The easiest way to explain cloud is by talking about Pizza. We updated the story to talk about Security and the AWS Shared Security Model by talking about cake! Cloud, Security, Pizza and Cake what could be better?
2. One of the easiest ways to define cloud is
to compare it to pizza!
No, seriously!
You’ve probably already seen this but
we’re surprised by how many people
haven’t so we thought we’d share it
again.
3. Four Strategies of Pizza:
➔Made at Home
➔Take & Bake
➔Delivery
➔Dine out
All the models have the same key elements for making an
awesome pizza experience including the dough, sauce, cheese,
toppings, fuel / electric, oven, pan, table and soda.
4. Soda
Table
Pan
Oven
Fuel / Electric
Toppings
Cheese
Sauce
Pizza Dough
Soda
Table
Pan
Oven
Fuel / Electric
Toppings
Cheese
Sauce
Pizza Dough
Soda
Table
Pan
Oven
Fuel / Electric
Toppings
Cheese
Sauce
Pizza Dough
Soda
Table
Pan
Oven
Fuel / Electric
Toppings
Cheese
Sauce
Pizza Dough
Pizza as a Service
Made at Home Take & Bake Delivery Dine Out
5. ➢Obviously Made at Home makes you
completely responsible for everything.
➢Take & Bake allows you to pick up a pizza of
your choice, throw it in the oven at home and
enjoy.
➢Delivery makes it so seriously easy, it just
shows up and you enjoy.
➢Dine Out means you don’t even have to throw
the paper plates away.
6. How often you eat pizza, the types of pizza, if you
have a pizza oven, how lazy you are and many
other factors go into picking the right model for
you.
Heck, you might even use all the models for your
pizza sourcing. We do!
7. Four Cloud Strategies (compared to Pizza):
➔On Premise – You Manage
➔Infrastructure as a Service (Iaas)
➔Platform as a Service (PaaS)
➔Software as a Service (SaaS)
Key elements to determine your cloud service needs include
Networking, Storage, Servers, Virtualization, Operating
System, Middleware, Runtime, Data and Applications. You
also need to include Security, Automation / Orchestration,
Service Assurance / Monitoring and Governance & Processes.
9. Maybe this comparison takes it too far for some, but for
us it works to keep the conversation very simple (it also
makes us very hungry).
It’s amazing how often we come back to this
conversation. We always encourage our customers and
business partners to move their services as far up the
stack as possible (where and when it makes business
sense)!
Enjoy your pizza and your cloud!
11. One of the easiest ways to talk about
security is to talk about cake, err I mean
layers!
No, seriously!
You’ve come this far, be patient and see
where this crazy story goes. Plus after all
that pizza you need some dessert!
12. “Layers...
You both have layers. You know, not
everybody likes onions (security).
Cake!
Everybody loves cakes!
Cakes have layers!”
Donkey, From Shrek
13. Security in the Cloud is a Shared Responsibility.
"Security IN the Cloud" - Customer responsibility
is determined by services they consume. You are
always responsible for your content and
applications.
"Security OF the Cloud" - Your Cloud Provider is
responsible for protecting the infrastructure that
runs all of the services they offer.
14. Customer Content
Client-side
Data
Encryption
Platform, Apps, IAM
OS, Network & Firewalls
Foundational Services
Compute, Storage, Database,
Network
Infrastructure
Server-side
Data
Encryption
Network
Traffic
Protection
Customer Content
Client-side
Data
Encryption
Platform, Apps, IAM
OS, Network & Firewalls
Foundational Services
Compute, Storage, Database,
Network
Infrastructure
Availability Zones, Regions, Edge
Locations
Server-side
Data
Encryption
Network
Traffic
Protection
Customer Content
Client-side
Data
Encryption
Platform, Apps, IAM
OS, Network & Firewalls
Foundational Services
Compute, Storage, Database,
Network
Infrastructure
Availability Zones, Regions, Edge
Locations
Server-side
Data
Encryption
Network
Traffic
Protection
Customer Content
Client-side
Data
Encryption
Platform, Apps, IAM
OS, Network & Firewalls
Foundational Services
Compute, Storage, Database,
Network
Infrastructure
Availability Zones, Regions, Edge
Locations
Server-side
Data
Encryption
Network
Traffic
Protection
On Premise You Manage AWS Infrastructure Services AWS Container Services AWS Serverless, Micro
Services & SaaS
AWS Shared Security ModelMove as Far Up The Stack As Possible
Customer’s Security Responsibility Decreases as They Move
Right
Customer
Responsibility
ASW
Responsibility
15. Similar to the Pizza & Cloud models,
Security becomes easier the further up
the stack you go!
Changing your applications, technology
stacks and culture is where you have to
invest to get the value! And that’s not
always so easy.
16. Just like AWS always says, Security is Job
Zero! It has to come before anything else
and has to be baked (see what we did
there?) into everything!
There are core Security Design Principles
that need to be addressed no matter
where you are hosting.
17. Security Design Principles
★ Implement a Strong Identity Foundation
★ Enable Traceability
★ Apply Security at All Layers
★ Automate Security Best Practices
★ Protect Data in Transit and at Rest
★ Prepare for Security Events