Upload
cloudpassage
View
242
Download
0
Tags:
Embed Size (px)
Citation preview
Agenda & Speakers
Rishi VaishVP of Product
Amrit WilliamsCTO
• RightScale’s State of the Cloud survey
• Why hybrid cloud is the standard of choice
• 3 strategies for existing cloud server workloads
• Benefits and security challenges of migrating to cloud infrastructures
• Choosing a hybrid strategy
Cloud Be-ginners
Cloud Explorers Cloud Focused0%
20%
40%
60%
80%
100%Benefits Grow with Cloud Maturity
% of Respondents Reporting these BenefitsCapEx to OpEx
Business continuity
IT staff efficiency
Geographic reach
Higher performance
Cost savings
Faster time-to-market
Higher availability
Faster access to infra-structure
Greater scalability
% o
f R
esp
on
de
nts
Adoption is Driven by Clear Benefits
Source: RightScale 2014 State of the Cloud Report
• Newer OS versions• SSL termination• Clustering of LBs• App clustering• Multi-cast• Shared Filesystems• Static IPs
14 Considerations for Migration
9
• Licensing• Tenancy• Scale-down Logic• Bandwidth• Virtual IP requirements• Multi-master DB• Database I/O
requirements
Segment Your App Portfolio
• Web architecture• Elastic design
• Monolithic• Legacy• Traditional vendors
Cloud-Ready• Greenfield• Designed for cloud
Elastic Web
Traditional
Assess Apps for Cloud Readiness
13
REFACTOR
DON’T MIGRATE HOLD OFF
QUICK WINS
Technical Fit
Bu
sin
ess
Im
pact
App 1
App 7
App 3
App 12
App 4
App 6
App 2
App 5
App 8
App 11
App 10
App 9
• Lifecycle-based multi-cloud deployment• Dev vs. Test vs. Staging vs. Prod• New (Unpredictable) vs. Mature (Steady-State)
• Disaster Recovery• Private for primary, Public for backup
• Geographic Reach• Use clouds in different geographies
• Arbitrage costs• Leverage different clouds based on costs
• Cloudbursting• Base capacity in private, burst to public
Why Portability?
15
RIghtScale Cloud-Enables your Enterprise
Your Cloud Portfolio
Self-Service Cloud AnalyticsCloud Management
Manage Govern Optimize
RightScale Cloud Portfolio Management
PublicClouds
PrivateClouds
VirtualizedEnvironments
Place Cloud Beginners Cloud Focused
#1 Security (31%) Compliance (18%)
#2 Compliance (30%) Cost (17%)
#3 Managing multiple cloud services (28%)
Performance (15%)
#4 Integration to internal systems (28%)
Managing multiple cloud services (13%)
#5 Governance/Control (26%) Security (13%)
Top 5 Challenges Change with Maturity
Top 5 Challenges Change with Cloud Maturity
Source: RightScale 2014 State of the Cloud Report
What makes cloud infrastructure great also breaks existing security approaches
20
Virtualized networks
New topologies
Highly Portable
Highly dynamic
Shared infrastructure
These cloud “pros” become security “cons”
The problem becomes more challenging in multi-cloud environments
23
Cloud Provider A
Cloud Provider B
Private Datacenter
www-4
!www-
5
!www-
6
!www-
7
!www-
8
!www-
9
!www-10
!
www-7
!www-
8
!www-
9
!www-10
!
www-1 www-2 www-3 www-4
Workloads become highly transient across multiple cloud environments.
www-4
www-4
www-4
www-4
Traditional Security Solutions Break…
24
Endpoint Security• Resource intensive• Licensing models• Do not work across disparate cloud environments
Virtual Appliances• No hardware acceleration• No gateway to deploy against• Do not well work across disparate cloud environments
Hypervisor Security• Affects density of virtualized environments• Limited visibility into workloads themselves• Cannot deploy into public cloud infrastructures
Cloud Security Responsibility Has Added More Complexity
25
Cu
sto
mer
Resp
on
sib
ility
Pro
vid
er
Resp
on
sib
ility
Physical Facilities
Compute & Storage
Shared Network
Hypervisor
Virtual Machine
Data
App Code
App Framework
Operating System
“…the customer should assume responsibility and management of, but not limited to, the guest operating system.. and associated application software...”
“it is possible for customers to enhance security and/or meet more stringent compliance requirements with the addition of… host based firewalls, host based intrusion detection/prevention, encryption and key management.”
Amazon Web Services: Overview of Security Processes
Shared Responsibility Model
Addressing security & compliance needs as infrastructure models migrate to cloud
26
• Strong access control– User-auditing, privilege access monitoring,
multi-factor authentication, device verification, etc…
• Exposure management– Vulnerability assessment, configuration
security monitoring, file integrity monitoring, etc…
• Compromise prevention– Firewall management, application
whitelisting, intrusion detection / prevention, data leak prevention, etc.
• Security & compliance intelligence, adherence to corporate policies
– Reporting and analytics, auditing, and standardized policy implementation, etc.
Needs Haven’t Changed
• Must work anywhere– Traditional environments, public cloud
infrastructures, private cloud infrastructures and hybrid cloud environments
• Diminished to no visibility and control– Underlying security and control
maintained by the infrastructure provider
• Hardware device limitations– Traditional network appliance or security
approaches that leverage underlying hardware are not effective or appropriate
• Dramatically higher rate of code & infrastructure change
– Highly transient workloads often in a continuous integration / delivery model
Delivery Parameters Have
CloudPassage Halo
27
• Highly automated security & compliance platform
• Builds security directly into compute workloads
• Secures any compute workloads, at any scale
• Supports any cloud or datacenter environment
• SaaS delivery model
Halo secure workloads anywhere at any scale and extends existing security investments
28
Halo APIHalo Portal