Subscribed 2015: Architecture, Security, Scalability

Architecture, Security and Scalability in the Cloud

Andrey Kolesnikov VP, TechOps

Pritesh ParekhChief Security Officer

Agenda

Industry Trends

Compliance Strategy

Securing SaaS

Product Security

Look Inside the platform

Scale and Resiliency

Ops Approach

Security and

Trust

Industry Data

Security Breaches

Courtesy: www.informationisbeautiful.net

Courtesy: Symantec 2015 Internet Security Threat Report

Industry Data

Security Breaches

2014


Industry Data

Security Breaches

2014


Industry Data Security Breaches 2014


Industry Data

Security Breaches

2014• Top 3 entry point used for hacking

• Weak Authentication (Employee or Third Party Vendors)

• Malware infected using Phishing

• Application or Server Weakness

• Top motives are CC data and PII with email address

• Average Cost per data breach is $3.5 million or $145 per compromised

record (does not include loss of reputation)

• Hackers targeting CFOs to gain monetary advantage on market moving

information

Industry Leading

Compliance Strategy

• Required for all service providers storing or processing credit cards

• PCI DSS Level 1 since 2008• 200+ Security Controls required

• Supports Customer SOX compliance• SSAE 16 SOC 1 Type II since 2009• SOC 2 Type II based on Trust Services Principles

• HHS HIPAA audit program as a Business Associate• Compliance with Security, Privacy and Breach Notification

requirements

• Provides a method for U.S. companies to transfer personal data from the EU to US

• Protection of consumer personal data

Enterprise-grade Data Security

• TLS Encryption

• Network Firewall and Web Application Firewall

• Host Intrusion Detection Systems

• Sensitive Data Encryption using FIPS certified Hardware Encryption

• Multiple layers of authentication

• Continuous Application Pen Testing

• Daily Network Scans & Third Party Security testing

• Centralized Logging and Real-time Alerting

• Secure SSAE16 Compliant Data Centers

Load Balancers Load Balancers

Log ServersDB Servers

Firewall IDS

Firewall IDS

Zuora UI Customer Apps APIs

TLS

Storage

Encryption ApplianceApp Servers

Enterprise-grade Data Security

Strong authentication features

support enterprise ecosystem

integration• Strong Security Policies

• 2-factor Authentication

• Single Sign-on support

• IP-address filtering

Granular data access features supports SOX compliance requirements

65 distinct permissions for standard and admin user roles

Data Access Control

WORLDWIDE

NORTH AMERICA

US CANADA

EUROPE

ITALY FRANCE

• Greater Control with the hierarchy based data access feature

• Access can be granted on a need-to-know basis (department, geo-location, product etc.)

Data Access Control

Ops

Private CloudCommercial SoftwareQuarterly ReleasesSQL VMsMTBFDIY

Stack Trends

Public CloudOSSContinuous DeliveryNoSQLContainersMTTRSaaS

SaaS v1.0 SaaS v2.Current

SLIDE HEADER

Across Zuora Platform

Transactions a

month

Rows of data

synchronized and

exported

Average Monthly Volume Snapshot:

Average platform

compute utilization

1.3B

22B

40%

3 Team Pillars

Customer, Technology,

Business

50/50Developer/

SysEng Ratio

2 Public Cloud

Regions

2Operation Centers

900+ Nodes

2 Geo Distributed

datacenters

Look Inside

TiersEphemeral

Persistent

Infrastructure

Fault

DomainsVertical

Horizontal

ScaleHorizontal

Vertical

Partition

Approach to

Infrastructure

Embed Ops into Dev

Durability > Availability

API > Scripts

Metrics, Metrics, Metrics

Ops Approach

GRIDGRIDSummary

GRID

• Compliance Certifications – PCI, SOC1, SOC2 and HIPPA

• Data Security – Web Application Firewall, Host Based Intrusion Detection System and Continuous Security Testing

• Product Security – 2FA, SSO, Data Access Controls and Strong Security Policies

• Infrastructure – Public/Private Cloud, OSS

• Architecture – Right size/approach for the problem

• Operators – Mix of Developers and Systems Engineers

HEADING

Section break slide

Q&A