• No results found

Today s Balancing Act: How to Increase Security and Improve Application Performance & Availability. Ian Evans, Cloud Architect September 24, 2015

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Today s Balancing Act: How to Increase Security and Improve Application Performance & Availability. Ian Evans, Cloud Architect September 24, 2015"

Copied!
23
0
0

Loading.... (view fulltext now)

Download now ( 23 Page )

Full text

(1)

Today’s Balancing Act:

How to Increase Security and

Improve Application Performance &

Availability

Ian Evans, Cloud Architect

September 24, 2015

(2)

About  Me

17+ years of systems, network and infrastructure

planning experience

Deep understanding of cloud backbone systems,

processes, management tools, and techniques

Goal is to help customers construct, modify, operate,

and maintain geographically disperse cloud

architectures that meet their unique needs

Held multiple engineering and product/account

(3)

The  Digital  Media  Landscape

Global audiences

Anywhere, any time access on a variety of devices:

desktop, tablets, mobile

Usage peaks

Complex regulatory and security landscape

The need for consistent uptime and fast speeds

(4)

The  Rise  of  the  Sophisticated  Hacker

CYBER THEFT

THE INTERNET OF THINGS

RANSOMEWARE

CYBER-ESPIONAGE

INSECURE PASSWORDS

(5)

Impact  of  Security  &  Compliance  Regulations

Industry Regulations

(PCI, Safe Harbor, SOX, FISMA, etc.)

Cost of Construction &

Energy Consumption

2 BILLION +

VIEWED DAILY

300 MILLION +

WEBSITES

2 MILLION +

SUBSCRIBERS

100 TRILLION +

EMAILS ANNUALLY

(6)

Cost  of  Non-­Compliance

Financial harm

Lawsuits

FTC investigations

Loss of consumer trust

Reputation diminishment

Financial losses for the most serious U.S. Data breaches

have exceeded

$1 billion

(7)

The  Balancing  Act

COMPLIANCE

SECURITY

AVAILABILITY

(8)
(9)

Benefits  of  Hybrid  Cloud

Maximized Asset Utilization

– Run applications in the environment that makes the most sense based on

price, availability and security requirements

– Split workloads between cloud and on-premise or managed infrastructure

Cost-Efficiency

– Leverage significant economies of scale without exposing mission-critical

applications to 3

rd

party vulnerabilities

Higher Availability & Resiliency

– Leverage geographic dispersion replications plus a hosted data center

Increased Security

– Maintain in-house storage for sensitive workloads related to customer data,

while the reachability and usability of the web server is in the public cloud

(10)

Implementing  a  Secure  Hybrid  Cloud  Architecture

CMP

SECURITY  AND  POLICY  BASED  ENGINE

• HIPAA,  HI-­TECH,  PCI-­DSS,  FEDRAMP,  ATO • SED,  FS  Encryption,  Retention  Policy,  Auditing,  

Reporting,  Monitoring.  

Storage

Compute

Network

The  CMP abstracts  all  services  through  common   API’s  and  ensures  policies  are  being  met  

throughout  the  entire  customer  ecosystem.

SINGLE  PANE  OF  GLASS TAKING  CONTROL  OF  YOUR  HYBRID DEPLOYMENT

Gaining control  of  hybrid  environments  becomes  much  easier   when  services  are  abstracted  and  standardized  through  a   common  management  interface.

(11)

Best  Practice:  Build  in  Security  from  the  

Ground  Up

Data Encryption

– Encrypt data both in transit and at rest (SED, FS Encryption, VPN Concentration) – Ensure there are procedures for wiping released data from memory/storage

– Build common encryption management tools to track and implement keys throughout the entire service chain

Incident Response

– Ensure there are specific procedures and roles between you and your CSP and both can respond instantly to incidents/threats

– Predictive analytics tools to prevent or minimize attacks/threats (ISD/IPS, SDP, Data Access Auditing, API Monitoring, Advanced DDoS Mitigation, Internal Threat Monitoring)

Continuous Monitoring

– What monitoring tools are available and how well do they integrate? Do they touch all parts of your cloud ecosystem?

– Will the CSP provide reports on security events and responses? How well do these alerts couple with your current monitoring/alerting infrastructure?

– Are there professional services in place to immediately assist with complex security issues? How much manual labor is required to mobilize incident response? Do they work well together?

Identity Management

– Consider employing multi-factor authentication (MFA) strategy (RSA, YubiKey, Google Auth) – Know exactly who is coming in and who has access to your data (physically and virtually)

(12)

Best  Practice:  Build  in  Security  from  the  

Ground  Up  

Network Connections

– Don’t rely solely on the Internet; look for providers that can offer direct

connections to third party clouds for increased security and control

(MPLS, Secure Broadband Bonding, etc)

– Define Your Multi-cloud Strategy (L2/L3 Hybrid Connectivity Model,

VPN Concentration, Automatic Provisioning)

– How will you ensure seamless connectivity between clouds? (SDN,

CMP Controlled Network Provisioning)

– Which cloud management tools would you use to manage all of your

resources under a single-pane-of-glass?

– How will you move data back and forth in a cost effective and efficient

manner?

(13)

Best  Practice:  Simplify  your  Infrastructure

By keeping hardware designs simple, it minimizes the attack

surface

Proprietary fabrics and lack of customer visibility into these

fabrics introduces a blind trust and impacts overall security

posture

Only an intimate knowledge of each component in your

infrastructure will minimize risk

Customers are relying more on software driven orchestration

which is decoupling hardware specific management mechanisms

and allowing customers full control over their infrastructure

§

Examples: RESTFUL API, Openflow, Alchemy Linux, Collins, iPXE, Super

Doctor, etc.

§

All of these tools give customer greater provisioning and automation control

over their cloud deployments

(14)

Best  Practice:  Choose  the  Right  Partner

Working with the right partners could be the

difference between cloud success or cloud failure

Make sure the CSP understands your business AND

your specific industry and can build solutions into

your security requirements

Set and monitor SLAs

– Ensure operational requirements are met and adhered to at all

times

(15)

Impact of Tomorrow’s

Trends

(16)

Containers,  Micro  Services,  Real-­Time  Big  Data

Containerization

– Allows you to assemble applications from components and eliminates

problems that arise when shifting code from one platform to another resulting in

faster, more efficient development and more effective maintenance

– Impact: Easier/faster provisioning, improved version control, fewer

underlying components to manage (e.g. No Hypervisor)

Microservices

– Software architecture style in which complex applications are composed of

small, independent processes using language-agnostic APIs

– Impact: Better autonomy in DevOPS, faster product/feature set release,

continuous delivery is reproducible (R.I.P. feedback loops!)

(17)
(18)

BACKGROUND

SOLUTION

Lessons  Learned:  Gilt

Gilt is challenged with delivering consistent uptime and fast speeds 24x7 to a global online audience, while simultaneously dealing with

To support Gilt’s millions of customers around the globe, Carpathia provides the online retailer with a fully managed Gilt, www.gilt.com, is an innovative online shopping destination offering its members special access to the most inspiring merchandise and experiences all at insider prices. Gilt opens a window every day to the exceptional as it continually searches the world for the most coveted brands and products, including fashion and accessories for women, men, and children; home decor; and unique activities in select cities and

destinations.

With significant experience providing hosting, managed services and hybrid compute infrastructure to digital content

(19)

BACKGROUND

SOLUTION

Lessons  Learned:  Kobo

Kobo sees a large increase in the use of its network around the holidays and needed a solution that could elastically scale to meet the demands of high volumes of data processing and sudden peaks in requests for resources.

Carpathia’s worldwide footprint ensures Kobo can consistently and efficiently deploy globally. In addition, Carpathia introduced Kobo to its hardware vendors, which ultimately helped overcome the regulatory/logistical

challenges associated with importing hardware.

Through Carpathia, Kobo blends dedicated infrastructure with cloud services, allowing web traffic to be distributed across dedicated and cloud servers. This hybrid model provides the security, availability, and reliability of a traditionally hosted environment, with the addition of instant access to cloud Founded in December 2009, Toronto-based Kobo has quickly become a global leader in eReading, offering a world-class platform for the most passionate Readers. Their mission is to lead the global transformation in reading by inspiring people to read more and more often – anytime, anyplace, and on any device. Kobo delivers the best digital reading experience to millions of users in 190 countries, offering one of the world's largest catalogues with millions of titles, world-class eReading devices, and top-ranked apps. Kobo is owned by Tokyo-based eCommerce company, Rakuten.

(20)
(21)

QTS  +  Carpathia:

Solutions  for  Every  Step  of  the  IT  Journey

Cloud  Management

Legacy  &  New  

Dedicated  

Infrastructure

(22)

Our  Methodology

Understand how your infrastructure supports and/or drives

your company goals

Develop a preliminary recommendation

-

Addressing the architecture (network/hardware through the OS) and

management approach

Engage in ongoing discussions to revise the design until it

meets all of your desired parameters

-

Performance

-

Availability

(23)

References

Download now ( PDF - 23 Page - 1.65 MB )

Related documents

Modeling in Corporate Real Estate

FmSim and ReSim are new software tools using system dynamics and simulation technologies which combine the user friendliness of spreadsheets, the methodology of flow diagrams

2021 Summum Bonum Ltd, geegeez.co.uk and Matt Bisogno All Rights Reserved 1

Looking more generally at horses overcoming bad draws, of the 29 horses since 2008 to have placed in 9+ runner fast-ground (good or quicker) Chester handicaps from a draw of 8

The role of stakeholders in implementing corporate social and environmental responsibility

The internal stakeholders, namely employees of the enterprise and administrative staff, which supports the employ- ees and directly participate in the process, play a decisive role

Local Schools, Local Decisions

Communities will be working with principals, teachers, support staff, parents and the community to look closely at how we can enable schools to make better decisions and achieve

New Methods, "New Wars"? - The U.S. Drone Strikes in FATA, Pakistan 2004-2013

conducted and by whom. This perception is not shared by Graham and Gregory in their theories. While they both agree with Kaldor that the methods and goals define the concept of

Towards patient-speci�fic modelling of cerebral blood flow using lattice-Boltzmann methods

In this section, I compare the accuracy and stability of simulations of a 3D cylinder point- ing along the x-axis with three different combinations of methods for applying

Lista de los quironómidos (Chironomidae: Diptera) del Parque Nacional Nahuel Huapi, Patagonia, Argentina

fossil taxa of the Family Chironomidae (Insecta: Diptera) from Nahuel Huapi National Park in Patagonia, Argentina.. The catalogued fauna contains 104 species in 48 genera and

The nature of Iranian petroleum contracts in upstream section

Constitutional Law, Petroleum Law (1974), Petroleum Law (1987), The Law to Modify Petroleum Law (2011), The Law of NIOC Association, Bill on Establishing Petroleum