(SEC321) Implementing Policy, Governance & Security for Enterprises
26
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Kyle Falkenhagen, CSC Erik Winebrenner, CSC October 2015 SEC321 AWS for the Enterprise Implementing Policy, Governance, and Security for Enterprise Workloads
-
Upload
amazon-web-services -
Category
Technology
-
view
3.311 -
download
0
Transcript of (SEC321) Implementing Policy, Governance & Security for Enterprises
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Kyle Falkenhagen, CSC
Erik Winebrenner, CSC
October 2015
SEC321
AWS for the EnterpriseImplementing Policy, Governance, and
Security for Enterprise Workloads
What to Expect from the Session
• Demonstrate enterprise policy, governance, and security capabilities
that support the deployment and management of enterprise and
industry applications on AWS using CSC’s Agility Platform
• Demonstrate the value of blueprinting enterprise applications and
environments
• Demonstrate secure and managed connectivity to AWS
• Present how CSC provides agile and consumption-based endpoint
security for workloads in AWS providing enterprise management and
24x7 monitoring of workload compliance, vulnerabilities, and potential
threats
The Market Is Embracing an Application-Centric, Hybrid Cloud Model
Business execs demand greater IT agility and innovation
This is fostering greater adoption of hybrid cloud models
71% say their
organizations need to embrace new technology or
lose market share
47% of businesses
are making technology and cloud decisions without getting
the IT department involved
… and sidestepping enterprise governance controls when central IT doesn’t deliver
… and a shift to cloud platforms and apps, not just infrastructure
Projected allocation of cloud spend 2013 – 2015
Hybrid43% Private
25%Public32%
Forward-Thinking IT Organizations Are Adopting Hybrid Cloud Operating
Models to Provide IT as a Service
Virtualize Automation Hybrid Clouds IT as a Service
Improve asset
utilization and ROI
Defer data center build-
outs
Launch initial private cloud
Self-service access and on-demand
provisioning
Policy-driven cloud
governance
Compressed SDLC and tool
chain automation
IaaS and PaaS standardization
Fully transparent and
auditable service usage
Broadly adopt utility cost model with
chargeback
Redundant service options with low switching costs
Optimize variable-to-
fixed costs by project
Transparent linkage of demand,
capacity, and costs
• Accelerate AWS benefits to the enterprise, while ensuring compliance with IT standards, governance, and security requirements
• Expand cloud service portfolios to enterprise platforms and apps (not just IaaS), available on a self-service, on-demand basis directly to the end users that need them
• Rapidly obtain the benefits of hybrid environments using a pay-as-you-go OPEX model and CSC managed services, rather than attempt to build internally with scarce skills/capital
+Amazon is the undisputed public
cloud market share leader and is
innovating faster than anyone else in
public cloud.
CSC has the market-leading cloud
management and orchestration platform
and strong expertise in enterprise
application migration to cloud.
CSC Enterprise Cloud Services For AWS
The AWS and CSC Partnership
INCLUDED:
BizCloud
BizCloud HC
INCLUDED:
Public Clouds
Private Clouds
Dev Test Prod
IaaSPlatforms
Apps
Store SDLC Tools
CSC Agility Platform as a Service For AWSManage/Govern Enterprise IT Services Across Hybrid Environments
• Pay-as-you-go model
• CSC Agility Platform provided as-a-Service
• CSC-managed services including
consolidated billing, helpdesk, and OS-
level services
• Integrated hybrid cyber-security model
• Extensible policy engine for cloud
governance
• Cloud-portable blueprints for applications
and platforms
• Additional public and private cloud
adapters available
CLOUD-PORTABLE
BLUEPRINTS
POLICY-DRIVEN
GOVERNANCE
APPLICATION RELEASE
AUTOMATION (ARA)
Put platforms and apps in “cloud-portable blueprints.”
Embed IT standards
Use policies to automate governance/compliance,
right sizing, right placement, etc.
Consume cloud IT servicesnot just from storefronts, but directly from SDLC tooling
Accelerating Benefits Using CSC Agility Platform
Others…
Broad Cloud Support
CSC
CSC Managed Hybrid Cloud Service
The CSC Managed Hybrid Cloud service provides secure dedicated access between on-premises
infrastructure and the AWS Cloud. IT organizations easily migrate workloads and take advantage of cost
savings when allocating resources for dynamic projects. The CSC Managed Hybrid Cloud service
integrates technology from AWS, Brocade, AT&T, and Intel:
• AWS: Customers use AWS DirectConnect to establish private connectivity between AWS and data
centers, offices, or colocation environments.
• Brocade vRouter and the Brocade vADC: Provides additional secure access, reliability, advanced
networking, and application performance across on-premises infrastructure into an AWS VPC using
IPsec, vRouting, and application load balancing. Brocade leverages Data Plane Development Kit
(DPDK) to deliver performance, boosting packet processing and throughput.
• AT&T Netbond: Allows direct provisioning of 1G and 10G high-speed connections to an AWS VPC
within the AWS cloud infrastructure and global availability zones.
• Intel® Xeon® E5 processor: Enables Amazon EC2 to increase networking capabilities.
CSC Hybrid Cloud Service – A Cloud
Networking Strategy Foundation
• Low-latency, on-net, fully redundant
• Any-to-any, instant-on connectivity
• Eliminate data center hairpin
PERFORMANCE
• Private IP address space avoids Internet/DDoS threats
SECURITY
• API controlled for on-demand adds and bandwidth changes
AGILITY
• Scales dynamically with cloud usage; elasticity creates added pricing value
ELASTICITY
• Save as much as 60% on networking
• Cost model aligns with cloud usage
COST-EFFECTIVENESS
A network-enabled cloud solution with performance and security
Big Data Platform as a Service
APP 3
Flexible Deployment OptionsPublic
Cloud
VirtualPrivate Cloud
Dedicated Cluster
Enterprise Private Cloud
CSC Big Data Platform as a Service
APP 1
APP 2
REAL
TIMEBATCH
AD HOC
Fully Managed as a Service
Comprehensive, proactive infrastructure, and software
management eliminates the most frustrating reason open source
big data solutions fail: operational complexity.
Big Data Expertise and Experience
We have been working with Hadoop, Cassandra, and Mongo since
2011 and have implemented and managed more than 150 big data
clusters.
The Only PCI & HIPAA Compliance Certified SI Solution
CSC is the first and only solutions integrator to meet stringent PCI
and HIPAA certification standards with an open big data solution.
Integrated Audit Monitoring and Comprehensive Security
Every solution has comprehensive security activity and audit
capabilities out of the box, and can be fully configured with the
latest security features, from infrastructure to application.
Real-Time, Streaming, and In-Memory Capabilities
We have the broadest set of capabilities in the market, including
deep expertise in installing, managing, and developing big and fast
data analytics.
Demo
CSC Cybersecurity
On-Demand Workload Protection
Powered by CloudPassage
Top Challenges Facing Cloud Customers:
Why Should CSC’s Customers Care?
• Increased scrutiny and responsibility following high-profile cloud breaches
• New regulatory demands to better protect cloud-hosted data
• Existing regulations increasingly applied to cloud environments
• Require consistent security across workloads in an agile environment
• Increased criminal attention on cloud assets due to their increased adoption
• Greater threat to intellectual property as enterprises host off-premises
• “Need to protect my cloud workloads at same level as my traditional systems”
• Costs growing as internal IT security infrastructure expands
• Expanding skilled resources required to manage security of cloud assets
OPERATIONS
ADVANCED
THREATS
RISK AND COMPLIANCE
NEXT-GEN TECHNOLOGIES
• Require visibility of all assets, regardless of location or cloud provider
• Cloud expected to be cheaper than traditional —in reality, security bogs down cost, eliminates savings
• Growing risk exposure as virtual workloads increase
SUN MON TUE WED THU FRI SAT
Hosted Intrusion Detection
(HID) Costs (7 days)PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT
Vulnerability Mgmt. Costs
(7 days)PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT
Tech. Compliance
(7 days) PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT
Client Cost Implications in As-Is Model
Cost of traditional cybersecurity solution relative to overall workload cost
COST OF SECURITYIS OVERWHELMING
PAY 100%REGARDLESS OF USAGE
PAY FOR MULTIPLE SECURITY CONTROLS
Self-Managed Cloud Workload Security
Company A
Public
Private
HR Payroll
HIPAA
Big Data Germany
Production
Dev/Test
Production PCI
Amazon Web Services
Traditional IT
Endpoint Security
SIEM
Vuln.Scanning
PayrollHR
HIPAASales
Dev/Test
Managed
Workloads
Rogue
Systems
Security
Policies
CSC Cloud Security ServicesOn-Demand Workload Protection—Powered by CloudPassage
Security Information and Event Management (SIEM)
Pulse Advanced Reporting
Policy Creation, Configuration, and Management
Email-Based Alerting
Account Setup and Management
Complete Management of Cloud Workload Security
Monitored(Optional)
Consulting(Optional)
Managed
CSC CLOUD SECURITY SERVICES
Configuration Security Monitoring
Software Vulnerability Assessment
Log-Based Intrusion Detection
Workload Firewall Management
System Account Management
File Integrity Monitoring
Meet All Critical Control Objectives
Gain visibility into enterprise and individual asset security posture
Uncover and manage vulnerabilities and configuration issues
Get immediate reports showing open issues against CIS benchmarks
Do this across an entire account or department, or by type of system
Data ProtectionCompromise Management
Operational Automation
VisibilityStrong Access Control
Vulnerability Management
Ultra-lightweight
SaaS Based
Workload-Level Security
Micro-segmentation
Instant On
BENEFITS
FEATURES
Consumption-Based Pricing Lowers Operating Costs
Cost of traditional cybersecurity solution relative to overall workload cost
SUN MON TUE WED THU FRI SAT
Hosted Intrusion Detection
(HID) Costs (7 days) PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT
Vulnerability Mgmt. Costs
(7 days) PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT
Tech. Compliance
(7 days) PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT
Customer Workload Costs
(3 days)OFF OFF OFF WED THU FRI OFF
SUN MON TUE WED THU FRI SAT
On-Demand Workload
Protection (3 days)OFF OFF OFF
PROTECT PROTECT PROTECT
OFF
Customer Workload Costs
(3 days)OFF OFF OFF WED THU FRI OFF
Cost of On-Demand Workload Protection (OWP)
Co
ns
oli
da
tio
n b
y O
WP
CSC-Managed Cloud Workload Security with OWP
CSC Proprietary Pulse
Portal
Company ACSC Risk Management Center (RMC)
Managed
Workloads
Rogue
Systems
Security
Policies
Public
Private
PayrollHR
Dev / Test
GermanyPCI
HIPAA
Production
Big Data Nodes
Digital Trust: Your Future State
CSC ON-DEMAND WORKLOAD PROTECTION
Reduce cost and complexity
Enable secure adoption of
virtual technologies
Evaluate compliance with
regulatory requirements
Provide full visibility across
cloud workloads
Securely harness cloud’s flexibility
and consumption-based model
Monitor and respond to threats
24x7x365
Why CSC for On-Demand Workload Protection
Global scale
Threat intelligence
24x7 Global SOCs
1,000s of experts
CSC named a Leader in IDC MarketScape Asia/Pacific Managed Security Services 2015 Vendor Assessment
Consumption-based pricing —not just in technology, but for services
Enterprise-grade management and scalability
Customer/App/Regulation-specific policies
24x7x365 SIEM — monitoring and investigation
Pulse Customer Portal
We Understand Cybersecurity
GLOBAL CYBERSECURITY
PROFESSIONALS
2,000+
INTEGRATED GLOBAL RISK MANAGEMENT
CENTERS
5+
YEARS PROVIDING CYBERSECURITY
SERVICES
35+
GLOBAL ALLIANCE PARTNERS PROVIDING SECURITY EXPERTISE
15+
PUBLIC &
PRIVATE
SECTOR
EXPERTISE
Nearly 40 years of experience in delivering secure, managed enterprise services
Successfully supporting the world’s most security-conscious clients, including aerospace and defense, and banking and financial institutions worldwide
Helping 250+ clients manage risk and overcome the most extreme threats
Integrated global Risk Management Centers
IT security experts with in-depth experience
End-to-end visibility of customer’s enterprise governance and compliance posture
UK
Noida
Kuala
Lumpur
Sydney
Newark
CSC Proprietary Pulse Portal
24x7x365 visibility
Immediate access to detailed logs and
incident data
Executive-oriented dashboard
Performance metrics
Simple user-querying methods
Correlation of incident and vulnerability
data to provide enterprise-wide
“Situational Awareness”
EXAMPLE VIEWSPORTAL FEATURES
Thank You!
Stop by the CSC Booth (424)
Remember to complete
your evaluations!
Thank you!
For longer demos please visit the CSC (Booth 424) on the expo floor
