Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hybrid and Multi-Cloud Security with RightScale

1,267 views

Published on

While the 2015 State of the Cloud Survey shows that companies still identify security as their number one cloud challenge, the reality is that cloud providers are rapidly enhancing their security capabilities. In this webinar we will discuss best practices for a broad set of cloud security issue across public and hybrid clouds and highlight how RightScale and other third-party tools can help.

The Hybrid and Multi-Cloud Security: How RightScale Helps webinar will cover:

How visibility over all your cloud accounts is a foundation for cloud security.
Controlling access to all your cloud accounts.
Workload and data security best practices in the cloud.
Secure networking options for public and hybrid clouds.
Governance and auditing for cloud usage.

Published in: Technology
  • Be the first to comment

Hybrid and Multi-Cloud Security with RightScale

  1. 1. HYBRID AND MULTI-CLOUD SECURITY WITH RIGHTSCALE 1
  2. 2. • Bart Falzarano • Director of Security and Compliance • Brian Adler • Principal Cloud Architect Panelists 2
  3. 3. POLLING QUESTIONS
  4. 4. 82% of Enterprises Want Multi-Cloud Single private 5% Single public 10% No plans 3% Multiple private 14% Multiple public 13% Hybrid cloud 55% 82% Enterprise Cloud Strategy 1000+ employees Multi-Cloud 82% Source: RightScale 2015 State of the Cloud Report
  5. 5. 17% 21% 21% 18% 24% 17% 26% 17% 23% 24% 25% 25% 27% 28% Performance Governance/control Managing costs Managing multiple cloud services Compliance Lack of resources/expertise Security Cloud Challenges 2015 vs. 2014 % of Respondents Reporting These As Significant Challenges 2015 2014 Security Remains #1 Challenge Source: RightScale 2015 State of the Cloud Report
  6. 6. How RightScale Helps with Cloud Security Workload Security Standardized configurations, track versions, automate patching Multi-Cloud Visibility Govern many clouds with a single pane of glass Outage-Proof & DR Ensure applications stay up during cloud or data center outages Audit & Compliance Maintain a complete audit trail and comply with regulations Network & Data Security Manage cloud network configurations and encrypt data Access Control Integrate to SSO and control access to cloud credentials
  7. 7. 7 Cloud Provider PCIDSS1 HIPAA SSAE16 ISO27001 CSA FedRAMP FISMA Additional certifications, notes, and referencesSOC 1 SOC2 SOC 3 Amazon AWS ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ITAR, FIPS140-2, DIACAP, MPAA Amazon AWS GovCloud (US) environment FedRAMP issued for both AWS GovCloud (US) and AWS US East/West regions For complete listing see http://aws.amazon.com/compliance/ Microsoft Windows Azure ✔ ✔ ✔ ✔ - ✔ ✔ ✔ ✔ CSA CCM audit completed as part of their SOC2 assessment For complete listing see http://www.windowsazure.com/en- us/support/trust-center/compliance/ Rackspace ✔ ✔ ✔ ✔ ✔ ✔ - - - Safe Harbor Certified – EU Directive 95/46/EC on the protection of personal data SOC2 -Security and Availability Only For complete listing see http://www.rackspace.com/about/whyrackspace/ Google Compute Engine ✔ ✔ ✔ ✔ ✔ ✔ - - - Data is encrypted on local ephemeral disk and persistent disk. All data written to disk in Compute Engine is encrypted at rest using the AES-128-CBC algorithm For complete listing seehttps://cloud.google.com/products/compute-engine/ Cloud Provider Security Certifications Matrix Audit & Compliance
  8. 8. Cloud Security Ecosystem Cloud Provider Enterprise RightScale 3rd Party Vendors Plan for a Cloud Security Ecosystem • CMDB • SIEM /Logging / Auditing • IdP • Configuration Management • Orchestration Workflows • Web Application Firewalls • File-Integrity Monitoring • Continuous Integration • Source Code Repositories
  9. 9. Options Abound o RightScale provides visibility, governance, auditing across clouds o Cloud providers offer cloud-specific security options o 3rd party vendors offer multi-cloud options o Ability for segregation of duties: encryption provider vs cloud storage provider Capability Who? Encrypt data in transit Vendor, Enterprise Encrypt data at rest Vendor, Cloud, Enterprise Secure communications RightScale, Cloud, Enterprise, Vendor Systems Configuration /Network segmentation Cloud, Enterprise, RightScale Integrate with IAM RightScale, Cloud, Enterprise, Vendors Privileged identity management RightScale, Cloud, Enterprise Backup/Replicate data RightScale, Cloud, Enterprise, Vendor Coordinate BC & DR RightScale, Cloud, Enterprise, Vendor Log cloud activity RightScale, Cloud, Enterprise, Vendor Shared Responsibility for Cloud Security
  10. 10. Visibility • Can you see all your cloud accounts and instances? • Connect to all your clouds • Gain visibility to all your accounts You Can’t Control What You Can’t See 10 Many Accounts Across Clouds AWS Azure Google CloudStack OpenStack vSphere Account Account Account Account Account Account Account Account Account Account Account Account Account Account Account Account Account AccountAccount
  11. 11. Single pane of glass • Multi-cloud access • Public clouds • Private clouds • Virtualized • Control access • Standardize configuration • Patch and update • Audit trails RightScale: Multi-Cloud Visibility 11 AWS Azure Google CloudStack OpenStack vSphere
  12. 12. • Mostly the same • Govern and enforce user access • Configure Role Management • Context Based Access Control • Enable Audit reporting • 3rd Party Identity Providers • SSO SAML, MFA, Oauth, ADFS • But… • How do you handle multiple clouds and accounts? • So how do you control cloud credentials? Considerations for IAM in Cloud 12 “Should this person (user) who performs this job function and therefore has these roles assigned (role) be allowed to access this type of data as it applies to this particular account (context)?”
  13. 13. 13 • Using Amazon IAM with RightScale o Our support portal page contains information on using Amazon AWS IAM with RightScale o By following this configuration guideline we do not require our customers to register their master AWS Access ID and Secret key account with us. Secure AWS Access Control http://support.rightscale.com/06-FAQs/How_do_I_use_Amazon_IAM_with_RightScale%3F Control Cloud Credentials
  14. 14. What you get: • Aggregate accounts across clouds • Hierarchical organization of accounts • Security and access controls • SSO integration RightScale Multi-Cloud Access Controls 14 User BUser A User EUser DUser C Enterprise Account Cloud Account Cloud Account Cloud Account Cloud Account Cloud Account Cloud Account Account 2Account 1 RightScale Access Control Authenticate with passwords or SSO Authenticate with cloud credentials
  15. 15. • AD Agents/Connectors • Okta, Ping Identity, OneLogin • Enterprise Directory Services • Active Directory Federation Services ADFS • Large Scale Provisioning • RightScale API for user provisioning • AD / LDAP integration http://tinyurl.com/m269g4j Active Directory / LDAP Integration 15
  16. 16. • Asymmetric keys private/public • Key Management • NISTIR 7966 http://tinyurl.com/lhtujnv • Key storage options • Hardware Security Modules • On-premise • Cloud services • RightScale • Encryption of keys -MUST Key Management -- SSH 16
  17. 17. Enforce Policies • Catalog of templates that meet corporate standards • Configured to your security requirements • Define which clouds can be used • Control user options and choices • Orchestrate and automate deployment and operations Workload Security: From Rogue to Policy-Based 17 Basic instances Stacks for Dev or Prod Applications
  18. 18. Standardization • Automate provisioning and configuration • Version-controlled • Follow standards for versions, patches and configuration • Leverage a variety of scripting languages • Modular and auditable • Define Security Configuration Baselines Standardize Server Configurations AWS Azure Google CloudStack OpenStack vSphere Multi-Cloud Image Configuration Scripts Containers 18
  19. 19. Standardize System Configurations 19 Load Balancers App Servers Master DB Slave DB Replicate > DNS Configure a system: Cloud Application Template (CAT) Configure a server: • ServerTemplates (portable) • Docker container (portable) • AMI • CloudFormation • VM template
  20. 20. Increase IT efficiency o Bring your own configuration management o Clone existing architectures o Updates and patches o Monitor and alert o Auto-scale up and down Patch and Update
  21. 21. Compliance Requirements o PCI E-Commerce o HIPAA / PHI/ 21CFR11 o NPI / PII o FTI IRS PUB1075 o MPAA o Data Protection / Encryption • In-transit: MUST • At rest: MUST • In process: DEPENDS o Considerations in the Cloud • Select the right cloud provider • Some cloud providers encrypt by default • Review their security documents • Most Cloud Providers will sign BAA • Segregate workloads Data Security
  22. 22. Data Residency with a Global Cloud Platform Amazon Web Services Google Cloud Platform IBM SoftLayer Rackspace Windows Azure Public Clouds Singapore Hong Kong Japan Texas DC Area SF Area Seattle Chicago Dublin London Amsterdam Oregon São Paulo Midwest Beijing Sydney W Europe Private Clouds CloudStack OpenStack vSphere Melbourne Toronto Mexico City Taiwan 22
  23. 23. • HTTPS / TLS • IP address White Listing • Private Network connections –Direct Connect, ExpressRoute, etc. • VPN IPSEC Secure Cloud Connections 23 AWS Cage Customer Cage AWS Direct Connect Azure Cage Customer Cage Azure ExpressRoute Restful APIs
  24. 24. Comply with policies • Quickly Audit Security Groups • Interactive Network Visualization • Maintain Security and Compliance Network Visibility 24
  25. 25. Architect for SLAs • HA/DR reference architectures • Cross-region and cross- cloud • Auto-scale to meet demand • Hybrid cloudbursting • Monitor and automate failover • Hot, warm, and cold DR scenarios Implement DR Architectures for your Apps 25 Load Balancers App Servers Slave DB Master DB App Servers Slave DB < Replicate Replicate > Load Balancers PRIMARY WARM DR DNS
  26. 26. Ensure availability o Separate management plane from cloud and cloud applications o RightScale platform is fully redundant o Automate failover processes for hot, warm or cold DR Outage-Proof with Independent Control Plane
  27. 27. Ensure compliance o See who changed what and when o Provide audit logs and reports to satisfy regulators o Available via API to integrate with other systems Gain Visibility with Audit Trails
  28. 28. Optimize cloud spend o Visibility o Planning and forecasting o Budgets and cost controls o Allocations o Chargeback and showback o Optimize spend Track all Cloud Usage and Costs
  29. 29. • RightScale Certifications • State of the Cloud Report • www.rightscale.com/2015-cloud-report • Private and Hybrid Cloud Whitepaper • www.rightscale.com/private-hybrid-cloud-whitepaper Questions? 29 SSAE16 SOC1 and SOC2 Type II PCI DSS SAQ C CompliantU.S.-EU Safe Harbor Framework and U.S.-Swiss Safe Harbor Framework

×