Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

(SEC321) Implementing Policy, Governance & Security for Enterprises


Published on

"CSC engineers will demonstrate enterprise policy, governance, and security products to deploy and manage enterprise and industry applications AWS.  We will demonstrate automated provisioning and management of big data platforms and industry specific enterprise applications with automatically provisioned secure network connectivity from the datacenter to AWS over layer 2 routed AT&T NetBond (provides AWS DirectConnect access) connection.  We will demonstrate how applications blueprinted on CSC's Agility Platform can be re-hosted on AWS in minutes or re-instantiated across multiple AWS regions.  CSC Cybersecurity will also demonstrate how CSC can provide agile & consumption based endpoint security for workloads in any cloud or virtual infrastructure, providing enterprise management and 24x7 monitoring of workload compliance, vulnerabilities, and potential threats.

Session sponsored by CSC."

Published in: Technology
  • Be the first to comment

(SEC321) Implementing Policy, Governance & Security for Enterprises

  1. 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Kyle Falkenhagen, CSC Erik Winebrenner, CSC October 2015 SEC321 AWS for the Enterprise Implementing Policy, Governance, and Security for Enterprise Workloads
  2. 2. What to Expect from the Session • Demonstrate enterprise policy, governance, and security capabilities that support the deployment and management of enterprise and industry applications on AWS using CSC’s Agility Platform • Demonstrate the value of blueprinting enterprise applications and environments • Demonstrate secure and managed connectivity to AWS • Present how CSC provides agile and consumption-based endpoint security for workloads in AWS providing enterprise management and 24x7 monitoring of workload compliance, vulnerabilities, and potential threats
  3. 3. The Market Is Embracing an Application-Centric, Hybrid Cloud Model Business execs demand greater IT agility and innovation This is fostering greater adoption of hybrid cloud models 71% say their organizations need to embrace new technology or lose market share 47% of businesses are making technology and cloud decisions without getting the IT department involved … and sidestepping enterprise governance controls when central IT doesn’t deliver … and a shift to cloud platforms and apps, not just infrastructure Projected allocation of cloud spend 2013 – 2015 Hybrid 43% Private 25%Public 32%
  4. 4. Forward-Thinking IT Organizations Are Adopting Hybrid Cloud Operating Models to Provide IT as a Service Virtualize Automation Hybrid Clouds IT as a Service Improve asset utilization and ROI Defer data center build- outs Launch initial private cloud Self-service access and on-demand provisioning Policy-driven cloud governance Compressed SDLC and tool chain automation IaaS and PaaS standardization Fully transparent and auditable service usage Broadly adopt utility cost model with chargeback Redundant service options with low switching costs Optimize variable-to- fixed costs by project Transparent linkage of demand, capacity, and costs
  5. 5. • Accelerate AWS benefits to the enterprise, while ensuring compliance with IT standards, governance, and security requirements • Expand cloud service portfolios to enterprise platforms and apps (not just IaaS), available on a self-service, on-demand basis directly to the end users that need them • Rapidly obtain the benefits of hybrid environments using a pay-as-you-go OPEX model and CSC managed services, rather than attempt to build internally with scarce skills/capital +Amazon is the undisputed public cloud market share leader and is innovating faster than anyone else in public cloud. CSC has the market-leading cloud management and orchestration platform and strong expertise in enterprise application migration to cloud. CSC Enterprise Cloud Services For AWS The AWS and CSC Partnership
  6. 6. INCLUDED: BizCloud BizCloud HC INCLUDED: Public Clouds Private Clouds Dev Test Prod IaaS Platforms Apps Store SDLC Tools CSC Agility Platform as a Service For AWS Manage/Govern Enterprise IT Services Across Hybrid Environments • Pay-as-you-go model • CSC Agility Platform provided as-a-Service • CSC-managed services including consolidated billing, helpdesk, and OS- level services • Integrated hybrid cyber-security model • Extensible policy engine for cloud governance • Cloud-portable blueprints for applications and platforms • Additional public and private cloud adapters available
  7. 7. CLOUD-PORTABLE BLUEPRINTS POLICY-DRIVEN GOVERNANCE APPLICATION RELEASE AUTOMATION (ARA) Put platforms and apps in “cloud-portable blueprints.” Embed IT standards Use policies to automate governance/compliance, right sizing, right placement, etc. Consume cloud IT services not just from storefronts, but directly from SDLC tooling Accelerating Benefits Using CSC Agility Platform Others… BroadCloud Support CSC
  8. 8. CSC Managed Hybrid Cloud Service The CSC Managed Hybrid Cloud service provides secure dedicated access between on-premises infrastructure and the AWS Cloud. IT organizations easily migrate workloads and take advantage of cost savings when allocating resources for dynamic projects. The CSC Managed Hybrid Cloud service integrates technology from AWS, Brocade, AT&T, and Intel: • AWS: Customers use AWS DirectConnect to establish private connectivity between AWS and data centers, offices, or colocation environments. • Brocade vRouter and the Brocade vADC: Provides additional secure access, reliability, advanced networking, and application performance across on-premises infrastructure into an AWS VPC using IPsec, vRouting, and application load balancing. Brocade leverages Data Plane Development Kit (DPDK) to deliver performance, boosting packet processing and throughput. • AT&T Netbond: Allows direct provisioning of 1G and 10G high-speed connections to an AWS VPC within the AWS cloud infrastructure and global availability zones. • Intel® Xeon® E5 processor: Enables Amazon EC2 to increase networking capabilities.
  9. 9. CSC Hybrid Cloud Service – A Cloud Networking Strategy Foundation • Low-latency, on-net, fully redundant • Any-to-any, instant-on connectivity • Eliminate data center hairpin PERFORMANCE • Private IP address space avoids Internet/DDoS threats SECURITY • API controlled for on-demand adds and bandwidth changes AGILITY • Scales dynamically with cloud usage; elasticity creates added pricing value ELASTICITY • Save as much as 60% on networking • Cost model aligns with cloud usage COST-EFFECTIVENESS A network-enabled cloud solution with performance and security
  10. 10. Big Data Platform as a Service APP 3 Flexible Deployment OptionsPublic Cloud Virtual Private Cloud Dedicated Cluster Enterprise Private Cloud CSC Big Data Platform as a Service APP 1 APP 2 REAL TIMEBATCH AD HOC Fully Managed as a Service Comprehensive, proactive infrastructure, and software management eliminates the most frustrating reason open source big data solutions fail: operational complexity. Big Data Expertise and Experience We have been working with Hadoop, Cassandra, and Mongo since 2011 and have implemented and managed more than 150 big data clusters. The Only PCI & HIPAA Compliance Certified SI Solution CSC is the first and only solutions integrator to meet stringent PCI and HIPAA certification standards with an open big data solution. Integrated Audit Monitoring and Comprehensive Security Every solution has comprehensive security activity and audit capabilities out of the box, and can be fully configured with the latest security features, from infrastructure to application. Real-Time, Streaming, and In-Memory Capabilities We have the broadest set of capabilities in the market, including deep expertise in installing, managing, and developing big and fast data analytics.
  11. 11. Demo
  12. 12. CSC Cybersecurity On-Demand Workload Protection Powered by CloudPassage
  13. 13. Top Challenges Facing Cloud Customers: Why Should CSC’s Customers Care? • Increased scrutiny and responsibility following high-profile cloud breaches • New regulatory demands to better protect cloud-hosted data • Existing regulations increasingly applied to cloud environments • Require consistent security across workloads in an agile environment • Increased criminal attention on cloud assets due to their increased adoption • Greater threat to intellectual property as enterprises host off-premises • “Need to protect my cloud workloads at same level as my traditional systems” • Costs growing as internal IT security infrastructure expands • Expanding skilled resources required to manage security of cloud assets OPERATIONS ADVANCED THREATS RISK AND COMPLIANCE NEXT-GEN TECHNOLOGIES • Require visibility of all assets, regardless of location or cloud provider • Cloud expected to be cheaper than traditional — in reality, security bogs down cost, eliminates savings • Growing risk exposure as virtual workloads increase
  15. 15. Self-Managed Cloud Workload Security Company A Public Private HR Payroll HIPAA Big Data Germany Production Dev/Test Production PCI Amazon Web Services Traditional IT Endpoint Security SIEM Vuln. Scanning Payroll HR HIPAASales Dev/Test Managed Workloads Rogue Systems Security Policies
  16. 16. CSC Cloud Security Services On-Demand Workload Protection—Powered by CloudPassage Security Information and Event Management (SIEM) Pulse Advanced Reporting Policy Creation, Configuration, and Management Email-Based Alerting Account Setup and Management Complete Management of Cloud Workload Security Monitored (Optional) Consulting (Optional) Managed CSC CLOUD SECURITY SERVICES Configuration Security Monitoring Software Vulnerability Assessment Log-Based Intrusion Detection Workload Firewall Management System Account Management File Integrity Monitoring
  17. 17. Meet All Critical Control Objectives Gain visibility into enterprise and individual asset security posture Uncover and manage vulnerabilities and configuration issues Get immediate reports showing open issues against CIS benchmarks Do this across an entire account or department, or by type of system Data Protection Compromise Management Operational Automation Visibility Strong Access Control Vulnerability Management Ultra- lightweight SaaS Based Workload-Level Security Micro- segmentation Instant On BENEFITS FEATURES
  18. 18. Consumption-Based Pricing Lowers Operating Costs Cost of traditional cybersecurity solution relative to overall workload cost SUN MON TUE WED THU FRI SAT Hosted Intrusion Detection (HID) Costs (7 days) PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT Vulnerability Mgmt. Costs (7 days) PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT Tech. Compliance (7 days) PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT Customer Workload Costs (3 days) OFF OFF OFF WED THU FRI OFF SUN MON TUE WED THU FRI SAT On-Demand Workload Protection (3 days) OFF OFF OFF PROTECT PROTECT PROTECT OFF Customer Workload Costs (3 days) OFF OFF OFF WED THU FRI OFF Cost of On-Demand Workload Protection (OWP) ConsolidationbyOWP
  19. 19. CSC-Managed Cloud Workload Security with OWP CSC Proprietary Pulse Portal Company A CSC Risk Management Center (RMC) Managed Workloads Rogue Systems Security Policies Public Private PayrollHR Dev / Test Germany PCI HIPAA Production Big Data Nodes
  20. 20. Digital Trust: Your Future State CSC ON-DEMAND WORKLOAD PROTECTION Reduce cost and complexity Enable secure adoption of virtual technologies Evaluate compliance with regulatory requirements Provide full visibility across cloud workloads Securely harness cloud’s flexibility and consumption-based model Monitor and respond to threats 24x7x365
  21. 21. Why CSC for On-Demand Workload Protection Global scale Threat intelligence 24x7 Global SOCs 1,000s of experts CSC named a Leader in IDC MarketScape Asia/Pacific Managed Security Services 2015 Vendor Assessment Consumption-based pricing — not just in technology, but for services Enterprise-grade management and scalability Customer/App/Regulation-specific policies 24x7x365 SIEM — monitoring and investigation Pulse Customer Portal
  22. 22. We Understand Cybersecurity GLOBAL CYBERSECURITY PROFESSIONALS 2,000+ INTEGRATED GLOBAL RISK MANAGEMENT CENTERS 5+ YEARS PROVIDING CYBERSECURITY SERVICES 35+ GLOBAL ALLIANCE PARTNERS PROVIDING SECURITY EXPERTISE 15+ PUBLIC & PRIVATE SECTOR EXPERTISE Nearly 40 years of experience in delivering secure, managed enterprise services Successfully supporting the world’s most security- conscious clients, including aerospace and defense, and banking and financial institutions worldwide Helping 250+ clients manage risk and overcome the most extreme threats Integrated global Risk Management Centers IT security experts with in-depth experience End-to-end visibility of customer’s enterprise governance and compliance posture UK Noida Kuala Lumpur Sydney Newark
  23. 23. CSC Proprietary Pulse Portal  24x7x365 visibility  Immediate access to detailed logs and incident data  Executive-oriented dashboard  Performance metrics  Simple user-querying methods  Correlation of incident and vulnerability data to provide enterprise-wide “Situational Awareness” EXAMPLE VIEWSPORTAL FEATURES
  24. 24. Thank You! Stop by the CSC Booth (424)
  25. 25. Remember to complete your evaluations!
  26. 26. Thank you! For longer demos please visit the CSC (Booth 424) on the expo floor