cloudcamp chicago may 2014
DESCRIPTION
CloudCamp Chicago May 2014 Full speaker deck, with lightning talks: "Reasoning About Enterprise Application Security in a Cloudy World" - Steve Binderup, Cloud Security Advocate at Elastica @stevebinderup "Effectively Designing & Implementing Hybrid Solutions: A Real-World Hybrid Use Case" - Eric Dominguez, Director of Sales Engineering at ServerCentral "A Hybrid Strategy" - Chris Swan, CTO at Cohesive @cpswan "It’s Time to Go Public With Cloud" - Trevor Hess, Consultant at 10th Magnitude @trevorghess "Welcome to the Farm (or why a hybrid cloud makes sense)" - Jay O'Connor, Director of Engineering at Belly @jdoconnor Interested in speaking, sponsoring, or attending the next CloudCamp? Contact CohesiveFT!TRANSCRIPT
![Page 1: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/1.jpg)
Sponsored by
Hosted by
CloudCamp Chicago !!
“Public, Private or Hybrid?”
#cloudcamp @CloudCamp_CHI
![Page 2: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/2.jpg)
Emcee !Ryan KoopCohesiveFT !!Tweet: @RyanKoop #cloudcam
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
![Page 3: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/3.jpg)
… sponsored by you!
Mircea Husz - HP Leonard Salva - Century Link / Savvis Eric Peebles - Artisanal Technology Solutions Mark Calaguas Brandon Pittman - VMware Michael Basil - Uprising Technology, Inc. Matthew Hess - Northwestern University
![Page 4: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/4.jpg)
Mark your calendars - CloudCamp Chicago on July 24
![Page 5: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/5.jpg)
6:00 pm Introductions 6:10 pm: Lightning Talks
"Reasoning About Enterprise Application Security in a Cloudy World" - Steve Binderup, Cloud Security Advocate at Elastica @stevebinderup "Effectively Designing & Implementing Hybrid Solutions: A Real-World Hybrid Use Case" - Eric Dominguez, Director of Sales Engineering at ServerCentral "A Hybrid Strategy" - Chris Swan, CTO at CohesiveFT @cpswan “It’s Time to Go Public With Cloud" - Trevor Hess, Consultant - at 10th Magnitude @trevorghess “Welcome To The Farm (or why a hybrid cloud makes sense)” - Jay O'Connor, Director of Engineering at Belly @jdoconnor
6:45 pm: Unpanel 7:30 pm: Unconference / Networking, drinks and pizza
Agenda Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
![Page 6: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/6.jpg)
“Reasoning About Enterprise Application Security in a Cloudy World” !Steve Binderup, Cloud Security AdvocateElastica !Tweet: @stevebinderup #cloudcamp
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
![Page 7: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/7.jpg)
Reasoning About Enterprise Application Security in a Cloudy World
Steve Binderup/Cloud Security Advocate / www.elastica.net
![Page 8: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/8.jpg)
T H R E A T L I F E C Y C L E
BEFORE Controls
DURING Identification
AFTER Response
Firewalls, NGFW IDS/IPS, AV, AMP Forensics, IR Tools
Rethinking Security: Being Threat Centric
![Page 9: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/9.jpg)
Key Cybersecurity Hurdles
Prolifera)on of New
Technologies
Evolu)on of Threat
Landscape
Increase of Complexity
![Page 10: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/10.jpg)
GRC: What Matters?
Compliance: Highly complex, one-‐size fits all, dynamic. What do you ul)mately care about: Transparency. Have
to understand risks we are trying to mi)gate.
![Page 11: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/11.jpg)
Traditional Security Operation Center (SOC)
5
DLP Firewall
IDS/IPS
![Page 12: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/12.jpg)
Key Enterprise SaaS Security Challenges
Make it work vs. Approval
No Visibility App / Ac)on
No Events for SEIM
to Consume
![Page 13: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/13.jpg)
Where Controls are Lost
7
Layer On Prem IaaS PaaS SaaS
App/Data
Middleware
OS
Virtual
Physical
![Page 14: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/14.jpg)
ESTABLISH SECURITY BASELINE CHOOSE AND APPLY COMPENSTATING CONTROLS
Gartner Public Cloud Management Lifecycle
INCIDENT DETECTION INCIDENT RESPONSE MANAGEMENT
![Page 15: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/15.jpg)
Establish a Security Baseline
9
Baseline: Need to understand where you are right now Basic Discovery: Table stakes (any Firewall / NGFW can do it) Interesting challenge: Audit (what’s enterprise ready for you specifically?)
ADMINISTRATIVE INFORMATIONAL ACCESS
BUSINESS DATA
SERVICE
COMPLIANCE
![Page 16: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/16.jpg)
Choose and Apply Compensating Controls
10
VISIBILITY
ACTION
User Service Object Ac)on
![Page 17: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/17.jpg)
Incident Detection
11
Policies and controls identify specific tangible behaviors. But what about sophisticated threats that fall outside their scope?
SIGNATURES HEURISTiCS
BEHAVIOR-‐BASED
ANALYSIS
ANOMALY DETECTION
![Page 18: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/18.jpg)
Incident Response Management
12
Attackers are constantly evolving and adapting. Threats will eventually get through. The question is no longer “What if?”, but
“What now?”
INFORMATION ASYMMETRY FAVORS
ATTACKERS
PRE-‐THINK RESPONSE; HARD TO DO AFTER THE
FACT
INTEGRATE. DON’T BOLT ON
![Page 19: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/19.jpg)
Cloud Services Security Problem
13
Visibility Security Compliance Risk Governance
![Page 20: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/20.jpg)
Thank you
TAKEAWAYS
SaaS Security and GRC Problem Mul)faceted
Consider full threat lifecycle: Before, During, AZer
Visibility and Ac)on are Key Pillars
Sbinderup@elas)ca.co
![Page 21: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/21.jpg)
“Effectively Designing & Implementing Hybrid Solutions: A Real-World Hybrid Use Case” !Eric Dominguez, Director of Sales Engineering ServerCentral !Tweet: #cloudcamp
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
![Page 22: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/22.jpg)
A Real-World Hybrid Use CaseE
![Page 23: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/23.jpg)
HYBRID CLOUD
YOU KEEP USING THAT WORD. I DO NOTTHINK IT MEANS WHAT YOU THINK IT MEANS
![Page 24: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/24.jpg)
![Page 25: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/25.jpg)
![Page 26: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/26.jpg)
CAN I
HAVE MY RED
CARD NOW?
![Page 27: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/27.jpg)
“A Hybrid Strategy” !Chris Swan, CTO CohesiveFT !Tweet: @cpswan #cloudcamp
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
![Page 28: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/28.jpg)
A hybrid cloud or a hybrid strategy?
Chris Swan
CTO CohesiveFT
@cpswan
![Page 29: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/29.jpg)
Hybrid cloud is about common software stack
Public Private
Sponsored by:
![Page 30: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/30.jpg)
Hybrid cloud is about resources outside your own data centre
Public Hybrid
Private
Sponsored by:
![Page 31: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/31.jpg)
Hybrid cloud is about common management and governance
Public Private
Single pane of glass
Sponsored by:
![Page 32: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/32.jpg)
Hybrid cloud is about common APIs
Public Private
Sponsored by:
![Page 33: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/33.jpg)
Hybrid cloud is about common networking
Public Private
Overlay network
Sponsored by:
![Page 34: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/34.jpg)
And you can have multi cloud nirvana if you just buy all the stuff
![Page 35: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/35.jpg)
Enough of hybrid cloud
What about a hybrid strategy
![Page 36: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/36.jpg)
Hybrid strategy
Public Private
Green field System of engagement Big data Public facing
Sensitive data Specific control needs Tight integration Repatriation
![Page 37: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/37.jpg)
A hybrid strategy is workload dependent
Public Private
?
![Page 38: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/38.jpg)
Very few workloads need both at once
Public Private
&?
![Page 39: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/39.jpg)
Faster, cheaper and more expedient than removing variation?
Public Private
Tolerance of variation
Public Private
![Page 40: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/40.jpg)
But… not all that is private is cloud
Private
![Page 41: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/41.jpg)
And that new app might need old data
Public
![Page 42: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/42.jpg)
And there’s no need to do this
Public Private
![Page 43: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/43.jpg)
To get this
Public
![Page 44: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/44.jpg)
Conclusion
• Hybrid cloud is a bill of goods
• A hybrid strategy gets your app to where it needs to be
• Cost of variance should be compared to cost of uniformity – pick your own winner
• Connectivity can be ordered a la carte (and might not even come with the set menu anyway)
![Page 45: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/45.jpg)
Thanks for listening
@cpswan
![Page 46: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/46.jpg)
“It’s Time to Go Public With Cloud” !Trevor Hess, Consultant 10th Magnitude !Tweet: @trevorghess #cloudcamp
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
![Page 47: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/47.jpg)
IT’S%TIME%TO%GO%PUBLIC%WITH%
CLOUD
![Page 48: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/48.jpg)
SO%WHY%PUBLIC?
![Page 49: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/49.jpg)
STORAGE
![Page 50: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/50.jpg)
MOBILE%APPS
![Page 51: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/51.jpg)
JUST%CODE
![Page 52: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/52.jpg)
FOCUS%ON%TESTS,%NOT%ENVIRONMENTS
![Page 53: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/53.jpg)
TO%SUM%UP
• Let$Azure$take$care$of$the$Flickr$for$pieces$and$parts$of$your$loosely7coupled$architecture$
• Level$up$your$capabili:es$by$taking$advantage$of$a$scale$and$featureset$that$would$take$millions$to$invest$in$privately.$
• Focus$on$what$makes$you$amazing$
![Page 54: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/54.jpg)
“Welcome To The Farm (or why a hybrid cloud makes sense)“ !Jay O’Connor, Director of EngineeringBelly !Tweet: @jdoconnor #cloudcamp
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
![Page 55: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/55.jpg)
Welcome To The Farm
(or why a hybrid cloud makes sense)
![Page 56: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/56.jpg)
![Page 57: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/57.jpg)
LivestockVsPets
![Page 58: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/58.jpg)
Popular Hybrids
![Page 59: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/59.jpg)
Popular Hybrids
![Page 60: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/60.jpg)
Popular Hybrids
![Page 61: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/61.jpg)
Popular Hybrids
Your
infrastructure
![Page 62: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/62.jpg)
PublicCommodity Cheap Replaceable
![Page 63: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/63.jpg)
PrivateSecureExpensive Fixable
![Page 64: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/64.jpg)
Playing Nice
Tunnel everything
Draw easy lines
Hide complexity with apps
![Page 65: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/65.jpg)
I mentionednothingabout
planting crops
![Page 66: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/66.jpg)
[email protected]@jdoconnor
![Page 67: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/67.jpg)
Un-panel Discussion !!!volunteer to join the panel & ask questions from the floor!
!
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
![Page 68: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/68.jpg)
Unconference !Small groups & discussions, network !Pizza’s almost here! !
!
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI
![Page 69: CloudCamp Chicago May 2014](https://reader034.vdocuments.mx/reader034/viewer/2022052410/554a24bbb4c90542548b4914/html5/thumbnails/69.jpg)
Sponsored by
Hosted by
#cloudcamp @CloudCamp_CHI