Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Chris Swan's Cloud World Forum 2015 Presentation: Reperimiterisation in the Cloud

1,165 views

Published on

At Cloud World Forum 2015 CTO Chris Swan presented "Reperimiterisation in the Cloud" in the Cloud & Cyber Security track.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Chris Swan's Cloud World Forum 2015 Presentation: Reperimiterisation in the Cloud

  1. 1. copyright 2015 Cloud Applications Secured Chris Swan @cpswan CTO
  2. 2. copyright 2015 Agenda Setting the scene – the typical app and its perimeter A quick catch up on cloud networking history Unified Threat Management (UTM) and Application Delivery Controllers (ADC) Going virtual, and why Software Defined Networking (SDN) and Network Function Virtualization (NFV) are so sweet together Bringing it home – the cloud perimeter model on enterprise infrastructure
  3. 3. copyright 2015 Apps and perimeters
  4. 4. copyright 2015 A typical business application 4 WebTier AppServer Tier Database Tier Message Queues
  5. 5. copyright 2015 PerimeterSecurity We’re probably all too familiar with the enterprise perimeter based security model 5 80% of Security $s 20% of Security $s
  6. 6. copyright 2015 PerimeterSecurity Hard on the outside, soft on the inside 6
  7. 7. copyright 2015 PerimeterSecurity One penetration creates significant potential for “East-West” expansion of the attack 7
  8. 8. copyright 2015 Evolution of cloud networks
  9. 9. copyright 2015 2006 - The lonely and exposed VM 9 VM
  10. 10. copyright 2015 2008 - Overlays 10 VMVM VM VM
  11. 11. copyright 2015 2009 - VPCs 11 VMVM VM VM
  12. 12. copyright 2015 Containment often not enough - overlays stayed 12 VM VMVM VM VM
  13. 13. copyright 2015 Lots of people did something like this 13 VM
  14. 14. copyright 2015 Some even did something like this 14 VM VM
  15. 15. copyright 2015 And the really large (or paranoid) might do this 15 VM VM
  16. 16. copyright 2015 Or even this 16 VM VM
  17. 17. copyright 2015 (Thankfully) almost nobody tries to do this 17
  18. 18. copyright 2015 UTM and ADC
  19. 19. copyright 2015 Unified Threat Management Firewall NIDS/NIPS AV Anti Spam VPN DLP Load Balancer UTM
  20. 20. copyright 2015 Application Delivery Controller Cache TLS offload Compression WAF Multiplexing Load Balancer ADC Traffic Shaping
  21. 21. copyright 2015 UTM and ADC delivery model
  22. 22. copyright 2015 SDN and NFV
  23. 23. copyright 2015 Networks made from and configured by software
  24. 24. copyright 2015 Put a bunch of network on a VM Firewall VPN Switch Router
  25. 25. copyright 2015 Add in some more with containers Firewall VPN Switch Router Cache TLS offload WAF Load Balancer NIDS/NIPS
  26. 26. copyright 2015 Deploy virtualised network/security functions around the app 26
  27. 27. copyright 2015 We call it an Application Security Controller 27 VNS3:turret
  28. 28. copyright 2015 The ASC in action
  29. 29. copyright 2015 Adds extra protection to public cloud VPC containment 29
  30. 30. copyright 2015 PerimeterSecurity Prevents East-West attacks within the enterprise perimeter 30 X X
  31. 31. copyright 2015 Anywhere an application can go - it needs security & connectivity. Summary Cloud adoption has driven an application centric networking and security model. Application Security Controllers use NFV and SDN to build an application centric perimeter that can be deployed on the public cloud or within the established Enterprise perimeter. The best of UTM and ADC, but without the metal 31
  32. 32. copyright 2015 Cohesive Networks - cloud security made easy 32 VNS3 family of security and connectivity solutions protects cloud-based applications from exploitation by hackers, criminal gangs, and foreign governments 1000+ customers in 20+ countries across all industry verticals and sectors Questions?

×