Architecture, Security and Scalability in the Cloud
Andrey Kolesnikov VP, TechOps
Pritesh ParekhChief Security Officer
Agenda
Industry Trends
Compliance Strategy
Securing SaaS
Product Security
Look Inside the platform
Scale and Resiliency
Ops Approach
Security and
Trust
Industry Data
Security Breaches
Courtesy: www.informationisbeautiful.net
Courtesy: Symantec 2015 Internet Security Threat Report
Industry Data
Security Breaches
2014
Courtesy: Symantec 2015 Internet Security Threat Report
Industry Data
Security Breaches
2014
Courtesy: Symantec 2015 Internet Security Threat Report
Industry Data Security Breaches 2014
Courtesy: Symantec 2015 Internet Security Threat Report
Industry Data
Security Breaches
2014• Top 3 entry point used for hacking
• Weak Authentication (Employee or Third Party Vendors)
• Malware infected using Phishing
• Application or Server Weakness
• Top motives are CC data and PII with email address
• Average Cost per data breach is $3.5 million or $145 per compromised
record (does not include loss of reputation)
• Hackers targeting CFOs to gain monetary advantage on market moving
information
Industry Leading
Compliance Strategy
• Required for all service providers storing or processing credit cards
• PCI DSS Level 1 since 2008• 200+ Security Controls required
• Supports Customer SOX compliance• SSAE 16 SOC 1 Type II since 2009• SOC 2 Type II based on Trust Services Principles
• HHS HIPAA audit program as a Business Associate• Compliance with Security, Privacy and Breach Notification
requirements
• Provides a method for U.S. companies to transfer personal data from the EU to US
• Protection of consumer personal data
Enterprise-grade Data Security
• TLS Encryption
• Network Firewall and Web Application Firewall
• Host Intrusion Detection Systems
• Sensitive Data Encryption using FIPS certified Hardware Encryption
• Multiple layers of authentication
• Continuous Application Pen Testing
• Daily Network Scans & Third Party Security testing
• Centralized Logging and Real-time Alerting
• Secure SSAE16 Compliant Data Centers
Load Balancers Load Balancers
Log ServersDB Servers
Firewall IDS
Firewall IDS
Zuora UI Customer Apps APIs
TLS
Storage
Encryption ApplianceApp Servers
Enterprise-grade Data Security
Strong authentication features
support enterprise ecosystem
integration• Strong Security Policies
• 2-factor Authentication
• Single Sign-on support
• IP-address filtering
Granular data access features supports SOX compliance requirements
65 distinct permissions for standard and admin user roles
Data Access Control
WORLDWIDE
NORTH AMERICA
US CANADA
EUROPE
ITALY FRANCE
• Greater Control with the hierarchy based data access feature
• Access can be granted on a need-to-know basis (department, geo-location, product etc.)
Data Access Control
Ops
Private CloudCommercial SoftwareQuarterly ReleasesSQL VMsMTBFDIY
Stack Trends
Public CloudOSSContinuous DeliveryNoSQLContainersMTTRSaaS
SaaS v1.0 SaaS v2.Current
SLIDE HEADER
Across Zuora Platform
Transactions a
month
Rows of data
synchronized and
exported
Average Monthly Volume Snapshot:
Average platform
compute utilization
1.3B
22B
40%
3 Team Pillars
Customer, Technology,
Business
50/50Developer/
SysEng Ratio
2 Public Cloud
Regions
2Operation Centers
900+ Nodes
2 Geo Distributed
datacenters
Look Inside
TiersEphemeral
Persistent
Infrastructure
Fault
DomainsVertical
Horizontal
ScaleHorizontal
Vertical
Partition
Approach to
Infrastructure
Embed Ops into Dev
Durability > Availability
API > Scripts
Metrics, Metrics, Metrics
Ops Approach
GRIDGRIDSummary
GRID
• Compliance Certifications – PCI, SOC1, SOC2 and HIPPA
• Data Security – Web Application Firewall, Host Based Intrusion Detection System and Continuous Security Testing
• Product Security – 2FA, SSO, Data Access Controls and Strong Security Policies
• Infrastructure – Public/Private Cloud, OSS
• Architecture – Right size/approach for the problem
• Operators – Mix of Developers and Systems Engineers
HEADING
Section break slide
Q&A
Top Related