Upload
mike-kavis
View
1.692
Download
4
Tags:
Embed Size (px)
DESCRIPTION
Speech at Cloud Camp Charlotte - 11/16/2012.
Citation preview
Mike KavisVP ArchitectureInmar
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
2
Your Speaker
Mike Kavis has been architecting solutions in the cloud since 2008 and was the CTO for startup M-Dot Network which won the 2010 AWS Startup Challenge. Mike is now the VP of Architecture for Inmar who purchased M-Dot in 2011 and is responsible for Inmar’s Digital Promotions PaaS.
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
3
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Where are we?
4
How did we get here?
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
5
Today’s technologies have simply evolved from lessons learned in the
past and are being applied to address new business problems
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
6
Attribution: Bundesarchiv, B 145 Bild-F038812-0014 / Schaack, Lothar / CC-BY-SA
Centralized security
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
7
Distributed computing
8® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
&Best of both worlds:
centralized
distributed
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
9
Technology evolves and matures as adoption increases
Technology Trigger
Peak of Inflated
Expectations
Trough of Disillusionment Slope of Enlightenment
Plateau of Productivity
time
expe
ctati
ons
Standards and best practices
emerge over time
We are here
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
10
Security maturity often lags
behind because
enterprises are late
adopters
Technology Trigger
Peak of Inflated
Expectations
Trough of Disillusionment Slope of Enlightenment
Plateau of Productivity
time
expe
ctati
ons
Security M
aturity
We are here
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
What is holding the enterprises back from cloud adoption?
11
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
12
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Does this make driving safe?13
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Cloud Washing
14
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Skills Shortage
15
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
What does this mean for cloud solutions in the
enterprise?16
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
“Not in MY
firewall” syndrome
17
18® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Don’t be fooled. People are the culprits, not data centers!
Source: http://mds.ricoh.com/change/information_security_governance
Source: http://www.prnewswire.com/news-releases/leading-cause-of-data-security-breaches-are-due-to-insiders-not-outsiders-54002222.html
19® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Application & infrastructure controls are required regardless of where you deploy
Source: http://mds.ricoh.com/change/information_security_governance
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
20
Demands from Enterprise Buyers
Encrypt in flight and at rest
Audit reports: Soc2, PCI, SAS-70, etc.
Published change control procedures
Monthly patching
Published monthly performance and Uptime SLAs
Limited system access
DR and Business Continuity plans
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Tricks of
the trade
21
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Redundancy Across Zones
22
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Uptime and Scalability strategies
23
RESTful Services
B2C Site B2B Site
OLTP DB Transaction DB Reporting Database
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Scale by API Type
Uptime and Scalability strategies
24
Gold Customer Services
Standard Freemium
Normal APIs Long running APIsHigh Demand APIs
Scale by Customer Type
XL Servers
Medium Servers
Micro Servers
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Centralized Logging Strategy
25
SYSLOG
Utility Servers
DB Logs | App Svr Logs | App Logs
Log Servers
Database ServersDB Logs | App Svr Logs | App Logs
API ServersDB Logs | App Svr Logs | API Logs
Web Servers
DB Logs | App Svr Logs | Web Logs
Admins have total access
Developers access log server only
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Patching strategies
26
Patch candidate
Validate
Server Farms
Certified Versions
Deploy
3rd Party software:OS, AppServ, DB, etc. S
tage
QA
Golden Image
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Hybrid Cloud Strategies
27
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Hybrid Cloud Strategies
28
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Mitigating
Insider Threats
29
• Cloud key management policies
• Restricted access
• Production environment
• Data access
• HR screening process
• Termination process
• Monthly review of controls with security team
• Annual external audits
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
30
Perimeter & Network Security
from cloud vendors
• World class hardened facilities
• Port scanning not allowed
• DDoS mitigation strategies
• IP Spoofing protection
• Disk destruction
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
31
• World class hardened facility
• All unnecessary ports and software removed from images
• Virus scanning
• Intrusion detection reporting
• Proactive monitoring• New Relic • Cacti • Nagios • Watir
Additional Perimeter &
Network Security we
provide
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Does your data center
pass the test?
32
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Security must be envisioned, architected, and built…
33
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
Not bought
34
® © 2012 Inmar, Inc. All Rights Reserved.Not to be reproduced or distributed without written permission from Inmar
35
A cloud solution built from scratch with security in mind
What is more secure?
or a legacy datacenter?