SlideShare uma empresa Scribd logo
1 de 39
Baixar para ler offline
Security that works with, not
against, your SaaS business
Dave Shackleford, Lead Faculty, IANS
Rand Wacker, VP Products, CloudPassage
10/2/2013
Who We Are
Dave Shackleford
Lead Faculty at IANS
Copyright © 2013 IANS. All rights reserved. 2
Rand Wacker
VP of Products at
CloudPassage
Virtualization: First step to Cloud
• Security is in
upheaval
• We must adapt to
cloud disruption
• Check out Dave’s
Cloud Security
classes with SANS
Copyright © 2013 IANS. All rights reserved. 3
Overview for Today
• Business imperatives for SaaS
• Cloud-based delivery architecture
• Security complexity in agile cloud environments
• Customer case studies with Halo Enterprise
• Q&A
Copyright © 2013 IANS. All rights reserved. 4
Moving to a SaaS Business
© 2013 CloudPassage Inc.
Two Sides of the SaaS Coin
What Custs Fear
– Loss of data / I.P.
– Their brand being caught
up in a compromise
– Failing their own audits
– Having to migrate to
another provider later…
What You Want
– Recurring revenue
– Organic incremental sales
– Nothing to ship, one
codebase to support
– Higher profit margins at
scale…
Data protection is often a new business
challenge for software providers.
© 2013 CloudPassage Inc.
SaaS Adoption and Fear Trends
SaaS is the primary cloud investment
• 82% of companies use SaaS providers
• 50% use SaaS for business-critical apps
Source: North Bridge Capital “Future of the Cloud” survey (June 2012)
Security, compliance still top concerns
• 55% consider security a major issue
• 38% view compliance as show-stopper
© 2013 CloudPassage Inc.
SaaS Adoption and Fear Trends
SaaS is the primary cloud investment
• 82% of companies use SaaS providers
• 50% use SaaS for business-critical apps
Source: North Bridge Capital “Future of the Cloud” survey (June 2012)
Security, compliance still top concerns
• 55% consider security a major issue
• 38% view compliance as show-stopper
Companies want to use SaaS
but fear security issues.
SaaS providers who get
security right are at a massive
advantage over competitors.
© 2013 CloudPassage Inc.
What SaaS Customers Demand
2700
2
Maintaining compliance is more complex in
dynamic cloud-based environments.
Building SaaS Today
© 2013 CloudPassage Inc.
Cloud Accelerates SaaS Dev
• SaaS feature development
must stay ahead of
competition
• DevOps and cloud
architectures enable agile
development
• Accelerates time-to-
market, but complicates
security…
© 2013 CloudPassage Inc.
Poll: SaaS Challenges
• What are your biggest challenges in
building/transitioning to a SaaS business
model? (Select all that apply)
– Organizational expertise in building SaaS offerings
– Security of service/customer data
– Transitioning customers from perpetual to subscription
– Cannibalization of existing revenue streams
– Other
Securing Cloud Development
Cloud Security Challenges
• There are many security challenges in cloud computing
• Some are more technical
– Tracking data migration from abc (mobility)
– Data/customer segmentation (Multi-tenancy)
– Identity and Access Management
– Incident response in multitenant environments
• Some are more “macro” level issues:
– Policy and Risk Assessment
– Governance
– Audit requirements
– Compliance
“If you’re a large
enterprise, somebody in
your organization is using
cloud computing, but
they’re not telling you.”
--James Staten, principal
analyst at Forrester
Research
The Role of Virtualization in the Cloud
• Virtualization is a cloud enabler
– Pooled resources
– Abstracted components and applications
– Shared infrastructure
– Resource and data migration and replication
• Virtualization technologies have security issues, too:
– More complexity, more moving parts
– New configuration controls
– Segmentation and separation
– Monitoring
Multi-tenancy: Security Issues
• One physical platform may host numerous
distinct entities’ data and services
• Critical needs arise for:
– Segmentation & Isolation
– Policy boundaries
– Monitoring (availability/security)
– Management
• Needs may differ for private vs. public cloud
types
Visibility
• Visibility is a challenge in cloud
environments – why?
– Customers do not have visibility into the
internal security controls in place at a cloud
provider facility
– Cloud providers need controls that are
flexible and dynamic across different
environments
Gaining Additional Visibility
• SaaS environments will employ IaaS principles
and infrastructure to host VMs and application
instances
• Monitoring these instances can be a challenge
as they migrate and balance across clusters
• Traditional tools for monitoring (IDS, for
example) may have difficulty “following” systems
or gaining visibility into virtual environments
• Monitoring at the individual VM level makes
more sense in a cloud infrastructure
Copyright © 2013 IANS. All rights reserved. 18
Change Management in the Cloud
• Change management is one of the most important
operational aspects of the cloud
• Cloud computing is built on a foundation of
consistency and uniformity
– Changes can affect this dramatically
• Issues:
– Virtualized infrastructure increases the rate of change due
to dynamic nature
– Virtualization and multi-tenancy add new levels of
complexity
• App Virtual OS Virtual Hardware Storage
Hypervisor Platform Physical Hardware
Automation and DevOps
• In many SaaS cloud environments today, numerous
small/rapid code pushes are becoming necessary
– Automating this process with proper test and risk
assessment is key
• DevOps strives for a number of goals and focal
areas:
– Automated provisioning
– No-downtime deployments
– Monitoring
– “Fail fast and often”
– Automated builds and testing
Traditional Security Breaks Cloud Ops
• Many traditional security tools and controls are
not well-suited to dynamic cloud operational
environments
• In general, many network-focused and larger
architectural controls can be slow to
change/adapt
– Orchestration tools can help, but API support is
required
Copyright © 2013 IANS. All rights reserved. 21
Host-Based Security in Cloud Environments
• For truly dynamic SaaS deployments, security
architecture will be a balance of network and
host controls
– Many are leaning more toward local system security
controls, though
• Some of the challenges include:
– Resource utilization
– Integration with virtualization platforms
– Testing with SaaS application instances
– Manageability
Copyright © 2013 IANS. All rights reserved. 22
Host-based Security Agents
• The biggest issue with host-based security
agents is resource consumption
– Too much RAM, CPU, etc.
– This is a serious issue in virtualized environments
• A lightweight, specially-adapted agent is needed
• Tight integration with the OS kernel and
components is also key
– Local scans and monitoring need to be as low-impact
as possible
– Scalability and centralized control are critical
© 2013 CloudPassage Inc.
Introducing
Halo Enterprise
© 2013 CloudPassage Inc.
Halo Enterprise automates
security for large, complex
private, public & hybrid clouds
• Visibility & control across any infrastructure
• Less time demanded from DevOps & Security
• More competitive SaaS offerings
• Meet compliance needs, remove sales
barriers
Confidential NDA material. Do not distribute.
Security and Compliance Automation
Protect servers and applications in any private,
public, or hybrid cloud environment
Server Account
Managements
Security Event
Alerting
File Integrity
Monitoring
REST API
Integrations
Broad set of security controls, critical for
securing cloud-hosted applications
Firewall Automation
System & Application
Config Security
Multi-Factor
Authentication
Vulnerability &
Patch Scanning
Private cloud &
SDDC
Virtualized & bare-metal
datacenterPublic cloud IaaS
Halo security
analytics engine
Halo administration
web portal
Halo REST
API gateway
HALO SECURITY MODULES
• Firewall policy orchestration
• Multi-factor authentication
• File integrity monitoring
• Configuration security monitoring
• Software vulnerability scanning
• System access management
Workload VM Instance
Operating System
Application Code
System Administration Services
Application
Engine
App Storage
Volume
System Storage
Volume
Halo Daemon
1
Halo activates firewall on boot, applies latest
policies, and orchestrates ongoing policy updates.
1
2
Halo secures privileged access via dynamic firewall
rules triggered by multi-factor user authentication.
2
4
Application configurations are scanned for
vulnerabilities and are continuously monitored.
4
5
Cryptographic integrity monitoring ensures app
code and binaries are not compromised.
5
6
Halo monitors system binary and config files for
correct ACLs, file integrity, and vulnerabilities.
6
Halo scans O.S. configurations for vulnerabilities
and continuously monitors O.S. state and activity.
3
3
7
Application data stores are monitored for access;
outbound firewall rules prevent data extrusion.
7
© 2013 CloudPassage Inc.
Solving Cloud Security Challenges
Cloud Complications
Virtualization and multi-
tenancy
Maintaining visibility
Taming change
management
Supporting automation &
DevOps
CloudPassage
Approach
Build security into cloud
stack
Design for
automation, portability, an
d scalability
Broad range of security
controls
Simplify compliance
management
© 2013 CloudPassage Inc.
Cloud Security
Case Studies
© 2013 CloudPassage Inc.
Poll: SaaS Offerings
• Today, what percentage of your
business is from a SaaS offering (vs
boxed product or other?)
– All
– More than half
– Less than half
– None
– Not applicable to our organization
© 2013 CloudPassage Inc.
Case Study: Enabling SaaSification
• Top 10 Fortune’s software list
• Corporate imperative move
boxed product to SaaS
• Security is paramount;
customers demand
SOC2, HIPAA, etc
• Running across mix of
AWS, VMware, and others
© 2013 CloudPassage Inc.
Case Study: Enabling SaaSification
Product
Line 1
Product
Line 2
Product
Line 3
SaaS
Product 1
SaaS
Product 2
SaaS
Product 3
Halo automates security
and compliance for each
BU running in cloud
Halo security
platform
Halo Benefits
• Enable fast and agile
DevOps model
• Security built into stack
for portability
• Ensures consistency of
servers, visibility, and
enables rapid response
© 2013 CloudPassage Inc.
Case Study: Securing Acquisitions
• B2B SaaS pioneer
• Core product in virtualized
datacenters, traditional
security practices
• 20+ acquisitions for growth:
most built in public cloud
• Must extend security and
compliance across any
infrastructure
© 2013 CloudPassage Inc.
Case Study: Securing Acquisitions
Core Product Datacenter
& IT Security Operations
Halo provides security
and compliance across
all environments
Acquisitions built in public &
private clouds
Halo Benefits
• Easily installs into any
cloud architecture
• No disruption to
development pace
• Extends existing
security operations to
cloud
Wrap Up
Summary
• SaaS businesses require strong security
• Cloud-based development complicates
traditional security
• Security and compliance must enhance, not
slow down, agile SaaS development
• Focus security architecture on automation,
portability, and visibility
Copyright © 2013 IANS. All rights reserved. 37
Q&A and Additional Information
Dave Shackleford
Lead Faculty, IANS
@ians_security
Copyright © 2013 IANS. All rights reserved. 38
cloudpassage.com/saas
Rand Wacker
VP, Producs
@cloudpassage
Securing SaaS whitepaper
Request a Halo demo or free trial
Thank You!

Mais conteúdo relacionado

Mais procurados

GDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestGDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestAdrian Dumitrescu
 
VMware: my jsme “software defined”
VMware: my jsme “software defined”VMware: my jsme “software defined”
VMware: my jsme “software defined”MarketingArrowECS_CZ
 
Getting ready for Infrastructure Transformation with hyper-converged
Getting ready for Infrastructure Transformation with hyper-convergedGetting ready for Infrastructure Transformation with hyper-converged
Getting ready for Infrastructure Transformation with hyper-convergedSynapse360
 
Federal Webinar: Technical Update and Demo of New Features
Federal Webinar: Technical Update and Demo of New FeaturesFederal Webinar: Technical Update and Demo of New Features
Federal Webinar: Technical Update and Demo of New FeaturesSolarWinds
 
VMworld 2013: VMware Horizon Workspace at Scale: Deploying to 15,000 VMware E...
VMworld 2013: VMware Horizon Workspace at Scale: Deploying to 15,000 VMware E...VMworld 2013: VMware Horizon Workspace at Scale: Deploying to 15,000 VMware E...
VMworld 2013: VMware Horizon Workspace at Scale: Deploying to 15,000 VMware E...VMworld
 
Federal Webinar: Improve IT Service Management and help meet Federal Standards
Federal Webinar: Improve IT Service Management and help meet Federal StandardsFederal Webinar: Improve IT Service Management and help meet Federal Standards
Federal Webinar: Improve IT Service Management and help meet Federal StandardsSolarWinds
 
Predicting the Future of Endpoint Management in a Mobile World
Predicting the Future of Endpoint Management in a Mobile WorldPredicting the Future of Endpoint Management in a Mobile World
Predicting the Future of Endpoint Management in a Mobile WorldQuest
 
SAP Cloud security overview 2.0
SAP Cloud security overview 2.0SAP Cloud security overview 2.0
SAP Cloud security overview 2.0Rasmi Swain
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools SolarWinds
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Ensuring Rock-Solid Unified Endpoint Management
Ensuring Rock-Solid Unified Endpoint ManagementEnsuring Rock-Solid Unified Endpoint Management
Ensuring Rock-Solid Unified Endpoint ManagementQuest
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAmazon Web Services
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld
 
Testting application with a presentation downloaded from the internet
Testting application with a presentation downloaded from the internetTestting application with a presentation downloaded from the internet
Testting application with a presentation downloaded from the internetindradipg
 

Mais procurados (20)

GDPR Part 3: Practical Quest
GDPR Part 3: Practical QuestGDPR Part 3: Practical Quest
GDPR Part 3: Practical Quest
 
So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.
 
VMware: my jsme “software defined”
VMware: my jsme “software defined”VMware: my jsme “software defined”
VMware: my jsme “software defined”
 
Getting ready for Infrastructure Transformation with hyper-converged
Getting ready for Infrastructure Transformation with hyper-convergedGetting ready for Infrastructure Transformation with hyper-converged
Getting ready for Infrastructure Transformation with hyper-converged
 
IaaS
IaaSIaaS
IaaS
 
Federal Webinar: Technical Update and Demo of New Features
Federal Webinar: Technical Update and Demo of New FeaturesFederal Webinar: Technical Update and Demo of New Features
Federal Webinar: Technical Update and Demo of New Features
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012Enterprise Security in Hybrid Cloud ISACA-SV 2012
Enterprise Security in Hybrid Cloud ISACA-SV 2012
 
VMworld 2013: VMware Horizon Workspace at Scale: Deploying to 15,000 VMware E...
VMworld 2013: VMware Horizon Workspace at Scale: Deploying to 15,000 VMware E...VMworld 2013: VMware Horizon Workspace at Scale: Deploying to 15,000 VMware E...
VMworld 2013: VMware Horizon Workspace at Scale: Deploying to 15,000 VMware E...
 
Federal Webinar: Improve IT Service Management and help meet Federal Standards
Federal Webinar: Improve IT Service Management and help meet Federal StandardsFederal Webinar: Improve IT Service Management and help meet Federal Standards
Federal Webinar: Improve IT Service Management and help meet Federal Standards
 
Vormetric - Gherkin Event
Vormetric - Gherkin EventVormetric - Gherkin Event
Vormetric - Gherkin Event
 
Predicting the Future of Endpoint Management in a Mobile World
Predicting the Future of Endpoint Management in a Mobile WorldPredicting the Future of Endpoint Management in a Mobile World
Predicting the Future of Endpoint Management in a Mobile World
 
SAP Cloud security overview 2.0
SAP Cloud security overview 2.0SAP Cloud security overview 2.0
SAP Cloud security overview 2.0
 
Information Security
Information SecurityInformation Security
Information Security
 
VMware Workspace One
VMware Workspace OneVMware Workspace One
VMware Workspace One
 
Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
 
Ensuring Rock-Solid Unified Endpoint Management
Ensuring Rock-Solid Unified Endpoint ManagementEnsuring Rock-Solid Unified Endpoint Management
Ensuring Rock-Solid Unified Endpoint Management
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App Security
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
 
Testting application with a presentation downloaded from the internet
Testting application with a presentation downloaded from the internetTestting application with a presentation downloaded from the internet
Testting application with a presentation downloaded from the internet
 

Destaque

SaaS Implementation
SaaS ImplementationSaaS Implementation
SaaS ImplementationHROAssoc
 
Consumer Internet Insights - Jeyandran Venugopal
Consumer Internet Insights  - Jeyandran VenugopalConsumer Internet Insights  - Jeyandran Venugopal
Consumer Internet Insights - Jeyandran VenugopalLounge47
 
Services Strategies for Saas Software Companies
Services Strategies for Saas Software CompaniesServices Strategies for Saas Software Companies
Services Strategies for Saas Software CompaniesAndrew Marks
 
HRIS Implementation and Change Management
HRIS Implementation and Change ManagementHRIS Implementation and Change Management
HRIS Implementation and Change ManagementThu Nandi Nwe
 
Why Software as a Service (SaaS) requires a new approach to Application Manag...
Why Software as a Service (SaaS) requires a new approach to Application Manag...Why Software as a Service (SaaS) requires a new approach to Application Manag...
Why Software as a Service (SaaS) requires a new approach to Application Manag...Accenture Technology
 
Best Practices for Managing SaaS Applications
Best Practices for Managing SaaS ApplicationsBest Practices for Managing SaaS Applications
Best Practices for Managing SaaS ApplicationsCorrelsense
 

Destaque (6)

SaaS Implementation
SaaS ImplementationSaaS Implementation
SaaS Implementation
 
Consumer Internet Insights - Jeyandran Venugopal
Consumer Internet Insights  - Jeyandran VenugopalConsumer Internet Insights  - Jeyandran Venugopal
Consumer Internet Insights - Jeyandran Venugopal
 
Services Strategies for Saas Software Companies
Services Strategies for Saas Software CompaniesServices Strategies for Saas Software Companies
Services Strategies for Saas Software Companies
 
HRIS Implementation and Change Management
HRIS Implementation and Change ManagementHRIS Implementation and Change Management
HRIS Implementation and Change Management
 
Why Software as a Service (SaaS) requires a new approach to Application Manag...
Why Software as a Service (SaaS) requires a new approach to Application Manag...Why Software as a Service (SaaS) requires a new approach to Application Manag...
Why Software as a Service (SaaS) requires a new approach to Application Manag...
 
Best Practices for Managing SaaS Applications
Best Practices for Managing SaaS ApplicationsBest Practices for Managing SaaS Applications
Best Practices for Managing SaaS Applications
 

Semelhante a Security that works with, not against, your SaaS business

Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedNorm Barber
 
Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Agora Group
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloudAjay Rathi
 
Evaluating the Cloud
Evaluating the CloudEvaluating the Cloud
Evaluating the CloudSociusPartner
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013David Linthicum
 
360 facility
360 facility360 facility
360 facilityqjopera
 
Best practices for application migration to public clouds interop presentation
Best practices for application migration to public clouds interop presentationBest practices for application migration to public clouds interop presentation
Best practices for application migration to public clouds interop presentationesebeus
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
Govern and Protect Your End User Information
Govern and Protect Your End User InformationGovern and Protect Your End User Information
Govern and Protect Your End User InformationDenodo
 
ShareResponsibilityModel.pptx
ShareResponsibilityModel.pptxShareResponsibilityModel.pptx
ShareResponsibilityModel.pptxBabatundeAbioye2
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Building the Agile Enterprise - Cloud Computing
Building the Agile Enterprise - Cloud ComputingBuilding the Agile Enterprise - Cloud Computing
Building the Agile Enterprise - Cloud ComputingSrinivas Koushik
 
Applying systems thinking to AWS enterprise application migration
Applying systems thinking to AWS enterprise application migrationApplying systems thinking to AWS enterprise application migration
Applying systems thinking to AWS enterprise application migrationKacy Clarke
 
Migration into a Cloud
Migration into a CloudMigration into a Cloud
Migration into a CloudDivya S
 

Semelhante a Security that works with, not against, your SaaS business (20)

Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
 
Architecting SaaS
Architecting SaaSArchitecting SaaS
Architecting SaaS
 
Evaluating the Cloud
Evaluating the CloudEvaluating the Cloud
Evaluating the Cloud
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013
 
360 facility
360 facility360 facility
360 facility
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation Enabler
 
Best practices for application migration to public clouds interop presentation
Best practices for application migration to public clouds interop presentationBest practices for application migration to public clouds interop presentation
Best practices for application migration to public clouds interop presentation
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
 
Govern and Protect Your End User Information
Govern and Protect Your End User InformationGovern and Protect Your End User Information
Govern and Protect Your End User Information
 
ShareResponsibilityModel.pptx
ShareResponsibilityModel.pptxShareResponsibilityModel.pptx
ShareResponsibilityModel.pptx
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Building the Agile Enterprise - Cloud Computing
Building the Agile Enterprise - Cloud ComputingBuilding the Agile Enterprise - Cloud Computing
Building the Agile Enterprise - Cloud Computing
 
Applying systems thinking to AWS enterprise application migration
Applying systems thinking to AWS enterprise application migrationApplying systems thinking to AWS enterprise application migration
Applying systems thinking to AWS enterprise application migration
 
Stefan Haase Cloud
Stefan Haase CloudStefan Haase Cloud
Stefan Haase Cloud
 
Migration into a Cloud
Migration into a CloudMigration into a Cloud
Migration into a Cloud
 

Mais de CloudPassage

CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage CareersCloudPassage
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerCloudPassage
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectCloudPassage
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of ITCloudPassage
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloudPassage
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsCloudPassage
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the CloudCloudPassage
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachCloudPassage
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOpsCloudPassage
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesCloudPassage
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityCloudPassage
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageCloudPassage
 
Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsDelivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsCloudPassage
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage OverviewCloudPassage
 
Halo Installfest Slides
Halo Installfest SlidesHalo Installfest Slides
Halo Installfest SlidesCloudPassage
 
Automating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeAutomating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeCloudPassage
 
BSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the CloudBSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the CloudCloudPassage
 
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecSecuring Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecCloudPassage
 

Mais de CloudPassage (20)

CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage Careers
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated Approach
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud Security
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
 
Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsDelivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS Products
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
 
Halo Installfest Slides
Halo Installfest SlidesHalo Installfest Slides
Halo Installfest Slides
 
Automating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeAutomating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it Safe
 
BSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the CloudBSides SF - Automating Security for the Cloud
BSides SF - Automating Security for the Cloud
 
Securing Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSecSecuring Your Cloud Servers with Halo NetSec
Securing Your Cloud Servers with Halo NetSec
 

Último

Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 

Último (20)

Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 

Security that works with, not against, your SaaS business

  • 1. Security that works with, not against, your SaaS business Dave Shackleford, Lead Faculty, IANS Rand Wacker, VP Products, CloudPassage 10/2/2013
  • 2. Who We Are Dave Shackleford Lead Faculty at IANS Copyright © 2013 IANS. All rights reserved. 2 Rand Wacker VP of Products at CloudPassage
  • 3. Virtualization: First step to Cloud • Security is in upheaval • We must adapt to cloud disruption • Check out Dave’s Cloud Security classes with SANS Copyright © 2013 IANS. All rights reserved. 3
  • 4. Overview for Today • Business imperatives for SaaS • Cloud-based delivery architecture • Security complexity in agile cloud environments • Customer case studies with Halo Enterprise • Q&A Copyright © 2013 IANS. All rights reserved. 4
  • 5. Moving to a SaaS Business
  • 6. © 2013 CloudPassage Inc. Two Sides of the SaaS Coin What Custs Fear – Loss of data / I.P. – Their brand being caught up in a compromise – Failing their own audits – Having to migrate to another provider later… What You Want – Recurring revenue – Organic incremental sales – Nothing to ship, one codebase to support – Higher profit margins at scale… Data protection is often a new business challenge for software providers.
  • 7. © 2013 CloudPassage Inc. SaaS Adoption and Fear Trends SaaS is the primary cloud investment • 82% of companies use SaaS providers • 50% use SaaS for business-critical apps Source: North Bridge Capital “Future of the Cloud” survey (June 2012) Security, compliance still top concerns • 55% consider security a major issue • 38% view compliance as show-stopper
  • 8. © 2013 CloudPassage Inc. SaaS Adoption and Fear Trends SaaS is the primary cloud investment • 82% of companies use SaaS providers • 50% use SaaS for business-critical apps Source: North Bridge Capital “Future of the Cloud” survey (June 2012) Security, compliance still top concerns • 55% consider security a major issue • 38% view compliance as show-stopper Companies want to use SaaS but fear security issues. SaaS providers who get security right are at a massive advantage over competitors.
  • 9. © 2013 CloudPassage Inc. What SaaS Customers Demand 2700 2 Maintaining compliance is more complex in dynamic cloud-based environments.
  • 11. © 2013 CloudPassage Inc. Cloud Accelerates SaaS Dev • SaaS feature development must stay ahead of competition • DevOps and cloud architectures enable agile development • Accelerates time-to- market, but complicates security…
  • 12. © 2013 CloudPassage Inc. Poll: SaaS Challenges • What are your biggest challenges in building/transitioning to a SaaS business model? (Select all that apply) – Organizational expertise in building SaaS offerings – Security of service/customer data – Transitioning customers from perpetual to subscription – Cannibalization of existing revenue streams – Other
  • 14. Cloud Security Challenges • There are many security challenges in cloud computing • Some are more technical – Tracking data migration from abc (mobility) – Data/customer segmentation (Multi-tenancy) – Identity and Access Management – Incident response in multitenant environments • Some are more “macro” level issues: – Policy and Risk Assessment – Governance – Audit requirements – Compliance “If you’re a large enterprise, somebody in your organization is using cloud computing, but they’re not telling you.” --James Staten, principal analyst at Forrester Research
  • 15. The Role of Virtualization in the Cloud • Virtualization is a cloud enabler – Pooled resources – Abstracted components and applications – Shared infrastructure – Resource and data migration and replication • Virtualization technologies have security issues, too: – More complexity, more moving parts – New configuration controls – Segmentation and separation – Monitoring
  • 16. Multi-tenancy: Security Issues • One physical platform may host numerous distinct entities’ data and services • Critical needs arise for: – Segmentation & Isolation – Policy boundaries – Monitoring (availability/security) – Management • Needs may differ for private vs. public cloud types
  • 17. Visibility • Visibility is a challenge in cloud environments – why? – Customers do not have visibility into the internal security controls in place at a cloud provider facility – Cloud providers need controls that are flexible and dynamic across different environments
  • 18. Gaining Additional Visibility • SaaS environments will employ IaaS principles and infrastructure to host VMs and application instances • Monitoring these instances can be a challenge as they migrate and balance across clusters • Traditional tools for monitoring (IDS, for example) may have difficulty “following” systems or gaining visibility into virtual environments • Monitoring at the individual VM level makes more sense in a cloud infrastructure Copyright © 2013 IANS. All rights reserved. 18
  • 19. Change Management in the Cloud • Change management is one of the most important operational aspects of the cloud • Cloud computing is built on a foundation of consistency and uniformity – Changes can affect this dramatically • Issues: – Virtualized infrastructure increases the rate of change due to dynamic nature – Virtualization and multi-tenancy add new levels of complexity • App Virtual OS Virtual Hardware Storage Hypervisor Platform Physical Hardware
  • 20. Automation and DevOps • In many SaaS cloud environments today, numerous small/rapid code pushes are becoming necessary – Automating this process with proper test and risk assessment is key • DevOps strives for a number of goals and focal areas: – Automated provisioning – No-downtime deployments – Monitoring – “Fail fast and often” – Automated builds and testing
  • 21. Traditional Security Breaks Cloud Ops • Many traditional security tools and controls are not well-suited to dynamic cloud operational environments • In general, many network-focused and larger architectural controls can be slow to change/adapt – Orchestration tools can help, but API support is required Copyright © 2013 IANS. All rights reserved. 21
  • 22. Host-Based Security in Cloud Environments • For truly dynamic SaaS deployments, security architecture will be a balance of network and host controls – Many are leaning more toward local system security controls, though • Some of the challenges include: – Resource utilization – Integration with virtualization platforms – Testing with SaaS application instances – Manageability Copyright © 2013 IANS. All rights reserved. 22
  • 23. Host-based Security Agents • The biggest issue with host-based security agents is resource consumption – Too much RAM, CPU, etc. – This is a serious issue in virtualized environments • A lightweight, specially-adapted agent is needed • Tight integration with the OS kernel and components is also key – Local scans and monitoring need to be as low-impact as possible – Scalability and centralized control are critical
  • 24. © 2013 CloudPassage Inc. Introducing Halo Enterprise
  • 25. © 2013 CloudPassage Inc. Halo Enterprise automates security for large, complex private, public & hybrid clouds • Visibility & control across any infrastructure • Less time demanded from DevOps & Security • More competitive SaaS offerings • Meet compliance needs, remove sales barriers
  • 26. Confidential NDA material. Do not distribute. Security and Compliance Automation Protect servers and applications in any private, public, or hybrid cloud environment Server Account Managements Security Event Alerting File Integrity Monitoring REST API Integrations Broad set of security controls, critical for securing cloud-hosted applications Firewall Automation System & Application Config Security Multi-Factor Authentication Vulnerability & Patch Scanning
  • 27. Private cloud & SDDC Virtualized & bare-metal datacenterPublic cloud IaaS Halo security analytics engine Halo administration web portal Halo REST API gateway HALO SECURITY MODULES • Firewall policy orchestration • Multi-factor authentication • File integrity monitoring • Configuration security monitoring • Software vulnerability scanning • System access management
  • 28. Workload VM Instance Operating System Application Code System Administration Services Application Engine App Storage Volume System Storage Volume Halo Daemon 1 Halo activates firewall on boot, applies latest policies, and orchestrates ongoing policy updates. 1 2 Halo secures privileged access via dynamic firewall rules triggered by multi-factor user authentication. 2 4 Application configurations are scanned for vulnerabilities and are continuously monitored. 4 5 Cryptographic integrity monitoring ensures app code and binaries are not compromised. 5 6 Halo monitors system binary and config files for correct ACLs, file integrity, and vulnerabilities. 6 Halo scans O.S. configurations for vulnerabilities and continuously monitors O.S. state and activity. 3 3 7 Application data stores are monitored for access; outbound firewall rules prevent data extrusion. 7
  • 29. © 2013 CloudPassage Inc. Solving Cloud Security Challenges Cloud Complications Virtualization and multi- tenancy Maintaining visibility Taming change management Supporting automation & DevOps CloudPassage Approach Build security into cloud stack Design for automation, portability, an d scalability Broad range of security controls Simplify compliance management
  • 30. © 2013 CloudPassage Inc. Cloud Security Case Studies
  • 31. © 2013 CloudPassage Inc. Poll: SaaS Offerings • Today, what percentage of your business is from a SaaS offering (vs boxed product or other?) – All – More than half – Less than half – None – Not applicable to our organization
  • 32. © 2013 CloudPassage Inc. Case Study: Enabling SaaSification • Top 10 Fortune’s software list • Corporate imperative move boxed product to SaaS • Security is paramount; customers demand SOC2, HIPAA, etc • Running across mix of AWS, VMware, and others
  • 33. © 2013 CloudPassage Inc. Case Study: Enabling SaaSification Product Line 1 Product Line 2 Product Line 3 SaaS Product 1 SaaS Product 2 SaaS Product 3 Halo automates security and compliance for each BU running in cloud Halo security platform Halo Benefits • Enable fast and agile DevOps model • Security built into stack for portability • Ensures consistency of servers, visibility, and enables rapid response
  • 34. © 2013 CloudPassage Inc. Case Study: Securing Acquisitions • B2B SaaS pioneer • Core product in virtualized datacenters, traditional security practices • 20+ acquisitions for growth: most built in public cloud • Must extend security and compliance across any infrastructure
  • 35. © 2013 CloudPassage Inc. Case Study: Securing Acquisitions Core Product Datacenter & IT Security Operations Halo provides security and compliance across all environments Acquisitions built in public & private clouds Halo Benefits • Easily installs into any cloud architecture • No disruption to development pace • Extends existing security operations to cloud
  • 37. Summary • SaaS businesses require strong security • Cloud-based development complicates traditional security • Security and compliance must enhance, not slow down, agile SaaS development • Focus security architecture on automation, portability, and visibility Copyright © 2013 IANS. All rights reserved. 37
  • 38. Q&A and Additional Information Dave Shackleford Lead Faculty, IANS @ians_security Copyright © 2013 IANS. All rights reserved. 38 cloudpassage.com/saas Rand Wacker VP, Producs @cloudpassage Securing SaaS whitepaper Request a Halo demo or free trial