RightScale Webinar: Learn about the RightScale Cloud Appliance for vSphere
RightScale Webinar: Compliance in the Cloud
-
Upload
rightscale -
Category
Technology
-
view
279 -
download
2
Transcript of RightScale Webinar: Compliance in the Cloud
Compliance in the Cloud September 27, 2012
Watch the video of this webinar
# 2
Your Panel Today
Presenting:•Hunter Williams, Business Development, RightScale•Paul Jacoby, Vice President, Client Services, Logicworks•Kyle Hultman, Senior Solutions Architect, Logicworks
Q&A:David Manriquez, Account Manager, RightScale
Please use the “Questions” window to ask questions any time!
# 3
Agenda for Today• Why cloud management?• Compliance in the context of Web Infrastructure• Use Case Highlights:
o Business challengeo Private Cloudo Security overlayo RightScale incorporation
• Compliance is more than just security
Please use the “Questions” window to ask questions any time!
# 4
Why Cloud Management?
Abstraction with CustomizationComplete customization without the hassle
Tap into Cloud ExpertiseExperienced architects and support teams
Automation is the CoreMassively scalable and super agile applications
Choose Your Own CloudsVendor freedom across hardware and software
Visibility and ControlOne place to manage your infrastructure
# 5
RightScale Pioneered Cloud Management
# 6
RightScale Cloud Management
MultiCloud PlatformManage public, private, and hybrid
clouds
Configuration FrameworkProvision servers and execute scripts
with consistency
Automation EngineMonitor, alert, auto-scale, and
automate operations
MultiCloud Marketplace™Access cloud-ready, customizable
ServerTemplates™
Governance ControlsControl access and security, track
usage, and access logs
# 7
Automation Engine
• Monitoring and alerting
• Server and application
• Escalations and triggers
• Auto-scaling
• Operational automation
• Database backup, failover, recovery
• Script execution
• Code deploys and patches
Requests per second
Requests per second
Each color band is for1 server
Each color band is for1 server
Looks like load is evenly distributed across 6 of 8 serversLooks like load is evenly distributed across 6 of 8 servers
# 8
RightScale ServerTemplates™
•Reproducible: Predictable deployment
•Dynamic: Configuration from scripts at boot time
•Multi-cloud: Cloud agnostic and portable
•Modular: Role and behavior abstracted from cloud infrastructure
Configuration Framework
# 9
Governance Controls
• Access and security
• Authentication, roles, permissions
• Umbrella accounts and sharing
• Auditing and logging
• Server logs
• Infrastructure audits and tracking
• Usage and cost metering
• Cost tracking and quotas
• Real-time run rate projections
# 10
Introduction to Logicworks• Founded in 1993• Design, build manage, monitor and
maintain mission critical infrastructures• Work across industry verticals, with SaaS,
Healthcare, Media/Advertising, Financial Services and startups
• Help our clients win their deals by acting as infrastructure security experts
• Combine the efficiency and flexibility of cloud computing with our decades of experience in complex managed hosting to identify and design the right hosting solution for our clients
# 11
The Cloud, Your Way: Public. Private. Hybrid
PUBLIC CLOUD
Ideal for: Companies that have computing resource needs that vary over time
Flexibility and scalability with Logicworks’ performance and reliability
PRIVATE CLOUD
Ideal for: Software, healthcare, financial service, and ecommerce companies
High availability, performance, compliance and redundancy
Complex Managed Hosting
HYBRID CLOUD
“Own the base, rent the spike”
Ideal for: Companies that want to leverage cloud efficiency and flexibility while protecting sensitive data and proprietary information
Combines the benefit of dedicated capacity with flexible, usage based consumption
UNCOMPROMISING SUPPORT
# 12
How Logicworks Differentiates Itself
# 13
Impact of Compliance
Compliance impacts businesses differently
Drivers to compliance are different
• Range of compliance needs
• Audit questions for applications and internal processes
• Necessary documentation
• Best practices
SO WHY ARE YOU ON THIS CALL?
# 14
Compliance is Always Changing
Illustrative of how compliance requirements are ever changing • Ability to keep and grow your
client base
• Avoiding potentially heavy fines • Just having sound security practices to protect your customer‘s and your business’s IP
WHAT DRIVES COMPLIANT INFRASTRUCTURE?
A RECENT EXAMPLE OF ONE OF OUR CLIENTS
SaaS company delivering service to financial institutions
2011: 8 areas required attention
2012: 87 areas required attention
# 15
What It Takes to Be Compliant
Build and maintain secure client and administrative networks
ACCORDING TO PCI COMPLIANCE AND HIPAA STANDARDS THERE ARE MANY CATEGORIES THAT MUST BE MET TO ACHIEVE COMPLIANCE
Implement strong access control measures
Protect cardholder data and Personal Health Information
Develop and maintain a vulnerability management program
Regularly monitor and test networks
Maintain an information security policy
Background checks on employees
# 16
Compliance Use Case: Background Presently using AWS public cloud for non-compliant
and less secure apps
Secure computing is done in-house
Wanted convenience and cost benefits of cloud:• Internal IT needed a solution that satisfied their
business and legal stakeholders• Protects company against fines from HIPAA• Loss of IP• Damage to reputation
# 17
# 18
# 19
# 20
# 21
Key Partnerships for Added Security
Providing unique identifier for each admin
Ensuring lost password, user name doesn’t compromise security
Randomly generated user token, used in combination with other credentials
LW PARTNERS WITH VASCO FOR MULTI-FACTOR AUTHENTICATION WHICH IS A CRITICAL PART OF MAINTAINING TRUE SECURITY THROUGH:
# 22
Best Practice for Compliance
Network segregation
LOGICWORKS IMPLEMENTS COMPLIANCE BEST PRACTICES COMBINED INTO INTERFACE WITH MANAGEMENT CAPABILITIES:
Utilizing industry best practices
Use of DMZ and role based access controls
Management checks and balances • To ensure no changes
occur without management of client and Logicworks approval
Proactive in how we do learning around potential violations around network configuration
Strict user verifications on all changes
# 23
Incorporating RightScale
Deploying standardized VMs with non-compliant and compliant templates
• AWS for noncompliant templates
• Logicworks private cloud for compliant templates
RIGHTSCALE PLAYS A KEY ROLE IN ACHIEVING BOTH CONVENIENCE AND COMPLIANCE BY:
Track and audit templates
Provides auditors and operations the ability to have an audit trail for compliance
# 24
Solution Summary of Use Case
Business users were able to build and deploy applications quickly, easily and cost effectively
Technical teams were not constantly responding to “rush” requests
Security teams no longer had to expend extra resources doing internal audits and creating excessive documentation
Legal was satisfied that they had sufficiently mitigated corporate risk
LOGICWORKS WAS ABLE TO DELIVER A SOLUTION THAT SATISFIED ALL THE STAKEHOLDERS:
# 25
Compliance is More Than Technology
Logicworks process for additions, moves and changes
JUST AS IMPORTANT ARE THE PROCESSES WE MUST IMPLEMENT TO ENSURE THAT WE PASS AUDITS FROM BOTH REPORTING OF OUR PRACTICES AND THE DOCUMENTATION PERSPECTIVES:
Higher frequency of infrastructure and scanning for rogue devices, appropriate firewall rules and any other obvious points of intrusion into the system to better protect critical data
How data is stored and, when necessary, destroyed
Data restoration
# 26
Compliance & Security: A Partnership
Logicworks regularly assists our clients by providing information to help them meet their compliance audits to support PCI, HIPAA and SSAE16 compliance
WHILE LOGICWORKS AND OUR PARTNERS CAN DELIVER A SECURE AND COMPLAINT SOLUTION, AS WE HAVE DISCUSSED, TRUE COMPLIANCE AND REAL SECURITY ARE THE RESULT OF ALL PARTIES FOLLOWING BEST PRACTICES AND GUIDELINES:
Compliance is a team effort and Logicworks, RightScale and our other partners arethere to assist in helping businesses achieve whatever standards that they must meet
Business Associates Agreement
# 27
Q&A and Resources• Contact RightScale:
1.866.720.0208 [email protected]
@rightscale
• Contact Logicworks:866-FOR-LOGIC www.logicworks.net@logicworks
More Info:Sign up for RightScale Free Edition: RightScale.com/freeWhitepapers:
RightScale.com/whitepapersWebinar archives:
RightScale.com/webinars