN
  12. 12. Defense in Depth Key Takeaways • Defense in Depth. Everything. All the time. • Achieve scale by running the POD model. • Use best-of-breed security stack (IDS, FIM, Log Mgt., Host Firewall). • Automate a complete security stack.
  13. 13. Best Practices
  14. 14. Three-Card Monte Is a Lovely Game
  15. 15. Casino The House Always Wins
  16. 16. Final Takeaways The world is no longer flat… Centralize your security design in your code base All things are possible with automation Simplicity leads to better security
  17. 17. Come visit Sumo Logic at booth #200 to learn how to master your data and see live demos. Twitter: @sumologic
  18. 18. Thank you! @CloudCISO_Joan
  19. 19. Remember to complete your evaluations!