2. @aschepis
adam@cloudhealthtech.com
Adam has 15+ years of experience building high-
quality, secure software for consumers and
enterprises and nearly a decade of experience
working in the security industry.
At CloudHealth Technologies, Adam focuses on
providing enterprises with an exceptional platform
for enabling governance, policies, automation, and
security in the cloud.
Who am I?
3. Who is CloudHealth Technologies?
• Deep Domain Expertise
• $86 Million in Venture Capital Raised
• 600+ Direct Customers
• 1,500+ Channel Customers through
85+ Partners
• 200+ Employees
• Headquartered in Boston, MA
• Offices located in San Francisco,
Washington DC, London, Amsterdam, Tel
Aviv, Sydney, & Singapore
4. million
1.1
99.99%
yearly platform
uptime
600
assets
PER MONTH…
$50 million in monthly
RI purchases
1.2 million policies
evaluated
365,000 emails sent
PER DAY…
14 million instances
600PB S3 usage
8TB bills processed
400,000 perspectives / groups
305,000 cubes generated
3,000 reports generated
billion
API calls
$3.8
in cloud spend
managed per year
billion
Our Management Metrics
6. • Management of resources
has been decentralized
• Growing complexity gap
necessitates new tools.
• Centralized governance has
never been more important
Decentralized management
Centralized Governance
7. Security Policies
We know the tools, BUT
• WHAT are the things I need to inspect?
• WHERE are they?
• WHO owns them?
• HOW do we ensure they are tested
frequently and monitored continuously?
• Centralized Governance Tools
- Discover surface area
- Aid in definition of attack vectors
- Help identify owners
• Policies
- Automatically discover new assets
- Continuously evaluate
8. • Identify scenarios that aren’t directly
security related but may indicate a problem
• Anomaly detection
- Types of assets being used
- Patterns of create/destroy for assets
- Network connectivity patterns (in/out)
- Disk I/O patterns
Indicators
Operation Policies
9. • Continuous Scanning for compliance to IT standards
- Tagging compliance
- Configuration changes
• security groups
• user privileges
• blob store exposure
- API key usage/rotation
• Patching
• Required software (firewalls, etc)
Keeping things in line
Compliance Policies
11. • Great security tools will detect an issue, fix it, and then tell
you what happened
• Cloud governance is no different
• Don't constantly hunting for a new needle in the haystack
- Let tools do that for you
• Automation lets you constantly monitor, remediate, and alert
You can't manage by exception
Automation
12. • Training/Certification
• Metrics driven
• KPIs include:
# of people trained
# of people AWS certified
# of workloads moved to the cloud
# of assets and cost
# of policies in compliance
Cloud Center of Excellence
13. Cloud Steward Role
• Cross-functional role
• Responsible for ongoing optimization
and governance
• Help to bring groups together to and
define and manage security
automation policies, cost, usage, and
performance across environments
• Make recommendations on capacity
planning, modeling, and forecasting
• This is the person who wakes up
every morning thinking about ways to
improve how the organization utilizes
the cloud in a secure, low-friction,
cost-effective way.
Operations
Cloud
Steward
Finance
Engineering/
IT/Ops
LOBs
14. • Complexity gap has made cloud security and governance a challenge.
• Effective governance contributes to improving overall security posture in the cloud
• Having a corporate Cloud Steward is a critical role when building out a large, efficient,
secure, dynamic cloud infrastructure.
In Summary