“ for a moment, i had a feeling of total security. then someone said cloud! “

“ For A Moment, I Had A Feeling Of Total Security. Then Someone Said Cloud! “

2 | © 2015 CloudPassage Confidential

IT Security –The Missing Piece in IT ReplatformingSteve OpferEnterprise Sales Directorsopfer@cloudpassage.com

3 | © 2015 CloudPassage Confidential

IT Replatforming – Next Gen, Gen 3, …

4 | © 2015 CloudPassage Confidential

What’s Driving IT Replatforming?• New Features = New Revenue

• The Business wants new features faster than ever

IT has Responded◦ Virtualization◦ Self Service

Development has Responded◦ DevOps◦ Rapid Releases◦ Cloud Test & QA

Security has [Not] Responded◦ Current tools built for Gen 2 data center◦ In many cases, asking for things to Slow down◦ In other cases, pushed aside in acceptance of Risk

Provisioning – Weeks to Minutes

Release Cycle – Quarters to Days

Change Breaks Security

5 | © 2015 CloudPassage Confidential

LegacyTraditional

Data Center

Bare Metal

Basic Virtualization

Basic Virtualization

6 | © 2015 CloudPassage Confidential

Modern

UCS Director

7 | © 2015 CloudPassage Confidential

Modern

UCS Director

8 | © 2015 CloudPassage Confidential

Modern

UCS Director

9 | © 2015 CloudPassage Confidential

Legacy Modern

Seeks control to avoid risk

Waterfall approach

Low rate of change

Data centers / colo

Approval-driven

Stringent change control

Network-centric security

IT focused (less customer-centric)

More centralized IT operations

Embraces risk to gain agility

Fast-iteration approach

High rate of change

SDDC / cloud

Learning-driven

Little or no change control

System & app-centric security

Business focused (closer to customer)

More distributed IT operations

Legacy Modern

Security Must: Embrace Both Legacy and Modern IT

10 | © 2015 CloudPassage Confidential

ModernLegacy

Experiments

Innovation

GreenfieldApplications

Any NewApplication

Low-Risk Migrations

High-RiskMigrations

Core BusinessApplications

“BUSINESS AS USUAL”

Last LegacyProject

IT Replatforming

11 | © 2015 CloudPassage Confidential

ModernLegacy

New Security Tool Research

Experiments with Public Security

Securing DevOps

Full IT SecurityReplatforming

Securing Low-Risk Apps

Trusting Security to Protect your

High-Risk Apps Wherever they Reside

Network Security “BUSINESS AS USUAL”

Server Security for Critical Apps

IT Security Replatforming

12 | © 2015 CloudPassage Confidential

J DF M A M J J A S O N

Analysis and design Coding & implementation Quality testing Staging and release

R1

Legacy Application Development (traditional waterfall)

13 | © 2015 CloudPassage Confidential

Quality testing

Staging and release

J DF M A M J J A S O N

Analysis and design

Coding and implementation

R1 R12R11R10R2 R3 R4 R5 R6 R7 R8 R9

Modern Application Development (agile / iterative)

14 | © 2015 CloudPassage Confidential

Quality testing

Staging and release

J DF M A M J J A S O N

Analysis and design

Coding and implementation

R1 R12R11R10R2 R3 R4 R5 R6 R7 R8 R9

Modern Application Development (agile / iterative)

App 1

App 2

App 3

App 4

App n

15 | © 2015 CloudPassage Confidential

Core security policies already implemented, regardless of environment

Security unit-testing cases required, or code is rejected (yes, really)

Code & infrastructure policies ensured using DevOps-style automation

Staging smoke tests include automated pen-testing, vulnerability assessment, policy validation, security baselines (against gold master)

J DF M A M J J A S O N

R1 R12R11R10R2 R3 R4 R5 R6 R7 R8 R9

Weaving Security & Compliance into Modern AppDev / Devops

All of this feeds into SIEM and GRC tools

Quality testing

Staging and release

Analysis and design

Coding and implementation

16 | © 2015 CloudPassage Confidential

• Everything “behind the firewall”• Complete visibility & control• Fewer changes at slower pace• IT largely calls the shots• Natural physical segmentation• More controlled, paced cadence

Legacy Modern• Assets are everywhere• Inconsistent visibility & control• More & faster changes (by OOM)• Business units run their own IT• Physical constructs are gone (portability)• As-fast-as-automation-allows

You Need Security That Embraces Both Modern and Legacy IT

17 | © 2015 CloudPassage Confidential

8 Keys To Securing The Transformation of IT

1. Built directly into core environments

2. Security that operates anywhere

3. Context-aware operation

4. Orchestration of many functions

5. Deep automation of each function

6. Instant and long-term scalability

7. Alignment with DevOps models

8. API-based integration capabilities

This is the most profound IT transformation you’re likely to see in your career… make it count!

18 | © 2015 CloudPassage Confidential

www.cloudpassage.com

Questions or more importantly Thoughts/Comments?