5. Global Reach
24X7 Operations
Following Sun
57Countries.
33 Languages.
Over 400
Customers
Strong presence in Media / Life Sciences / Manufacturing /
Education Verticals
11. AWS Global Infrastructure
US West
(Northern
California)
US East
(Northern
Virginia)
EU
(Ireland)
Asia
Pacific
(Singapore)
Asia
Pacific
(Tokyo)
GovCloud
(US ITAR
Region)
US West
(Oregon)
South
America
(Sao Paulo)
AWS Regions
AWS Edge Locations
14. AWS Media Platform Overview
Digital Asset Management Media Distribution
Encoding Storage
Media Management Services
File Transfer
Web and Media
Servers
Database
Media Distribution Services
Content Delivery Network
Deployment & Administration
15. AWS’s File Transfer Services
Services that help you move your
large media files to the AWS Cloud
AWS
AWS Direct Connect
Private, Dedicated Connection to AWS
Amazon Virtual Private Cloud
VPN to Extend Your Network Topology to AWS
AWS Import / Export
Hard Disk transfer to and from AWS
Encoding Storage
Media Management Services
File Transfer
16. AWS’s Storage Services
Services that store and archive
your media files
Encoding Storage
Media Management Services
File Transfer
Amazon Simple Storage Service (S3)
Redundant, High-Scale Object Store
Amazon Elastic Block Store (EBS)
Persistent block storage for EC2
Amazon Glacier
Extremely Low-Cost, High-Scale Archive Storage
17. AWS’s Services for
Encoding
Services that help you encode
your media files
Encoding Storage
Media Management Services
File Transfer
AWS
Amazon EC2
Virtual Servers in the AWS Cloud
Auto Scaling
Rule-driven scaling service for EC2
18. AWS’s Services for
Media Management
Services that help you with digital
asset management
Encoding Storage
Media Management Services
File Transfer
AWS
Amazon SWF
Simple Workflow Service
Amazon EC2
Host Digital Rights Management
and Content Management
Software
19. AWS’s Services for Web and Media Servers
Services that help run media
sites and apps and stream
media
AWS
Amazon EC2
Run your web and media server of choice
Auto Scaling
Rule-driven scaling service for EC2
Amazon Elastic Load Balancing
Virtual load balancers for EC2
Web and Media
Servers
Database
Media Distribution Services
Content Delivery Network
20. AWS’s Database Services
Scalable and Durable High
Performance Cloud Storage
Web and Media
Servers
Media Distribution Services
Content Delivery Network
Amazon DynamoDB
High Performance NoSQL Database Service
Amazon RDS
Managed Oracle, MySQL, & SQL Database Service
Amazon ElastiCache
Managed Memecached Service
Database
21. AWS’s Content Delivery Services
Services that help you
deliver and stream your
media fast
Amazon CloudFront
Global Content Delivery Service
AWS Route 53
Domain Name System Service
Web and Media
Servers
Database
Media Distribution Services
Content Delivery Network
22. AWS’s Media Distribution Services
Services that help you distribute
media
Web and Media
Servers
Database
Media Distribution Services
Content Delivery Network
AWS
Amazon EMR
Big Data Analytics Service
Amazon CloudSearch
Managed Search Service that Automatically
Scales
23. Deployment & Administration
AWS
AWS Management Console
Web-based management interface
Amazon CloudWatch
Automated monitoring & alerts
AWS Elastic Beanstalk
Java & PHP App deployment & management
AWS CloudFormation
Automated AWS resource provisioning
AWS IAM
Identity & Access Management
Encoding Storage
Media Management Services
File Transfer
Web and Media
Servers
Database
Media Publishing Services
Content Delivery Network
Deployment & Administration
26. AWS Storage Gateway
Snapshots in
Amazon S3
Your Data Center
Easily backup on-premises data to AWS
Store snapshots in Amazon S3 for backup
and disaster recovery
Simple software appliance - no changes
required to your on-premises architecture
S3
AWS Storage
Gateway
27. Amazon Simple Workflow Service
On PremisesMobileCloud
• Run application workflows and business
processes on AWS
• Manage processes across Cloud, mobile
and on-premises environments
• Use any programming language for
workflow logic
Amazon SWF
29. Amazon CloudSearch
Fully managed search service
Up and running in less than an hour
Automatically scales for data and traffic
Starting at less than $100 / month
30. Amazon EBS Provisioned IOPS
Designed to deliver within 10%
of their provisioned performance
99.9% of the time
Up to 1,000 IOPS per volume
Priced at ~$0.125 per GB-month
of provisioned storage & ~$0.10
per provisioned IOPS-month
31. High I/O Instances for EC2
Very high, low latency, disk I/O
performance using SSD-based
local instance storage
Ideal for high performance
clustered databases and NoSQL
databases like Cassandra and
MongoDB.
32. Text
• Fully managed Express,Web, Standard and
Enterprise Editions of SQL Server 2008 R2
• SQL Server (Express Edition) covered under
the free usage tier for a full year
• Elastic Beanstalk leverages the Windows
Server 2008 R2 AMI and IIS 7.5
• Deploy using AWS Toolkit for Visual Studio
SQL Server & .NET Beanstalk
SQL
Server
.NET
33. PHP & Git Deployment for AWS Beanstalk
• Run and manage existing PHP
applications with no changes to
application code
• Provides full control over the
infrastructure and the software
Elastic Load
Balancer
yourApp.elasticbeanstalk.com
Elastic Beanstalk
Amazon Linux
Apache HTTP
ServerYour App
git push
PHP
34. Amazon Glacier for Long Term Archive
• Secure and Cost effective
Offsite data archiving
• Tape Replacement for backup
and recovery
• Long term digital
preservation for historical
and digital information
36. Typical Deployment
Private Connections
Workload Migrations
Access Control Integration
Work with Existing
Management Tools
On-Premises Apps
Customer Data Centers
Cloud Apps AWS
Most enterprises will run a hybrid IT architecture
Some workloads will run on-premises
Some workloads will run in the cloud
Management & Integration is mixed
Workloads can be migrated back and forth
Hybrid
(not all or nothing)
37. Typical Use Cases
Prototyping and Development
Test and Staging
Data Warehousing and Analytics
Collaboration
DR/BCP and Data Archiving
Web Application Architectures
Media caching, streaming and delivery
Tried and True
Cloud-Ready
38. Cloud Risks, Both Old and New
1. Data Breaches
2. Data Loss
3. Account Hijacking
4. Insecure APIs
5. Denial of Service
6. Malicious Insiders
7. Abuse of Cloud Services
8. Insufficient Due
Diligence
9. Shared Technology
Issues
Source- Cloud Security Alliance
Cloud Computing
Top Threats in 2013
1. Accountability & Data Risk
2. User Identity Federation
3. Regulatory Compliance (CPNI, PCI, SOX…)
4. Business Continuity & Resiliency
5. User Privacy & Secondary Usage of Data
6. Service & Data Integration
7. Multi-tenancy & Physical Security
8. Incidence Analysis & Forensics
9. Infrastructure Security
10. Non-production Environment Exposure
Top 10 Cloud Risks
Source- OWASP
Governance
& Control
Measure, Mitigate, Accept
39. We Manage Your Cloud Technology Risks
A model of shared
control
responsibility
AWS
CSP
Customer
40. We do Active Risk Tracking and Mitigation
Example Risks
Impact
Rating
Mitigation
Type
Remediation/Best Practice
Effort
Level
No formal process to
assess, track and
report cloud
computing risks.
High People, Process
1. Develop a risk and reporting policy specific to Cloud
Computing.
2. Begin project work to prioritize and address findings and
mitigate risk to within acceptable limits.
Medium
Security configuration
drifts from approved
standards.
High Technology, Process
1. Develop a change control process and testing policy for
Cloud Computing resources.
2. Implement configuration reconciliation and change
detection capabilities across App (source and runtime), OS
and infrastructure.
Medium
Unauthorized access
to xxxx.
Critical
Technology, Process
1. Institute clear standards, reference designs and scanning
for all CNPI use cases.
2. Design and implement data protection and detection for
all xxxx associated systems and networks e.g. encryption
and exfiltration monitoring.
High
Uncontrolled use and
expense of cloud
resources.
High
Technology, Process
1. Institute policy and preventative measures to disallow
unapproved end-user provisioning of resources and new
accounts.
2. Inventory and track changes to CSP accounts and
resources with periodic billing reconciliation.
Low
41. Impact on Operations
A shifting Paradigm – need for
both control and agility at web-
scale
Almost everything is automatable,
for better or worse
Autonomy and self-service
Thoughtfully extend existing
policy, tools and techniques
Develop Cloud specific policy and
standards to fill the gaps
The blending of
development and
operations functions
42. Impact Beyond Operations
Organizational
Process
Technology
New skills and new training
Agility in project teams and management
Multiple hats and blurring of legacy
boundaries
Rethinking roles
Portal-based, self provisioning
Agility in deployments
New techniques for change management
Extending access and identity management
Automating workflows and key procedures
A/B Testing and QA
Mapping vendor software licensing
New techniques for monitoring and
response
Integrating support with the CSP
Changes in networking topologies
Backup, DR and high availability
Application and infrastructure event logging
43. Your Cloud Governance Initiative
• Ensure the IT Cloud Computing strategy is
aligned with business strategy and IT delivers
against the decided strategy.
• The risks associated with Cloud Computing are
periodically assessed, tracked and mitigated in-
line with the business strategy and overall risk
appetite of the company.
• To maximize the investment, benefits and agility
of Cloud Computing as a transformative
technology, while balancing the need for
vigilance and control throughout the platform
lifecycle.
To lay the foundation and framework for a
balanced approach to compliance, control,
and acceptance of Cloud Computing within
your organization.
Goal
Objectives
Strategic Alignment
Value Delivery
Risk Management
Performance
Measurement
44. Cloud Governance as a Process
Cloud Governance Board
Provides a unified,
centrally governed
approach for the Cloud
environment.
45. New Build Guidance Control
Domains
Governance
Asset Configuration and Management
Logical Access Control
Data Encryption
Network Configuration and Management
Security Logging, Monitoring and Incident Response
Disaster Recovery
✔
✔
✔
✔
✔
✔
✔
Measure,
Confirm &
Report
Workload
Onboarding
Process
Self-service
Restricted Data- Checklist, Templates & Reference Designs
Public Data- Checklist,
Templates & Reference Designs
46. Example Process Workflow
Workload
Onboarding
Process
Requestor
Cloud
OperationsITSecurity
Opens ticket and
declares use-case,
resource and data type
Instructs on reference
design and standard
requirements
Reviews and approves
use-case with additional
security requirements
Requests deployment
based and schedule and
test plan
Deploys resources, adds
to BAU monitoring
Scans to ensure standard
builds and adds to BAU
monitoring
Concludes UAT and
closes request
47. Next Steps
We will conduct a full risk assessment of the Cloud Computing Program.
Informed by the risk findings:
1. Finalize the Your Cloud Governance Structure and workflow
2. Complete the Policies and Standards for Cloud Computing
3. Ensure technical and process controls meet all policies and standards
4. Start POC of suitable use cases and show agreed results
48. Pressmart Media Limited
India
3rd Floor, MJR Arcade,
Khanamet, Gurukul Society,
Landmark: Near Meridian School,
Madhapur, Hyderabad - 500081, AP
T : +91 (40) 6612 4000
E : sales@pressmart.com
W : www.pressmart.com