cloudcamp chicago may 2014

Sponsored by

Hosted by

CloudCamp Chicago !!

“Public, Private or Hybrid?”

#cloudcamp @CloudCamp_CHI

Emcee !Ryan KoopCohesiveFT !!Tweet: @RyanKoop #cloudcam

Sponsored by

Hosted by

#cloudcamp @CloudCamp_CHI

… sponsored by you!

Mircea Husz - HP Leonard Salva - Century Link / Savvis Eric Peebles - Artisanal Technology Solutions Mark Calaguas Brandon Pittman - VMware Michael Basil - Uprising Technology, Inc. Matthew Hess - Northwestern University

Mark your calendars - CloudCamp Chicago on July 24

6:00 pm Introductions 6:10 pm: Lightning Talks

"Reasoning About Enterprise Application Security in a Cloudy World" - Steve Binderup, Cloud Security Advocate at Elastica @stevebinderup "Effectively Designing & Implementing Hybrid Solutions: A Real-World Hybrid Use Case" - Eric Dominguez, Director of Sales Engineering at ServerCentral "A Hybrid Strategy" - Chris Swan, CTO at CohesiveFT @cpswan “It’s Time to Go Public With Cloud" - Trevor Hess, Consultant - at 10th Magnitude @trevorghess “Welcome To The Farm (or why a hybrid cloud makes sense)” - Jay O'Connor, Director of Engineering at Belly @jdoconnor

6:45 pm: Unpanel 7:30 pm: Unconference / Networking, drinks and pizza

Agenda Sponsored by

Hosted by

#cloudcamp @CloudCamp_CHI

“Reasoning About Enterprise Application Security in a Cloudy World” !Steve Binderup, Cloud Security AdvocateElastica !Tweet: @stevebinderup #cloudcamp

Sponsored by

Hosted by

#cloudcamp @CloudCamp_CHI

Reasoning About Enterprise Application Security in a Cloudy World

Steve Binderup/Cloud Security Advocate / www.elastica.net

T H R E A T L I F E C Y C L E

BEFORE Controls

DURING Identification

AFTER Response

Firewalls, NGFW IDS/IPS, AV, AMP Forensics, IR Tools

Rethinking Security: Being Threat Centric

Key Cybersecurity Hurdles

Prolifera)on  of  New  

Technologies  

Evolu)on  of  Threat  

Landscape  

Increase  of    Complexity  

GRC: What Matters?

Compliance:  Highly  complex,  one-­‐size  fits  all,  dynamic.  What  do  you  ul)mately  care  about:  Transparency.  Have  

to  understand  risks  we  are  trying  to  mi)gate.  

Traditional Security Operation Center (SOC)

5  

DLP  Firewall  

IDS/IPS  

Key Enterprise SaaS Security Challenges

Make  it  work  vs.  Approval  

No  Visibility  App  /  Ac)on  

No  Events  for  SEIM  

to  Consume  

Where Controls are Lost

7  

Layer   On  Prem   IaaS   PaaS   SaaS  

App/Data  

Middleware  

OS  

Virtual  

Physical  

ESTABLISH SECURITY BASELINE CHOOSE AND APPLY COMPENSTATING CONTROLS

Gartner Public Cloud Management Lifecycle

INCIDENT DETECTION INCIDENT RESPONSE MANAGEMENT

Establish a Security Baseline

9  

Baseline: Need to understand where you are right now Basic Discovery: Table stakes (any Firewall / NGFW can do it) Interesting challenge: Audit (what’s enterprise ready for you specifically?)

ADMINISTRATIVE INFORMATIONAL ACCESS

BUSINESS DATA

SERVICE

COMPLIANCE

Choose and Apply Compensating Controls

10  

VISIBILITY

ACTION

User   Service   Object  Ac)on  

Incident Detection

11  

Policies and controls identify specific tangible behaviors. But what about sophisticated threats that fall outside their scope?

SIGNATURES   HEURISTiCS  

BEHAVIOR-­‐BASED  

ANALYSIS  

ANOMALY  DETECTION  

Incident Response Management

12  

Attackers are constantly evolving and adapting. Threats will eventually get through. The question is no longer “What if?”, but

“What now?”

INFORMATION  ASYMMETRY  FAVORS  

ATTACKERS  

PRE-­‐THINK  RESPONSE;  HARD  TO  DO  AFTER  THE  

FACT    

INTEGRATE.  DON’T  BOLT  ON  

Cloud Services Security Problem

13  

Visibility   Security   Compliance   Risk   Governance  

Thank you

TAKEAWAYS    

SaaS  Security  and  GRC  Problem  Mul)faceted    

Consider  full  threat  lifecycle:  Before,  During,  AZer    

Visibility  and  Ac)on  are  Key  Pillars      

Sbinderup@elas)ca.co      

“Effectively Designing & Implementing Hybrid Solutions: A Real-World Hybrid Use Case” !Eric Dominguez, Director of Sales Engineering ServerCentral !Tweet: #cloudcamp

Sponsored by

Hosted by

#cloudcamp @CloudCamp_CHI

A Real-World Hybrid Use CaseE

HYBRID CLOUD

YOU KEEP USING THAT WORD. I DO NOTTHINK IT MEANS WHAT YOU THINK IT MEANS

CAN I

HAVE MY RED

CARD NOW?

“A Hybrid Strategy” !Chris Swan, CTO CohesiveFT !Tweet: @cpswan #cloudcamp

Sponsored by

Hosted by

#cloudcamp @CloudCamp_CHI

A hybrid cloud or a hybrid strategy?

Chris Swan

CTO CohesiveFT

@cpswan

Hybrid cloud is about common software stack

Public Private

Sponsored by:

Hybrid cloud is about resources outside your own data centre

Public Hybrid

Private

Sponsored by:

Hybrid cloud is about common management and governance

Public Private

Single pane of glass

Sponsored by:

Hybrid cloud is about common APIs

Public Private

Sponsored by:

Hybrid cloud is about common networking

Public Private

Overlay network

Sponsored by:

And you can have multi cloud nirvana if you just buy all the stuff

Enough of hybrid cloud

What about a hybrid strategy

Hybrid strategy

Public Private

Green field System of engagement Big data Public facing

Sensitive data Specific control needs Tight integration Repatriation

A hybrid strategy is workload dependent

Public Private

?

Very few workloads need both at once

Public Private

&?

Faster, cheaper and more expedient than removing variation?

Public Private

Tolerance of variation

Public Private

But… not all that is private is cloud

Private

And that new app might need old data

Public

And there’s no need to do this

Public Private

To get this

Public

Conclusion

• Hybrid cloud is a bill of goods

• A hybrid strategy gets your app to where it needs to be

• Cost of variance should be compared to cost of uniformity – pick your own winner

• Connectivity can be ordered a la carte (and might not even come with the set menu anyway)

Thanks for listening

@cpswan

“It’s Time to Go Public With Cloud” !Trevor Hess, Consultant 10th Magnitude !Tweet: @trevorghess #cloudcamp

Sponsored by

Hosted by

#cloudcamp @CloudCamp_CHI

IT’S%TIME%TO%GO%PUBLIC%WITH%

CLOUD

SO%WHY%PUBLIC?

STORAGE

MOBILE%APPS

JUST%CODE

FOCUS%ON%TESTS,%NOT%ENVIRONMENTS

TO%SUM%UP

•  Let$Azure$take$care$of$the$Flickr$for$pieces$and$parts$of$your$loosely7coupled$architecture$

•  Level$up$your$capabili:es$by$taking$advantage$of$a$scale$and$featureset$that$would$take$millions$to$invest$in$privately.$

•  Focus$on$what$makes$you$amazing$

“Welcome To The Farm (or why a hybrid cloud makes sense)“ !Jay O’Connor, Director of EngineeringBelly !Tweet: @jdoconnor #cloudcamp

Sponsored by

Hosted by

#cloudcamp @CloudCamp_CHI

Welcome To The Farm

(or why a hybrid cloud makes sense)

LivestockVsPets

Popular Hybrids

Popular Hybrids

Popular Hybrids

Popular Hybrids

Your

infrastructure

PublicCommodity Cheap Replaceable

PrivateSecureExpensive Fixable

Playing Nice

Tunnel everything

Draw easy lines

Hide complexity with apps

I mentionednothingabout

planting crops

jay@bellycard.com@jdoconnor

Un-panel Discussion !!!volunteer to join the panel & ask questions from the floor!

!

Sponsored by

Hosted by

#cloudcamp @CloudCamp_CHI

Unconference !Small groups & discussions, network !Pizza’s almost here! !

!

Sponsored by

Hosted by

#cloudcamp @CloudCamp_CHI

Sponsored by

Hosted by

#cloudcamp @CloudCamp_CHI