Cloud Security from an Orchestration Perspective: Shifting Left

Slides:



Advertisements
Similar presentations
System Center 2012 R2 Overview
Advertisements

Tom Yarmas CTO – Cloud Technologies U.S. Public Sector Cloud Computing: How to do it right!
Lower costs and improve predictability Automation Enable service owners to focus on work that adds business value Reduce error-prone manual activities.
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Automate your way to.
Robert Mahowald August 26, 2015 VP, Cloud Software, IDC
DenyAll Delivering Next-Generation Application Security to the Microsoft Azure Platform to Secure Cloud-Based and Hybrid Application Deployments MICROSOFT.
Alfresco on AWS Provisioning and deploying Alfresco solutions on Amazon Web Services.
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
Structured Container Delivery Oscar Renalias Accenture Container Lead (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)
Architecting Enterprise Workloads on AWS Mike Pfeiffer.
Clouding with Microsoft Azure
SDN & NFV Driving Additional Value into Managed Services.
Check Point vSEC STORY [Protected] Non-confidential content.
If it’s not automated, it’s broken!
READ ME FIRST Use this template to create your Partner datasheet for Azure Stack Foundation. The intent is that this document can be saved to PDF and provided.
SUSE Linux Enterprise Server for SAP Applications
Run Azure Services in your datacenter
Hybrid Management and Security
Chapter 6: Securing the Cloud
MICROSOFT AZURE ISV PROFILE: BMC SOFTWARE
Avenues International Inc.
Azure Infrastructure for SAP®
Critical Security Controls
Barracuda Networks Creates Next-Generation Security Solutions That Enable Customers to Accelerate Their Adoption of Microsoft Azure MICROSOFT AZURE APP.
Infrastructure Orchestration to Optimize Testing
Hybrid Management and Security
Microsoft Operations Management Suite Insight and Analytics
HPE Synergy.
Azure Hybrid Use Benefit Overview
Configuration Management with Azure Automation DSC
Cloud Security.
Speaker’s Name, SAP Month 00, 2017
Secure DevOps for Government in MOC
AWS. Introduction AWS launched in 2006 from the internal infrastructure that Amazon.com built to handle its online retail operations. AWS was one of the.
Let’s get Started with Your AWS Account
Azure Primed Randy Pagels Sr. Developer Technology Specialist
Your Business Opportunity
BOMGAR REMOTE SUPPORT Karl Lankford
Transforming IT Management
AWS DevOps Engineer - Professional dumps.html Exam Code Exam Name.
Where can I download Aws Devops Engineer Professional Exam Study Material - Get Updated Aws Devops Engineer Professional Braindumps Dumps4downlaod.us
2018 Amazon AWS DevOps Engineer Professional Dumps - DumpsProfessor
Why DevOps Success Depends on the Right Infrastructure.
Get Amazon AWS-DevOps-Engineer-Professional Exam Real Questions - Amazon AWS-DevOps-Engineer-Professional Dumps Realexamdumps.com
Making Information Security Manageable with GRC
Cloud Security An IaaS Story 2018 © Netskope. All rights reserved.
Healthcare Cloud Security Stack for Microsoft Azure
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Network Optimizer Optimize Your Business & Cloud Networks
IS4680 Security Auditing for Compliance
Is your deployment in pants-down mode?
AWS Boulder - Denver Meetup – January 2017
MARMIND’s New Service Delivers a Single Centralized Marketing Plan That Connects Teams, Campaigns and Outcomes by Using the Power of the Azure Platform.
Automating Security in the Cloud
Contact Center Security Strategies
Abiquo’s Hybrid Cloud Management Solution Helps Enterprises Maximise the Full Potential of the Microsoft Azure Platform MICROSOFT AZURE ISV PROFILE: ABIQUO.
AWS Cloud Computing Masaki.
Healthcare Cloud Security Stack for Microsoft Azure
Healthcare Cloud Security Stack for Microsoft Azure
Healthcare Cloud Security Stack for Microsoft Azure
JOINED AT THE HIP: DEVSECOPS AND CLOUD-BASED ASSETS
Using the Cloud App Marketplace Monitoring cloud app migrations
Single Cell’s Progenitor Powered by Microsoft Azure Improves Organisational Efficiency with Strategic Procurement, Contract Management, and Analytics MICROSOFT.
Dynamic WAN Selection Optimize Your Business & Cloud Networks
Azure Supports L7 Networking and Security Solutions to Optimize, Secure Web Applications “Microsoft Azure has enabled A10 Networks to offer virtual Application.
Healthcare Cloud Security Stack for Microsoft Azure
Healthcare Cloud Security Stack for Microsoft Azure
IT Management Services Infrastructure Services
Presentation transcript:

Cloud Security from an Orchestration Perspective: Shifting Left Jeroen van der Leer / Cheyenne Seur (ABN AMRO) Info Security Europe – CSA Summit – June 5th 2018

Introduction 1 2 3 History & Legacy Shifting Left & Orchestration Approach Jeroen van der Leer Product Development Manager ABN AMRO IT Services / I&PS Product Owner CBSP AWS 1 2 Cheyenne Seur Information Security Risk Analyst ABN AMRO CISO IT Wizard 3

History 1st workload live on AWS June 2017 “The cloud moves on” Nov 2015 AWS Enterprise Agreement Dec 2016 MT IT Decision Azure / AWS Sep 2016 TOPS2020 2013 AWS Sandboxes Feb 2017 Critical workload live on AWS Oct 2017

Not sufficiently agile Private Cloud Legacy Not sufficiently agile Slow delivery of a limited number of technologies Too many silos Building blocks delivered and approved by many API missing Legacy environments not exposed via APIs

Vision

Dutch Landscape (1)

Dutch Landscape (2)

Corporate Landscape

What is a silo? Definition:   Any management system that is unable to operate with any other system Issue: Silos do not share the goals and priorities of other departments Solution: Break down the silos by introducing DevOps or DevSecOps Of course Information Security or CISO is not a silo in most enterprises… Or is it? For instance: does Information Security have its own conferences? Actually, perhaps breaking down the silos has to be done before introducing DevOps

Silo examples – many perspectives IT as a silo Central IT is often busy keeping legacy systems running but the business is asking for agility. CISO as a silo CISO’s main focus can be Information Security and has selected tools and vendors to ensure systems are kept secure. Silos within IT Service Management would like you to place your offering in their service catalogue and deliver using their request fulfilment tool.

Shifting left What is it? Testing is performed earlier in the software development process An example: Penetration testing often takes place just before going live. What ABN AMRO has witnessed: CICD toolchains which are partially in the cloud DevOps teams want to collaborate with 3rd parties during development Chains may be distributed across multiple public clouds Challenge Connectivity requirements arise earlier, does shifting penetration testing left scale? Development such as cloud based toolchains require penetration testing to shift left as well. But does traditional delivery of such tests scale? Can it be done a different way? An example of a distributed chain is Tweadle: uses Salesforce and AWS

ABN AMRO’s Objectives for AWS PROVISIONING // DEVOPS TEAMS PROVISION OWN INFRASTRUCTURE FLEXIBLE // AVOID UNWANTED STANDARDS SECURE // COMPLIANT WITH STANDARDS FOR CLOUD RISK CONTROL API // EXPOSE ALL PLATFORM FUNCTIONALITY AS AN API AGILE // QUICKLY INTRODUCE AND ADOPT NEW AWS SERVICES Some of these objectives were not a choice ABN AMRO has a history of outsourcing with separate ADM and Infrastructure vendors (Silos!) Building an IT function to deliver public cloud to DevOps teams in a traditional way would have been expensive The only alterative: automate and orchestrate!

Automation and Orchestration Setting up a single task to run on its own. For instance: spinning up a server. Orchestration Automating a lot of things at once. For example: launching a 3-tier architecture, deploying software to it and provisioning a Web Application Firewall to monitor, filter and block traffic to it. Benefit Orchestration helps you maximize cloud investments Problem Automation and certainly Orchestration is impossible to achieve if you don’t break down the silos. Orchestration provides a single and centralized approach to provisioning resources and deploying software. What follows is efficient and more consistent repeatable deployements

Quick Summary ORCHESTRATION // TO MAXIMIZE CLOUD INVESTMENTS SHIFTING LEFT // TESTING TAKES PLACE EARLIER IN THE DEV LIFECYCLE SILOS // DEVOPS AND BREAKING DOWN SILOS GO HAND IN HAND Some of these objectives were not a choice ABN AMRO has a history of outsourcing with separate ADM and Infrastructure vendors (Silos!) Building an IT function to deliver public cloud to DevOps teams in a traditional way would have been expensive The only alterative: automate and orchestrate!

Standards for Cloud Risk Control Control routing path and monitor outbound traffic from CSP Private to CSP Public. Access will be managed based on patterns Control routing path and monitor traffic from CSP Public to AAB on-premises networks Allow only desired network protocols from Internet No direct inbound traffic from CSP Public and Internet (Perimeter Defense) Secure web publishing is handled by application, virtual appliance or cloud service Connectivity controls on AAB public end-point level Only ABN AMRO approved & authorized services can be deployed Periodic credential based vulnerability scanning Data Leakage must be prevented IAM on all accounts and resources Owner/cost tagging for all resources Platform Audit Logs & Platform Security Monitoring Monitor and assess updated CSP Service Terms and Audit Reports Virus/Malware protection Update 1.2: Flex-Zone is used to address the ‘playground’ environment, the old term ‘sandbox’ could easily be confused with a highly regulated and secured environment (https://en.wikipedia.org/wiki/Sandbox_(computer_security)) Update 1.2: Control A7 and S16 where introduced

Measureable Standards & Guidelines Standards for Cloud Risk Control F5 : Virus/Malware protection must be present CBSP AWS Standard for Amazon EC2 EC2_025: Ensure XXXXXXXXXX agent is installed and policy assigned Standards for Cloud Risk Control S13: Connectivity controls on AAB public end-point level CBSP AWS Standard for Amazon S3 S3_012: S3 buckets must XXXXXXXXXXXX Standards for Cloud Risk Control A8: Applications with availability ratings of 1 must be actively monitored for DDoS attacks CBSP Standard XXX_002: Create AWS CloudWatch alarm for XXXXXXXXXXXXXX ABN AMRO leverages AWS Config for this

Compliance Dashboard in Splunk

ABN AMRO’s Objectives for AWS PROVISIONING // DEVOPS TEAMS PROVISION OWN INFRASTRUCTURE FLEXIBLE // AVOID UNWANTED STANDARDS SECURE // COMPLIANT WITH STANDARDS FOR CLOUD RISK CONTROL API // EXPOSE ALL PLATFORM FUNCTIONALITY AS AN API AGILE // QUICKLY INTRODUCE AND ADOPT NEW AWS SERVICES Effectively we are delivering on all our objectives We’ve done this by breaking down silos which has enabled DevOps. IT, CISO and Business objectives have become aligned. The fact that IT and CISO stand here today is proof of that (the business has paid for our trip which is proof they’re aligned too!) DevOps teams are able to orchestrate their entire IT landscape using a native API which has significantly improved agility without a tradeoff to Security

Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.