Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
www.cloudsec.com | #CLOUDSEC
Cloud Transformation and Significance of SecurityMohit Sharma, Chief Architect & Cloud Evangelist
@onlinesince2009
#CLOUDSEC
Datacenter Management
Policy for physical security of Data Center Inventory of
assets
Change Management Policy
Redundant cooling system
Visitor record maintenanceLabelling
Vendor Contact details in case of emergency
Physical Network Management
#CLOUDSEC
Which facility is more secure?Expert third party auditors make the claim, not operators themselves
#CLOUDSEC
Why Cloud?
Cost AgilityScalability
SecurityReduced Ops SLA (reliability)
“Public Cloud Availability”some of the major players
#CLOUDSEC
Magic Quadrant for Cloud Infrastructure as a Service, WorldwidePublished: 03 August 2016
Source: Gartner
#CLOUDSEC
Global Coverage - AWSThe AWS Cloud operates 35 Availability Zones within 13 geographic Regions around the world, with 9 more Availability Zones and 4more Regions coming online throughout the next year.
OPERATIONAL
US East (N. Virginia) Asia Pacific (Singapore)
US West (Oregon) Asia Pacific (Tokyo)
US West (N. California) Asia Pacific (Sydney)
EU (Ireland) Asia Pacific (Seoul)
EU (Frankfurt) Asia Pacific (Mumbai)
South America (São Paulo) China (Beijing)
NEWLY ANNOUNCED
Ohio
Ningxia
UK
Montreal
Source: AWS
#CLOUDSEC
Global Coverage - Microsoft AzureOPERATIONAL
Central US West EuropeNorth Europe
South Central US
East US East AsiaCanada Central
West US
East US 2 Southeast AsiaCanada East
West US 2
US Gov. Iowa Japan East West India Australia East
US Gov. Virginia Japan West China East Australia Southeast
North Central US Brazil South China North Central India
West Central US South India
NEWLY ANNOUNCED
US DoD EastUnited Kingdom South Germany Central Korea Central
US DoD WestUnited Kingdom West
Germany Northeast Korea South
Azure is generally available in 26 regions around the world, and has announced plans for 8 additional regions.
Source: Microsoft
#CLOUDSEC
Global Coverage - GCPDeploy Cloud Platform services by zone, within or across regions. GCP offer Compute Engine in five regions containing a total of 15 zones, for example.
Region Location Available zones Features
Western US The Dalles, Oregon us-west1-aus-west1-b
•Broadwell processors•32-core machine types•Local SSDs
Central US Council Bluffs, Iowa us-central1-a •Sandy Bridge processors•Local SSDs
us-central1-bus-central1-c
•Haswell processors•32-core machine types•Local SSDs
us-central1-f •Ivy Bridge processors•32-core machine types•Local SSDs
Eastern US Berkeley County, South Carolina
us-east1-bus-east1-cus-east1-d
•Haswell processors•32-core machine types•Local SSDs
Western Europe St. Ghislain, Belgium europe-west1-b •Sandy Bridge processors•Local SSDs
europe-west1-c •Ivy Bridge processors•32-core machine types•Local SSDs
europe-west1-d •Haswell processors•32-core machine types•Local SSDs
East Asia Changhua County, Taiwan
asia-east1-aasia-east1-basia-east1-c
•Ivy Bridge processors•32-core machine types•Local SSDs
Source: Google
#CLOUDSEC
Compliance and Audits - AWS
Source: AWS
#CLOUDSEC
Compliance and Audits - Azure
Source: Microsoft
#CLOUDSEC
Compliance and Audits - GCPGoogle has annual audits for the following standards:•SSAE16 / ISAE 3402 Type II:
• SOC 2• SOC 3 public audit report
•ISO 27001, one of the most widely recognized, internationally accepted independent security standards. Google has earned ISO 27001 certification for the systems, applications, people, technology, processes and data centers serving Google Cloud Platform.• ISO 27017, Cloud Security, This is an international standard of practice for information security controls based on ISO/IEC 27002 specifically for cloud services.•ISO 27018, Cloud Privacy, Privacy, This is an international standard of practice for protection of personally identifiable information (PII) in public clouds services.• FedRamp ATO for Google App Engine•PCI DSS v3.1
HIPAAGoogle Cloud Platform will also support HIPAA covered customers by entering into a Business Associates Agreement. The Cloud Platform BAA currently covers Compute Engine, Cloud Storage, Cloud SQL, Genomics, and BigQuery.
Google Cloud Platform and the EU Data Protection Directive
As part of Google’s rigorous privacy and compliance standards and commitment to our customers, Google Cloud Platform offers EU model contract clauses for customers subject to the EU Data Protection Directive.
Source: Google
#CLOUDSEC
Compliance and Audits – Private Data Center
#CLOUDSEC
Which facility is more secure?Expert third party auditors make the claim, not operators themselves
“Cloud Transformation”
#CLOUDSEC
What data types can be stored in the cloud?
#CLOUDSEC
What data types can be stored in the cloud?
#CLOUDSEC
What data types can be stored in the cloud?
#CLOUDSEC
Cloud Transformation has taken shape globally
ENTERPRISES.STARTUPS.GOVERNMENTS. UNIVERSITIES.
#CLOUDSEC
Initial Cloud Adoption Use-case
Storage Disaster RecoveryTest/Dev
Production Non-mission Critical Application
#CLOUDSEC
CLOUD MIGRATION METHODLOGY
CloudAssessment
Phase
Proof of Concept
Phase
Data Migration
Phase
Application Migration
Phase
Leverage the Cloud Phase
Optimization Phase
#CLOUDSEC
Application Considerations
Cloud-native applications
E-business hosting
General Business hosting
Enterprise Application
Development Environment
Batch Processing
Internet of Things (IOT) applications
#CLOUDSEC
Multi-cloud Adoption
Source: RightScale State of Cloud report 2016
#CLOUDSEC
Hybrid Cloud Connectivity
#CLOUDSEC
Hybrid Cloud Connectivity
“Security – Its better to be proactive than reactive”
#CLOUDSEC
Cloud Security – a shared responsibility
Source: HP
#CLOUDSEC
Where do data breaches really come from?
#CLOUDSEC
Infrastructure & Network Security
Cloud Provider Physical Security
Network Security
● WAF
Cloud Provider Peripheral Security
● IAM● MFA
Infrastructure Security
● IPS/IDS● Antimalware● DDoS● Integrity
monitoring● Web Reputation
#CLOUDSEC
Secure your Workloads
#CLOUDSEC
Secure your Entry Points
“Cloud Native Journey”
#CLOUDSEC
Continued Cloud Transformation
Deploy Quickly & Scale EasilySecurity, Compliance & Cost Effective
Guarantee High Availability & Performance
Ease of access to multiple cloud
#CLOUDSEC
The Legacy Migration JourneyCompletes your Cloud service assurance model
Infrastructure support transition
End-to-end security
enablement
MANAGE SECUREMIGRATE
Lift-and-shift migration approach
OPTIMIZE
Cost optimization and automation
#CLOUDSEC
Cloud Transformation – Well Architected FrameworkDESIGN FOR RELIABILITY & PERFORMANCE
Monitoring of service limitsNetwork topology best practicesApplication scalability planning and benchmarkingAutomation – deployment and patchingDR and backup planningApplication component fault tolerance and resiliencyResource design, selection and sizing – based on performancebenchmarkingResource monitoring and capacity planning
DESIGN FOR DEVOPSDefine and deploy CI/CD pipelineDefine and automate environment provisioning frameworkDefine and establish automated configuration management frameworkDefine and establish application performance benchmarking framework
DESIGN FOR COST ASSURANCEDefine and establish account and tagging best practicesResource utilisation tracking and optimisationDev tests automationRI PlanningCost control policy and alerts
#CLOUDSEC
Managing Your Cloud Success
Cloud Infrastructure+ App Management
Completes your Cloud service assurance model
Cloud Automation+ Cost Optimization
STABILITY EFFICIENCY SECURITY
Hybrid Cloud Security+ Security Compliance
CLOUDServices
Audit & Automation
#CLOUDSEC
Offering
LET’S START YOURTRANSFORMATION TODAY!LET’S START YOURTRANSFORMATION TODAY!
www.cloudnayan.com
Mohit [email protected]+6596274231@onlinesince2009