Date post: | 16-Apr-2017 |
Category: |
Technology |
Upload: | amazon-web-services |
View: | 5,621 times |
Download: | 3 times |
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Joan Pepin, VP of Security/CISO
October 2015
SEC202
If You Build It, They Will ComeBest Practices for Building Secure
Services in the Cloud
Who Am I?
• VP of Security/CISO for Sumo Logic
• More than 17 years experience establishing
policy management, security metrics, and
incident response initiatives
• Inventor of SecureWorks’ Anomaly
Detection Engine
• Experience in healthcare, manufacturing,
defense, ISPs, and MSPs
What to Expect from This Session
• Drivers for leveraging cloud architectures
• Foundational principles to guide design strategy
• The Defense in Depth approach
• Best practices
• Q&A
Consider This…
20% of applications are built
on cloud-friendly architectures
and are ready for cloud.
Source: Right Scale
By 2018, 59% of the total cloud
workloads will be SaaS
workloads, up from 41% in 2013.
Source: Cisco
Cloud IT infrastructure spending
will reach $54.6 billion by
2019 accounting for 46.5% of the
total spending on IT infrastructure.
Source: IDC
Design Principles for Cloud Architectures
Less Is More
• Simplicity of design, APIs, interfaces, and data flow all help lead to a secure and scalable system.
Automate
• Think of your infrastructure as code based—it’s a game changer.
• Test, do rapid prototyping, and implement fully automated, API-driven deployment methods.
Do the Right Thing
• Design in-code reuse and centralize configuration information to keep attack surface to a minimum.
• Sanitize and encrypt it.
• Don’t trust client-side verification; enforce everything at every layer.
The Defense in Depth Approach
Elastic Load Balancing
Internet of Things
API
UI
Rec
AdminAmazon DynamoDB
POD
HOP BOX
VPN
SSH
VAULT
Amazon S3
1,500 Instances
The Defense in Depth Approach
Servers
API
UI
AdminDynamoDB
S3
POD
HOP BOX
1,500 Instances
SSH
VAULT
POD
APM
SEIM
AWS
SEC.
GROUP
IDS FIM.FW. SRU
APLOGS
OIS SSMRec
ELB
VPN
The Defense in Depth Approach
Servers
API
UI
AdminDynamoDB
S3
POD
HOP BOX
SSH
VAULT
RAW META
KEK
KEKEK
OPS
KEKEK
MGMT
1,500 Instances
Rec
ELB
VPN
Defense in Depth Key Takeaways
• Defense in Depth. Everything. All the time.
• Achieve scale by running the POD model.
• Use best-of-breed security stack (IDS, FIM, Log Mgt.,
Host Firewall).
• Automate a complete security stack.
Final Takeaways
The world is no longer flat…
Centralize your security design in your code base
All things are possible with automation
Simplicity leads to better security
Come visit Sumo Logic at booth #200 to learn how to master
your data and see live demos.
Twitter: @sumologic