Emerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices



Similar documents
Security Issues in Cloud Computing

Cloudy with Showers of Business Opportunities and a Good Chance of. Security. Transforming the government IT landscape through cloud technology

NIST Cloud Computing Security Reference Architecture (SP draft)

RED HAT CONTAINER STRATEGY

Cloud Computing Technology

Considerations for Adopting PaaS (Platform as a Service)

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

How To Protect Your Cloud From Attack

Private Cloud Database Consolidation with Exadata. Nitin Vengurlekar Technical Director/Cloud Evangelist

Practical Guide to Platform as a Service.

Shared Services Canada. Cloud Computing

Secure Cloud Computing

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs

Private Cloud Management

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

Before we can talk about virtualization security, we need to delineate the differences between the

Protecting the Cloud from Inside

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

Cloud Computing Training

Assessing Risks in the Cloud

Cloud Security Specialist Certification Self-Study Kit Bundle

From the Bottom to the Top: The Evolution of Application Monitoring

How To Protect Your Cloud From Attack

Cloud Computing in the Enterprise: A Question of Control.. And who has it. INF5210 Ben Eaton 12/11/2013

SaaS, PaaS & TaaS. By: Raza Usmani

When Security, Privacy and Forensics Meet in the Cloud

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc.

Modern App Architecture for the Enterprise Delivering agility, portability and control with Docker Containers as a Service (CaaS)

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

Cloud Computing A NIST Perspective & Beyond. Robert Bohn, PhD Advanced Network Technologies Division

Don't outsource IT! Bring your own Cloud with SDN

Container Clusters on OpenStack

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

John Essner, CISO Office of Information Technology State of New Jersey

The NIST Cloud Computing Program

CoIP (Cloud over IP): The Future of Hybrid Networking

Cloud Data Security. Sol Cates

CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST618 Designing and Implementing Cloud Security CAST

Cloud Computing Actionable Standards An Overview of Cloud Specifications

Effective End-to-End Cloud Security

Lecture 02b Cloud Computing II

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

Oracle Applications and Cloud Computing - Future Direction

Table of Contents. Abstract... Error! Bookmark not defined. Chapter 1... Error! Bookmark not defined. 1. Introduction... Error! Bookmark not defined.

CIO SUMMIT l LAS VEGAS

Cloud Computing. Chapter 1 Introducing Cloud Computing

SDN/Virtualization and Cloud Computing

Securing the Physical, Virtual, Cloud Continuum

Applying Business Architecture to the Cloud

Cloud Computing Standards: Overview and ITU-T positioning

PLATFORM-AS-A-SERVICE: ADOPTION, STRATEGY, PLANNING AND IMPLEMENTATION

Cisco Cloud Architecture for the Microsoft Cloud Platform

Assuring Application Security: Deploying Code that Keeps Data Safe

CLOUD ARCHITECTURE DIAGRAMS AND DEFINITIONS

Consumption IT. Michael Shepherd Business Development Manager. Cisco Public Sector May 1 st 2014

Security of Cloud Computing for the Power Grid

Dell Active System, Enabling service-centric IT, the path to the Cloud. Pavlos Kitsanelis Enterprise Solutions Lead Greece, Cyprus, Malta

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

LESSON 13 VIRTUALIZATION AND CLOUD COMPUTING

Capturing the New Frontier:

Sacha Dubois RED HAT TRENDS AND TECHNOLOGY PATH TO AN OPEN HYBRID CLOUD AND DEVELOPER AGILITY. Solution Architect Infrastructure

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

CHAPTER 8 CLOUD COMPUTING

Creating Applications in Bluemix using the Microservices Approach IBM Redbooks Solution Guide

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

IT AS A SERVICE BROKER

Bezpečnosť dát v HP Cloude

STRATEGIC WHITE PAPER. The next step in server virtualization: How containers are changing the cloud and application landscape

Fundamental Concepts and Models

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

Developing Secure Software in the Age of Advanced Persistent Threats

Application Containers

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

White Paper. Cloud Vademecum

Cloud Computing 101 Dissipating the Fog 2012/Dec/xx Grid-Interop 2012

Cloud Computing in the Enterprise An Overview. For INF 5890 IT & Management Ben Eaton 24/04/2013

Transcription:

Emerging Approaches in a -Connected Enterprise: Containers and Microservices Anil Karmel Co-Founder and CEO, C2 Labs Co-Chair, NIST Security Working Group akarmel@c2labs.com @anilkarmel

Emerging Technologies and Trends is Our Reality Evolving Models Private (IaaS) Public (SaaS, PaaS, IaaS) Hybrid is becoming the defacto norm What About Security? OPM Breach Experian Breach (T-Mobile Customers)

2013 Advanced Threat Report Courtesy of FireEye Relative to 2006, cyber crimes increased by 782%: A malware activity every 3 minutes 65% of attacks target financial services, healthcare, manufacturing and entertainment 89% of callback activities were linked with Advanced Persistent Threat (APT) tools made in China or by Chinese hacker groups

NIST Computing Reference Architecture SP500-292 Broker Broker Provider Provider Consumer Consumer Auditor Auditor Security Security Audit Audit Privacy PrivacyImpact Impact Audit Audit Performance Performance Audit Audit Orchestration Service Service Management Management Service ServiceLayer Layer SaaS SaaS Business Business Support Support PaaS PaaS Service Service Intermediation Intermediation IaaS IaaS Provisioning/ Provisioning/ Consumer Consumer Resource ResourceAbstraction Abstraction and andcontrol Control Configuration Configuration Layer Layer Physical PhysicalResource ResourceLayer Layer Hardware Hardware Portability/ Portability/ Interoperability Interoperability Facility Facility Service Service Aggregation Aggregation Service Service Arbitrage Arbitrage Carrier Carrier Cross Cutting Concerns: Security, Privacy, etc

Demystified What is a Ecosystem? Security / Control Software as a Service Platform as a Service Infrastructure as a Service

Distributed Architecture = Split Control / Responsibilities CLOUD ECOSYSTEM Clients (Browsers, Mobile Apps, etc.) CLOUD ENVIRONMENT Software as a Service (SaaS) (Application, Services) Platform as a Service (PaaS) (APIs, Pre-built components) Infrastructure as a Service (VMs, Load Balancers, DB, etc.) Physical Hardware (Servers, Storage, Networking)

What you can manage PaaS SaaS You manage IaaS Stack image source: Security Alliance specification, 2009

Organizational Challenges Modernizing IT Agility Organizations are struggling to deliver more in a fiscally and resource constrained environment Flexibility Existing IT investments are typically problematic to reconfigure or scale to meet new application demands Transparancy Difficult to quantify the cost of optimizing legacy infrastructure to support new applications

Organizational Challenges Modernizing IT, Mobile, Social, Big Data Powerful ROI story with real security challenges Mobile BYOD with Mobile Application Management result in security and privacy concerns Social Agency data inadvertently ends up on public social networks via geotagging Big Data Unstructured data unveils actionable intelligence but what about the Mosaic effect? How does you balance time to market, cost concerns, security, manageability and risk in the move to a cloud-connected enterprise?

How do we revolutionize our investments? Software-Defined IT REDEFINE CONTEXT Who is the user? What data are they trying to access? Where is the user and the data? How are they accessing the information? Context Aware IT Level of assurance of the data defines the required level of trust

Context Aware IT Data Centric Approach Understand your Data Identify and understand the value of the data in your organization Decompose Your Data Break down applications and data into building blocks Monitor Your Data Understand Risk to your Data using the Risk Management Framework for Employ Continuous Monitoring of your Systems to identify and limit the damage an adversary has to your data

Emerging Technologies and Trends Microservices and Containers Microservices Decompose Complex Applications into Small, Independent Processes communicating with each other using language-agnostic API s Highly Decoupled and Modular with services organized around capabilities (e.g. User Interface, Billing) Allows for Continuous Integration Containers Much like Virtualization abstracts the Operating System from Hardware, Containers abstracts to Applications from the Operating System Applications are isolated from other Applications on the same Operating System Allows for Portability and Scale Up/Out Security issues need to be evaluated and addressed in native container deployments

Emerging Technologies and Trends Virtual Machines vs Containers Source: Docker.com

Container Security Challenges Increased Attack Surface Containers are far more complex than VM s wherein a single Application can consist of 1000 s of microservices Underlying Linux Operating System complexities can be exploited by attackers to compromise all containers on a host OS Runtime Compromise / Vulnerabilities / Misconfiguration Secure Software Development Containers can have code pushed to them from untrusted sources Log Management Big Data Problem: How do you view and manage logs across 1000 s of containers Orchestration Infrastructure now runs as code (Puppet/Chef/Ansible) Software developers, not infrastructure staff now run the data center

Container Security Solutions Increased Attack Surface Employ MicroVM s (Just Enough VM) Monitor Containers at Runtime / Real-time scan for Vulnerabilities and Misconfiguration and Remediate Secure Software Development Whitelist/Blacklist Containers Establish a secure container registry Sign containers and code (MD5) Log Management Centralize container logs including developer actions Orchestration Employ orchestration platform to manage containers across environments (DEV,TEST,QA,PROD) and across clouds \ Insource Security / Outsource Compute

Microservices Security Challenges and Solutions Decomposition of Applications Need to decompose applications into microservices correctly so they only do one thing well, driving development of secure code Monolithic code with a 1,000 DLL's needs to be decomposed into 1,000 microservices which makes it more secure and maintainable Interface-driven development Need to have well defined REST API s to ensure microservices talk consistently to each other Containers and Microservices will power the DevOps revolution and the next bowwave of technology innovation

Thank you! Anil Karmel, CEO, C2 Labs akarmel@c2labs.com @anilkarmel

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information