delivering policy & trust to the hybrid cloud
TRANSCRIPT
A Tale of “4” Worlds
• Non-Existant
• Manual and Disconnected
• Semi-Automated, with Loose or No Enforcement
• Security Focused Only - The world on NO!
What it should look like• Systemic - Complete - Pervasive
• Enforceable
• Changeable - Adaptable - Pluggable
• Understandable - Approachable
• Auditable
- Do you Trust?
• Your systems? YES!
• Your processes? YES!
• Your people? Uh.. NO.. (But we don’t care)
Complexity - Dawn of MicroServices
• Want to build faster? Build LESS!
• Services will WIN the Hybrid CLOUD!
• Systems will NEVER be simpler than TODAY!
Things Will Never Be Simpler Than Today
+
Data: Always growing and changing (44X in 2020 from 2014 level)
API’s: We are living in the “API Economy” — constantly growing, constantly evolving
Services: Always growing and adding new capabilities
+
24
Delivering Policy and Trust for the Hybrid Cloud
27
Connecting all clouds, with a single,
policy-driven system
This could be complex
• RBAC vs ABAC vs ACL/DAC
• XACML vs Datalog
• PCI, SOX, HIPPA, ISO 27001, FISMA
Simplified System Datamodel
• Packages (bag of bits) • What’s allowed? How do we find vulnerabilities?
• Jobs -> Instances • CPU, Memory, Disk, Network?, Placement
• Links -> Channels • Access, QoS, SLAs
Also Needed• Additional Realms
• Identity, Authorization, Audit, etc • Policy itself - the system turing test
• Simple Policy Language
• Namespaces
The Policy World Today• People and Paper based
• BMC, CA, IBM • Legacy
• OpenStack Congress • OpenStack centric in a Hybrid World
A single, policy-driven, system — a connective fabric — that sits above all clouds, private and public
Purpose built for the Hybrid Cloud
Reduces complexity and invites change, all while enabling enterprise-wide governance and maximum
agility
“System of Trust”
The Right Approach to Policy