csa colorado 2016 presentation cloudpassage
TRANSCRIPT
TheNewBestPractices:CloudComputing,HybridArchitectureandAgileITDelivery
SamiLainePrincipalTechnologistCloudPassage
IntroducingCloudPassage
On-demand,automatedsecurityplatformthatworksanywhere,at anyscale
Maturestartup– $91MfundingfromleadingVCs
100+enterprisecustomers
7X growthinprotected workloads inlast2years
3 |©2016CloudPassageConfidential
Howlongdoyourmosttransientworkloadslive?
4 |©2016CloudPassageConfidential
Weeks MinutesHours
TransformationofInfrastructureDelivery
DrivenbybusinessAgility,Speed,Efficiency
Software-definedDC IT-as-a-Service Public,Hybrid&Multicloud
TransformationofInfrastructureDelivery
Traditional(Mode1) Modern(Mode2)
DataCenter
DataCenter,SDDCorPrivateCloud
Public,HybridorMulti-Cloud
• Datacenter&perimeteroriented• Applicationsondedicatedhardware• Totalownership,visibility&control• Lowrateofchange
• Cloudoriented,degradedperimeter• Sharedresources,distributedworkloads• Sharedownership,lowvisibility&control• Highrateofchange
7 |©2016CloudPassageConfidential
Howmanymoreserverswillyouhave?
PerformanceDataSource:Geekbench (PrimateLabs)
AWSEC2c4.largeScore:3,911
36nodes
AzureStandardA3Score:3,594
39nodes
DellPowerEdgeR930Score:141,129
1node
InfrastructureScale
PerformanceDataSource:Geekbench (PrimateLabs)
AWSEC2c4.largeScore:3,911
36nodes
AzureStandardA3Score:3,594
39nodes
DellPowerEdgeR930Score:141,129
1node
30-40xmoresystemstosecure
InfrastructureScale
10 |©2016CloudPassageConfidential
Howoftenwillyour
serverschange?
TransformationofApplicationDelivery
Jan DecFeb Mar Apr May Jun Jul Aug Sep Oct Nov
Q1 Q2 Q3 Q4
Mon Tue Wed Thu Fri Sat Sun
November
Plan Code DeployTest/QA
Waterfall(Mode1) DevOps(Mode2)
• 9-12monthcycletime• Verylargereleasesize• Manualdeployment
• 1-daycycletime• Frequent,smallchanges• Automateddeployment
TransformationofApplicationDelivery
Source:PuppetLabs2016StateofDevOpsReport
Speed
200x
200xmorefrequent
deployments
Resilience
24x
24xfasterrecoveryfrom
failures
Quality
3x
3xlowerchangefailure
rate
Efficiency
2,555x
2,555xshorterleadtimes
Security
2xlesstimeonsecurityremediation
2x
Source:PuppetLabs2016StateofDevOpsReport
Speed Resilience Quality Efficiency
200x 24x 3x 2,555x
200xmorefrequent
deployments
24xfasterrecoveryfrom
failures
3xlowerchangefailure
rate
2,555xshorterleadtimes
Security
2xlesstimeonsecurityremediation
2x
TransformationofApplicationDelivery
200xmorefrequentdeployments
14 |©2016CloudPassageConfidential
Sowhat?
SpeedandAutomationBreaksTraditionalSecurity
Sorryaboutthat.
DataCenter,SDDCorPrivateCloud
Public,HybridorMulti-Cloud
SpeedandAutomationBreaksTraditionalSecurity
• Perimeterandnetworkfocused• Heavyfootprintsonsystems• BuiltforstaticIPaddresses• Notdesignedforautomation• LackscomprehensiveAPIs• Reliesondedicatedappliances
17 |©2016CloudPassageConfidential
AgileITrequires
agilesecurity!
ReleaseProcess
Plan Code Build Test Release Deploy Operate
Agile Development
Continuous Integration
Continuous Delivery
DevOps
Value
Continuous Deployment
OpsDev
Collaboration
TraditionalSecurity
Plan Code Build Test Release Deploy Operate
Achtung!Security
Gate!
Yay! Security Guardrails!
Re-alignSecurityToModernITDelivery
Plan Code Build Test Release Deploy Operate
Yay! Security Guardrails!
Re-alignSecurityToModernITDelivery
Plan Code Build Test Release Deploy Operate
• Plan– Definesecuritypolicyandbenchmarksforeachtypeofworkload
• Build&Test– Catchvulnerability&configurationissues,generatebaselines• Deploy– Applyproductionpoliciestosystemsautomatically
• Operate– ContinuouslyfeedSecOps andAudit&Compliancesystems
Re-alignSecurityToModernITDelivery
• On-demand,self-service• Automated,rapidexpansion• Measuredormeteredservice• Ubiquitous,convenientaccess• Resourcepooledgrid• Highlyscalable• Design-patternbased
• On-demand,Security-as-a-Service• Automated,rapidexpansion• Meteredlicensing• Ubiquitous,convenientaccess• Resourcepooledgrid• Highlyscalable• Design-patternbased
AgileITDelivery AgileSecurityDelivery
23 |©2016CloudPassageConfidential
Whatisthenewroleofsecurity?
NewRoleofSecurity
vs.
Culture• collaboration
• education
Automation• integrationtotoolchain
• policydevelopment
Measurement• outcomes
• feedback
The Eight Imperatives for Agile & Scalable Cloud Security
1. Deeply automated & API-driven
2. Ready for orchestration
3. Built into workloads
4. Runs anywhere
5. Context-aware & policy-based
6. Broad set of controls
7. Instant & long-term scalability
8. Aligned with DevOps principles
26 |©2016CloudPassageConfidential
OK,so…whatdoyouguys
doaboutit?
CloudPassageHalo
ReduceSoftwareAttackSurface
• Vulnerabilities
• Configuration
• Accounts
MonitorforCompromise
• Integrity
• Intrusion
ReduceNetworkAttackSurface
• Connections
• Firewall
• Authentication
VMs
Servers
VMs
PublicClouds DataCenters&PrivateClouds
VMs
InfrastructureOrchestration
SOC&GRCSystems