www.cloudsec.com | #CLOUDSEC

Cloud Transformation and Significance of SecurityMohit Sharma, Chief Architect & Cloud Evangelist

@onlinesince2009

#CLOUDSEC

Datacenter Management

Policy for physical security of Data Center Inventory of

assets

Change Management Policy

Redundant cooling system

Visitor record maintenanceLabelling

Vendor Contact details in case of emergency

Physical Network Management

#CLOUDSEC

Which facility is more secure?Expert third party auditors make the claim, not operators themselves

#CLOUDSEC

Why Cloud?

Cost AgilityScalability

SecurityReduced Ops SLA (reliability)

“Public Cloud Availability”some of the major players

#CLOUDSEC

Magic Quadrant for Cloud Infrastructure as a Service, WorldwidePublished: 03 August 2016

Source: Gartner

#CLOUDSEC

Global Coverage - AWSThe AWS Cloud operates 35 Availability Zones within 13 geographic Regions around the world, with 9 more Availability Zones and 4more Regions coming online throughout the next year.

OPERATIONAL

US East (N. Virginia) Asia Pacific (Singapore)

US West (Oregon) Asia Pacific (Tokyo)

US West (N. California) Asia Pacific (Sydney)

EU (Ireland) Asia Pacific (Seoul)

EU (Frankfurt) Asia Pacific (Mumbai)

South America (São Paulo) China (Beijing)

NEWLY ANNOUNCED

Ohio

Ningxia

UK

Montreal

Source: AWS

#CLOUDSEC

Global Coverage - Microsoft AzureOPERATIONAL

Central US West EuropeNorth Europe

South Central US

East US East AsiaCanada Central

West US

East US 2 Southeast AsiaCanada East

West US 2

US Gov. Iowa Japan East West India Australia East

US Gov. Virginia Japan West China East Australia Southeast

North Central US Brazil South China North Central India

West Central US South India

NEWLY ANNOUNCED

US DoD EastUnited Kingdom South Germany Central Korea Central

US DoD WestUnited Kingdom West

Germany Northeast Korea South

Azure is generally available in 26 regions around the world, and has announced plans for 8 additional regions.

Source: Microsoft

#CLOUDSEC

Global Coverage - GCPDeploy Cloud Platform services by zone, within or across regions. GCP offer Compute Engine in five regions containing a total of 15 zones, for example.

Region Location Available zones Features

Western US The Dalles, Oregon us-west1-aus-west1-b

•Broadwell processors•32-core machine types•Local SSDs

Central US Council Bluffs, Iowa us-central1-a •Sandy Bridge processors•Local SSDs

us-central1-bus-central1-c

•Haswell processors•32-core machine types•Local SSDs

us-central1-f •Ivy Bridge processors•32-core machine types•Local SSDs

Eastern US Berkeley County, South Carolina

us-east1-bus-east1-cus-east1-d

•Haswell processors•32-core machine types•Local SSDs

Western Europe St. Ghislain, Belgium europe-west1-b •Sandy Bridge processors•Local SSDs

europe-west1-c •Ivy Bridge processors•32-core machine types•Local SSDs

europe-west1-d •Haswell processors•32-core machine types•Local SSDs

East Asia Changhua County, Taiwan

asia-east1-aasia-east1-basia-east1-c

•Ivy Bridge processors•32-core machine types•Local SSDs

Source: Google

#CLOUDSEC

Compliance and Audits - AWS

Source: AWS

#CLOUDSEC

Compliance and Audits - Azure

Source: Microsoft

#CLOUDSEC

Compliance and Audits - GCPGoogle has annual audits for the following standards:•SSAE16 / ISAE 3402 Type II:

• SOC 2• SOC 3 public audit report

•ISO 27001, one of the most widely recognized, internationally accepted independent security standards. Google has earned ISO 27001 certification for the systems, applications, people, technology, processes and data centers serving Google Cloud Platform.• ISO 27017, Cloud Security, This is an international standard of practice for information security controls based on ISO/IEC 27002 specifically for cloud services.•ISO 27018, Cloud Privacy, Privacy, This is an international standard of practice for protection of personally identifiable information (PII) in public clouds services.• FedRamp ATO for Google App Engine•PCI DSS v3.1

HIPAAGoogle Cloud Platform will also support HIPAA covered customers by entering into a Business Associates Agreement. The Cloud Platform BAA currently covers Compute Engine, Cloud Storage, Cloud SQL, Genomics, and BigQuery.

Google Cloud Platform and the EU Data Protection Directive

As part of Google’s rigorous privacy and compliance standards and commitment to our customers, Google Cloud Platform offers EU model contract clauses for customers subject to the EU Data Protection Directive.

Source: Google

#CLOUDSEC

Compliance and Audits – Private Data Center

#CLOUDSEC

Which facility is more secure?Expert third party auditors make the claim, not operators themselves

“Cloud Transformation”

#CLOUDSEC

What data types can be stored in the cloud?

#CLOUDSEC

What data types can be stored in the cloud?

#CLOUDSEC

What data types can be stored in the cloud?

#CLOUDSEC

Cloud Transformation has taken shape globally

ENTERPRISES.STARTUPS.GOVERNMENTS. UNIVERSITIES.

#CLOUDSEC

Initial Cloud Adoption Use-case

Storage Disaster RecoveryTest/Dev

Production Non-mission Critical Application

#CLOUDSEC

CLOUD MIGRATION METHODLOGY

CloudAssessment

Phase

Proof of Concept

Phase

Data Migration

Phase

Application Migration

Phase

Leverage the Cloud Phase

Optimization Phase

#CLOUDSEC

Application Considerations

Cloud-native applications

E-business hosting

General Business hosting

Enterprise Application

Development Environment

Batch Processing

Internet of Things (IOT) applications

#CLOUDSEC

Multi-cloud Adoption

Source: RightScale State of Cloud report 2016

#CLOUDSEC

Hybrid Cloud Connectivity

#CLOUDSEC

Hybrid Cloud Connectivity

“Security – Its better to be proactive than reactive”

#CLOUDSEC

Cloud Security – a shared responsibility

Source: HP

#CLOUDSEC

Where do data breaches really come from?

#CLOUDSEC

Infrastructure & Network Security

Cloud Provider Physical Security

Network Security

● WAF

Cloud Provider Peripheral Security

● IAM● MFA

Infrastructure Security

● IPS/IDS● Antimalware● DDoS● Integrity

monitoring● Web Reputation

#CLOUDSEC

Secure your Workloads

#CLOUDSEC

Secure your Entry Points

“Cloud Native Journey”

#CLOUDSEC

Continued Cloud Transformation

Deploy Quickly & Scale EasilySecurity, Compliance & Cost Effective

Guarantee High Availability & Performance

Ease of access to multiple cloud

#CLOUDSEC

The Legacy Migration JourneyCompletes your Cloud service assurance model

Infrastructure support transition

End-to-end security

enablement

MANAGE SECUREMIGRATE

Lift-and-shift migration approach

OPTIMIZE

Cost optimization and automation

#CLOUDSEC

Cloud Transformation – Well Architected FrameworkDESIGN FOR RELIABILITY & PERFORMANCE

Monitoring of service limitsNetwork topology best practicesApplication scalability planning and benchmarkingAutomation – deployment and patchingDR and backup planningApplication component fault tolerance and resiliencyResource design, selection and sizing – based on performancebenchmarkingResource monitoring and capacity planning

DESIGN FOR DEVOPSDefine and deploy CI/CD pipelineDefine and automate environment provisioning frameworkDefine and establish automated configuration management frameworkDefine and establish application performance benchmarking framework

DESIGN FOR COST ASSURANCEDefine and establish account and tagging best practicesResource utilisation tracking and optimisationDev tests automationRI PlanningCost control policy and alerts

#CLOUDSEC

Managing Your Cloud Success

Cloud Infrastructure+ App Management

Completes your Cloud service assurance model

Cloud Automation+ Cost Optimization

STABILITY EFFICIENCY SECURITY

Hybrid Cloud Security+ Security Compliance

CLOUDServices

Audit & Automation

#CLOUDSEC

Offering

LET’S START YOURTRANSFORMATION TODAY!LET’S START YOURTRANSFORMATION TODAY!

www.cloudnayan.com

Mohit SharmaCloudNayanmohit@cloudnayan.com+6596274231@onlinesince2009