CSA colorado 2016 presentation CloudPassage

Preview:

Click to see full reader

Citation preview

TheNewBestPractices:CloudComputing,HybridArchitectureandAgileITDelivery

SamiLainePrincipalTechnologistCloudPassage

IntroducingCloudPassage

On-demand,automatedsecurityplatformthatworksanywhere,at anyscale

Maturestartup– $91MfundingfromleadingVCs

100+enterprisecustomers

7X growthinprotected workloads inlast2years

3 |©2016CloudPassageConfidential

Howlongdoyourmosttransientworkloadslive?

4 |©2016CloudPassageConfidential

Weeks MinutesHours

TransformationofInfrastructureDelivery

DrivenbybusinessAgility,Speed,Efficiency

Software-definedDC IT-as-a-Service Public,Hybrid&Multicloud

TransformationofInfrastructureDelivery

Traditional(Mode1) Modern(Mode2)

DataCenter

DataCenter,SDDCorPrivateCloud

Public,HybridorMulti-Cloud

• Datacenter&perimeteroriented• Applicationsondedicatedhardware• Totalownership,visibility&control• Lowrateofchange

• Cloudoriented,degradedperimeter• Sharedresources,distributedworkloads• Sharedownership,lowvisibility&control• Highrateofchange

7 |©2016CloudPassageConfidential

Howmanymoreserverswillyouhave?

PerformanceDataSource:Geekbench (PrimateLabs)

AWSEC2c4.largeScore:3,911

36nodes

AzureStandardA3Score:3,594

39nodes

DellPowerEdgeR930Score:141,129

1node

InfrastructureScale

PerformanceDataSource:Geekbench (PrimateLabs)

AWSEC2c4.largeScore:3,911

36nodes

AzureStandardA3Score:3,594

39nodes

DellPowerEdgeR930Score:141,129

1node

30-40xmoresystemstosecure

InfrastructureScale

10 |©2016CloudPassageConfidential

Howoftenwillyour

serverschange?

TransformationofApplicationDelivery

Jan DecFeb Mar Apr May Jun Jul Aug Sep Oct Nov

Q1 Q2 Q3 Q4

Mon Tue Wed Thu Fri Sat Sun

November

Plan Code DeployTest/QA

Waterfall(Mode1) DevOps(Mode2)

• 9-12monthcycletime• Verylargereleasesize• Manualdeployment

• 1-daycycletime• Frequent,smallchanges• Automateddeployment

TransformationofApplicationDelivery

Source:PuppetLabs2016StateofDevOpsReport

Speed

200x

200xmorefrequent

deployments

Resilience

24x

24xfasterrecoveryfrom

failures

Quality

3x

3xlowerchangefailure

rate

Efficiency

2,555x

2,555xshorterleadtimes

Security

2xlesstimeonsecurityremediation

2x

Source:PuppetLabs2016StateofDevOpsReport

Speed Resilience Quality Efficiency

200x 24x 3x 2,555x

200xmorefrequent

deployments

24xfasterrecoveryfrom

failures

3xlowerchangefailure

rate

2,555xshorterleadtimes

Security

2xlesstimeonsecurityremediation

2x

TransformationofApplicationDelivery

200xmorefrequentdeployments

14 |©2016CloudPassageConfidential

Sowhat?

SpeedandAutomationBreaksTraditionalSecurity

Sorryaboutthat.

DataCenter,SDDCorPrivateCloud

Public,HybridorMulti-Cloud

SpeedandAutomationBreaksTraditionalSecurity

• Perimeterandnetworkfocused• Heavyfootprintsonsystems• BuiltforstaticIPaddresses• Notdesignedforautomation• LackscomprehensiveAPIs• Reliesondedicatedappliances

17 |©2016CloudPassageConfidential

AgileITrequires

agilesecurity!

ReleaseProcess

Plan Code Build Test Release Deploy Operate

Agile Development

Continuous Integration

Continuous Delivery

DevOps

Value

Continuous Deployment

OpsDev

Collaboration

TraditionalSecurity

Plan Code Build Test Release Deploy Operate

Achtung!Security

Gate!

Yay! Security Guardrails!

Re-alignSecurityToModernITDelivery

Plan Code Build Test Release Deploy Operate

Yay! Security Guardrails!

Re-alignSecurityToModernITDelivery

Plan Code Build Test Release Deploy Operate

• Plan– Definesecuritypolicyandbenchmarksforeachtypeofworkload

• Build&Test– Catchvulnerability&configurationissues,generatebaselines• Deploy– Applyproductionpoliciestosystemsautomatically

• Operate– ContinuouslyfeedSecOps andAudit&Compliancesystems

Re-alignSecurityToModernITDelivery

• On-demand,self-service• Automated,rapidexpansion• Measuredormeteredservice• Ubiquitous,convenientaccess• Resourcepooledgrid• Highlyscalable• Design-patternbased

• On-demand,Security-as-a-Service• Automated,rapidexpansion• Meteredlicensing• Ubiquitous,convenientaccess• Resourcepooledgrid• Highlyscalable• Design-patternbased

AgileITDelivery AgileSecurityDelivery

23 |©2016CloudPassageConfidential

Whatisthenewroleofsecurity?

NewRoleofSecurity

vs.

Culture• collaboration

• education

Automation• integrationtotoolchain

• policydevelopment

Measurement• outcomes

• feedback

The Eight Imperatives for Agile & Scalable Cloud Security

1. Deeply automated & API-driven

2. Ready for orchestration

3. Built into workloads

4. Runs anywhere

5. Context-aware & policy-based

6. Broad set of controls

7. Instant & long-term scalability

8. Aligned with DevOps principles

26 |©2016CloudPassageConfidential

OK,so…whatdoyouguys

doaboutit?

CloudPassageHalo

ReduceSoftwareAttackSurface

• Vulnerabilities

• Configuration

• Accounts

MonitorforCompromise

• Integrity

• Intrusion

ReduceNetworkAttackSurface

• Connections

• Firewall

• Authentication

VMs

Servers

VMs

PublicClouds DataCenters&PrivateClouds

VMs

InfrastructureOrchestration

SOC&GRCSystems

Recommended

CSA Certification Handbook - c.ymcdn.com · CSA Certification Handbook . CSA Certification Council . 720 S Colorado Boulevard, Suite 750 North, Denver CO 80246 . 800.653.1785 certification@csa.us
Documents
CSA 201 CSA Basics-Can CSA Pay?...CSA 201 CSA Basics-Can CSA Pay? 2019 Children’s Services Act Conference Resiliency: Achieving the Possible Presented by Carol Wilson OCS Program
Documents
Annie's CSA
Education
2017 CSA Certification Handbook - c.ymcdn.com · 2017 CSA Certification Handbook . CSA Certification Council . 720 S Colorado Boulevard, Suite 750 North, Denver CO 80246 . 800.653.1785
Documents
Contractor Sourcing Application (CSA) Training Sourcing Application (CSA) Training 1 New New Supplier Supplier Presentation 2011Presentation 2011 Agenda CSA Overview CSA CSA m major
Documents
CSA Orientation
Documents
Csa Summit 2017 - Csa Star for dummies
Technology
How to Maintain a Sustainable Low-Input CSA Farm …...How to Maintain a Sustainable Low-Input CSA Farm in Colorado Leslie Reiker Colorado State University Human Nutrition & Food Science-Dietetics
Documents
Monitoring Configuration Security With CloudPassage Halo
Documents
Csa catalogue
Documents
CSA Global Geotourism Division - iiNetmembers.iinet.net.au/~domino/dad_2010/images/portfolio/CSA Glob… · CSA Global Geotourism Division Defining the Landscape for Tourism . CSA
Documents
WTO/CSA Technical Work Program / Travaux techniques de ......WTO/CSA Technical Work Program / Travaux techniques de CSA/OMC CSA Reference / Référence CSA Action TA ED Title Titre
Documents
Csa guidebook
Documents
2017 CSA Certification Handbook - c.ymcdn.comc.ymcdn.com/.../resource/resmgr/Docs/CSA_Certification_Handbook… · 2017 CSA Certification Handbook . CSA Certification Council . 720
Documents
Csa Manual
Documents
CSA- Marianne
News & Politics
CSA Alloy Wheels Catalogue 2017 - CSA Direct
Documents
CSA Worldwide
Documents
Timber Csa
Documents
Operationalizing CSA: Applications and CSA Metrics CSA... · Operationalizing CSA: Applications and CSA Metrics . LEARNING OBJECTIVES Participants will : • Gain a deeper understanding
Documents