EFFICIENTLY MIGRATE YOUR APPLICATIONS TO THE CLOUD
Edy Almer
GOALS FOR TODAY
• Will my organization’s applications be migrated to the cloud ? Why or why not ?
• What/ How long will it take to move the security portion ?
• How can I expedite and reduce cost of the process ?
2 | Confidential
WHY MOVE ?
• Organizations want to reap the benefits of cloud adoption – cost, agility, elasticity
• Process started by developers for new applications
• Biggest benefit may be for old applications
• The result is a security officer’s nightmare – a “jungle” of assets across multiple environments, some of which are not even known to the officer
3 | Confidential
CONCERNS – WHY NOT ?
• Some organizations need to re-write older non virtualized applications to facilitate the move
• Some applications are sensitive to latency – hard to move them
• Some applications are regulated in ways that will not allow moving them off premises
4 | Confidential
REGULATION
• AWS already has over 15 zones, with the ability to prove data will not leave the zone, including Australia, UK, EU
• Azure is following quickly
• Australian Banks encouraged to use local cloud services by regulator.
5 | Confidential
LATENCY
• AT&T’s Domain 2.0 , supported by additional Telcos aims to provide very low latency data centers than can be dynamically configured –solving even that use case
• Higher performance instances will also help reduce overall latency
• Advanced tools will allow moving parts of an application into the cloud, while the sensitive parts stay on site.
6 | Confidential
MOVING APPLICATIONS TO THE CLOUD
• Average 20,000-50,000 person organization has
applications
7 | Confidential
500
MOVING APPLICATIONS TO THE CLOUD
• Average 20,000-50,000 person organization has
applications
8 | Confidential
800
MOVING APPLICATIONS TO THE CLOUD
• Average 20,000-50,000 person organization has
applications
9 | Confidential
1000
MOVING APPLICATIONS TO THE CLOUD
• Average 20,000-50,000 person organization has
applications
10 | Confidential
1300
MOVING APPLICATIONS TO THE CLOUD
• Average 20,000-50,000 person organization has
applications
• 85% are virtualized
11 | Confidential
1300
HOW LONG TO MAP ?
• A good consultant can do 5 applications a week
• 5 consultants can map over 90% of applications in under a year
• Good CMDBs are over 95% accurate – can validate 2 applications a day
• 6 months ?
12 | Confidential
HOW MANY FLOWS ?
• A simple application has 10 flows
• A medium application has 25 flows
• A complex application has over 100 flows
13 | Confidential
POLL
How many applications do you have ?
14 | Confidential
DO I HAVE TO MAP APPLICATIONS ?
• IF Security is a nice to have – two other methods are used – but they introduce risks
• Map all active flows, without understanding them, and transfer all of them (can’t do a gradual project)
• Move all applications, then open all traffic blocked by firewall in near real time (big impact on organization)
15 | Confidential
IDENTIFYING THE CHALLENGES - SECURITY
• Visibility – what are the assets my organization has in the cloud?• Which cloud? What kind of assets? Where are they located within the cloud?
• What kind of security controls are in place if at all?
• Security Policy Management and Governance• Security policy definition and enforcement
• Monitor the environment for changes and create alerts
• Auditing and Adherence to Regulatory Compliance• Analyze the environment
• Identify risks and gaps
• Remediate
16 | Confidential
SECURITY CHECK – AM I GOOD TO GO ?
• Application Connectivity• Discover and map connectivity requirements of existing and migrated
workloads
• Hybrid environments – distributed architecture
• Troubleshooting connectivity
• Change Management Process – Do I have the same in the cloud?• Define and enforce
• Orchestration
• Automation
• Cloud is set! But…• Multi-cloud environments
• Hybrid environments
17 | Confidential
TACKLING THE CHALLENGES• Manually
• Slow
• Time Consuming
• Error Prone
• Cloud Service Providers’ Native Tools• Minimal, may not suffice
• Address the cloud service provider’s environment only
• Difficult to gain visibility across the entire estate
• Cloud-Born 3rd Party Tools• Maturity
• Encompass the cloud environment only (sometimes only a single cloud provider)
• Do not address all use cases18 | Confidential
SUMMARY
• Single pane of glass for your traditional, hybrid and multi-cloud estate
• The experience gained through years of experience across traditional environments is leveraged and put into practice
• A single suite that addresses the most common, important concerns and use cases rather than a multitude of small tools
• Automated discovery and security connectivity migration
27 | Confidential
MORE RESOURCES
28
Thank you!
Questions can be emailed to [email protected]