cloudcamp chicago may 2014
DESCRIPTION
CloudCamp Chicago May 2014 Full speaker deck, with lightning talks: "Reasoning About Enterprise Application Security in a Cloudy World" - Steve Binderup, Cloud Security Advocate at Elastica @stevebinderup "Effectively Designing & Implementing Hybrid Solutions: A Real-World Hybrid Use Case" - Eric Dominguez, Director of Sales Engineering at ServerCentral "A Hybrid Strategy" - Chris Swan, CTO at Cohesive @cpswan "It’s Time to Go Public With Cloud" - Trevor Hess, Consultant at 10th Magnitude @trevorghess "Welcome to the Farm (or why a hybrid cloud makes sense)" - Jay O'Connor, Director of Engineering at Belly @jdoconnor Interested in speaking, sponsoring, or attending the next CloudCamp? Contact CohesiveFT!TRANSCRIPT
Sponsored by
Hosted by
CloudCamp Chicago !!
“Public, Private or Hybrid?”
#cloudcamp @CloudCamp_CHI
Emcee !Ryan KoopCohesiveFT !!Tweet: @RyanKoop #cloudcam
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
… sponsored by you!
Mircea Husz - HP Leonard Salva - Century Link / Savvis Eric Peebles - Artisanal Technology Solutions Mark Calaguas Brandon Pittman - VMware Michael Basil - Uprising Technology, Inc. Matthew Hess - Northwestern University
Mark your calendars - CloudCamp Chicago on July 24
6:00 pm Introductions 6:10 pm: Lightning Talks
"Reasoning About Enterprise Application Security in a Cloudy World" - Steve Binderup, Cloud Security Advocate at Elastica @stevebinderup "Effectively Designing & Implementing Hybrid Solutions: A Real-World Hybrid Use Case" - Eric Dominguez, Director of Sales Engineering at ServerCentral "A Hybrid Strategy" - Chris Swan, CTO at CohesiveFT @cpswan “It’s Time to Go Public With Cloud" - Trevor Hess, Consultant - at 10th Magnitude @trevorghess “Welcome To The Farm (or why a hybrid cloud makes sense)” - Jay O'Connor, Director of Engineering at Belly @jdoconnor
6:45 pm: Unpanel 7:30 pm: Unconference / Networking, drinks and pizza
Agenda Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
“Reasoning About Enterprise Application Security in a Cloudy World” !Steve Binderup, Cloud Security AdvocateElastica !Tweet: @stevebinderup #cloudcamp
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
Reasoning About Enterprise Application Security in a Cloudy World
Steve Binderup/Cloud Security Advocate / www.elastica.net
T H R E A T L I F E C Y C L E
BEFORE Controls
DURING Identification
AFTER Response
Firewalls, NGFW IDS/IPS, AV, AMP Forensics, IR Tools
Rethinking Security: Being Threat Centric
Key Cybersecurity Hurdles
Prolifera)on of New
Technologies
Evolu)on of Threat
Landscape
Increase of Complexity
GRC: What Matters?
Compliance: Highly complex, one-‐size fits all, dynamic. What do you ul)mately care about: Transparency. Have
to understand risks we are trying to mi)gate.
Traditional Security Operation Center (SOC)
5
DLP Firewall
IDS/IPS
Key Enterprise SaaS Security Challenges
Make it work vs. Approval
No Visibility App / Ac)on
No Events for SEIM
to Consume
Where Controls are Lost
7
Layer On Prem IaaS PaaS SaaS
App/Data
Middleware
OS
Virtual
Physical
ESTABLISH SECURITY BASELINE CHOOSE AND APPLY COMPENSTATING CONTROLS
Gartner Public Cloud Management Lifecycle
INCIDENT DETECTION INCIDENT RESPONSE MANAGEMENT
Establish a Security Baseline
9
Baseline: Need to understand where you are right now Basic Discovery: Table stakes (any Firewall / NGFW can do it) Interesting challenge: Audit (what’s enterprise ready for you specifically?)
ADMINISTRATIVE INFORMATIONAL ACCESS
BUSINESS DATA
SERVICE
COMPLIANCE
Choose and Apply Compensating Controls
10
VISIBILITY
ACTION
User Service Object Ac)on
Incident Detection
11
Policies and controls identify specific tangible behaviors. But what about sophisticated threats that fall outside their scope?
SIGNATURES HEURISTiCS
BEHAVIOR-‐BASED
ANALYSIS
ANOMALY DETECTION
Incident Response Management
12
Attackers are constantly evolving and adapting. Threats will eventually get through. The question is no longer “What if?”, but
“What now?”
INFORMATION ASYMMETRY FAVORS
ATTACKERS
PRE-‐THINK RESPONSE; HARD TO DO AFTER THE
FACT
INTEGRATE. DON’T BOLT ON
Cloud Services Security Problem
13
Visibility Security Compliance Risk Governance
Thank you
TAKEAWAYS
SaaS Security and GRC Problem Mul)faceted
Consider full threat lifecycle: Before, During, AZer
Visibility and Ac)on are Key Pillars
Sbinderup@elas)ca.co
“Effectively Designing & Implementing Hybrid Solutions: A Real-World Hybrid Use Case” !Eric Dominguez, Director of Sales Engineering ServerCentral !Tweet: #cloudcamp
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
A Real-World Hybrid Use CaseE
HYBRID CLOUD
YOU KEEP USING THAT WORD. I DO NOTTHINK IT MEANS WHAT YOU THINK IT MEANS
CAN I
HAVE MY RED
CARD NOW?
“A Hybrid Strategy” !Chris Swan, CTO CohesiveFT !Tweet: @cpswan #cloudcamp
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
A hybrid cloud or a hybrid strategy?
Chris Swan
CTO CohesiveFT
@cpswan
Hybrid cloud is about common software stack
Public Private
Sponsored by:
Hybrid cloud is about resources outside your own data centre
Public Hybrid
Private
Sponsored by:
Hybrid cloud is about common management and governance
Public Private
Single pane of glass
Sponsored by:
Hybrid cloud is about common APIs
Public Private
Sponsored by:
Hybrid cloud is about common networking
Public Private
Overlay network
Sponsored by:
And you can have multi cloud nirvana if you just buy all the stuff
Enough of hybrid cloud
What about a hybrid strategy
Hybrid strategy
Public Private
Green field System of engagement Big data Public facing
Sensitive data Specific control needs Tight integration Repatriation
A hybrid strategy is workload dependent
Public Private
?
Very few workloads need both at once
Public Private
&?
Faster, cheaper and more expedient than removing variation?
Public Private
Tolerance of variation
Public Private
But… not all that is private is cloud
Private
And that new app might need old data
Public
And there’s no need to do this
Public Private
To get this
Public
Conclusion
• Hybrid cloud is a bill of goods
• A hybrid strategy gets your app to where it needs to be
• Cost of variance should be compared to cost of uniformity – pick your own winner
• Connectivity can be ordered a la carte (and might not even come with the set menu anyway)
Thanks for listening
@cpswan
“It’s Time to Go Public With Cloud” !Trevor Hess, Consultant 10th Magnitude !Tweet: @trevorghess #cloudcamp
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
IT’S%TIME%TO%GO%PUBLIC%WITH%
CLOUD
SO%WHY%PUBLIC?
STORAGE
MOBILE%APPS
JUST%CODE
FOCUS%ON%TESTS,%NOT%ENVIRONMENTS
TO%SUM%UP
• Let$Azure$take$care$of$the$Flickr$for$pieces$and$parts$of$your$loosely7coupled$architecture$
• Level$up$your$capabili:es$by$taking$advantage$of$a$scale$and$featureset$that$would$take$millions$to$invest$in$privately.$
• Focus$on$what$makes$you$amazing$
“Welcome To The Farm (or why a hybrid cloud makes sense)“ !Jay O’Connor, Director of EngineeringBelly !Tweet: @jdoconnor #cloudcamp
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
Welcome To The Farm
(or why a hybrid cloud makes sense)
LivestockVsPets
Popular Hybrids
Popular Hybrids
Popular Hybrids
Popular Hybrids
Your
infrastructure
PublicCommodity Cheap Replaceable
PrivateSecureExpensive Fixable
Playing Nice
Tunnel everything
Draw easy lines
Hide complexity with apps
I mentionednothingabout
planting crops
[email protected]@jdoconnor
Un-panel Discussion !!!volunteer to join the panel & ask questions from the floor!
!
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
Unconference !Small groups & discussions, network !Pizza’s almost here! !
!
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI