My Cloud is more Secure than your Data Center

Mike KavisVP ArchitectureInmar

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

2

Your Speaker

Mike Kavis has been architecting solutions in the cloud since 2008 and was the CTO for startup M-Dot Network which won the 2010 AWS Startup Challenge. Mike is now the VP of Architecture for Inmar who purchased M-Dot in 2011 and is responsible for Inmar’s Digital Promotions PaaS.

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

3

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Where are we?

4

How did we get here?

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

5

Today’s technologies have simply evolved from lessons learned in the

past and are being applied to address new business problems

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

6

Attribution: Bundesarchiv, B 145 Bild-F038812-0014 / Schaack, Lothar / CC-BY-SA

Centralized security

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

7

Distributed computing

8® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

&Best of both worlds:

centralized

distributed

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

9

Technology evolves and matures as adoption increases

Technology Trigger

Peak of Inflated

Expectations

Trough of Disillusionment Slope of Enlightenment

Plateau of Productivity

time

expe

ctati

ons

Standards and best practices

emerge over time

We are here

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

10

Security maturity often lags

behind because

enterprises are late

adopters

Technology Trigger

Peak of Inflated

Expectations

Trough of Disillusionment Slope of Enlightenment

Plateau of Productivity

time

expe

ctati

ons

Security M

aturity

We are here

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

What is holding the enterprises back from cloud adoption?

11

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

12

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Does this make driving safe?13

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Cloud Washing

14

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Skills Shortage

15

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

What does this mean for cloud solutions in the

enterprise?16

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

“Not in MY

firewall” syndrome

17

18® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Don’t be fooled. People are the culprits, not data centers!

Source: http://mds.ricoh.com/change/information_security_governance

Source: http://www.prnewswire.com/news-releases/leading-cause-of-data-security-breaches-are-due-to-insiders-not-outsiders-54002222.html

19® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Application & infrastructure controls are required regardless of where you deploy

Source: http://mds.ricoh.com/change/information_security_governance

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

20

Demands from Enterprise Buyers

Encrypt in flight and at rest

Audit reports: Soc2, PCI, SAS-70, etc.

Published change control procedures

Monthly patching

Published monthly performance and Uptime SLAs

Limited system access

DR and Business Continuity plans

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Tricks of

the trade

21

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Redundancy Across Zones

22

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Uptime and Scalability strategies

23

RESTful Services

B2C Site B2B Site

OLTP DB Transaction DB Reporting Database

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Scale by API Type

Uptime and Scalability strategies

24

Gold Customer Services

Standard Freemium

Normal APIs Long running APIsHigh Demand APIs

Scale by Customer Type

XL Servers

Medium Servers

Micro Servers

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Centralized Logging Strategy

25

SYSLOG

Utility Servers

DB Logs | App Svr Logs | App Logs

Log Servers

Database ServersDB Logs | App Svr Logs | App Logs

API ServersDB Logs | App Svr Logs | API Logs

Web Servers

DB Logs | App Svr Logs | Web Logs

Admins have total access

Developers access log server only

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Patching strategies

26

Patch candidate

Validate

Server Farms

Certified Versions

Deploy

3rd Party software:OS, AppServ, DB, etc. S

tage

QA

Golden Image

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Hybrid Cloud Strategies

27

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Hybrid Cloud Strategies

28

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Mitigating

Insider Threats

29

• Cloud key management policies

• Restricted access

• Production environment

• Data access

• HR screening process

• Termination process

• Monthly review of controls with security team

• Annual external audits

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

30

Perimeter & Network Security

from cloud vendors

• World class hardened facilities

• Port scanning not allowed

• DDoS mitigation strategies

• IP Spoofing protection

• Disk destruction

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

31

• World class hardened facility

• All unnecessary ports and software removed from images

• Virus scanning

• Intrusion detection reporting

• Proactive monitoring• New Relic • Cacti • Nagios • Watir

Additional Perimeter &

Network Security we

provide

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Does your data center

pass the test?

32

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Security must be envisioned, architected, and built…

33

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

Not bought

34

® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar

35

A cloud solution built from scratch with security in mind

What is more secure?

or a legacy datacenter?

For more information:

Michael.kavis@inmar.com727.686.5999

Mike Kavis