(SEC321) Implementing Policy, Governance & Security for Enterprises

© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Kyle Falkenhagen, CSC
Erik Winebrenner, CSC
October 2015
SEC321
AWS for the Enterprise
Implementing Policy, Governance, and
Security for Enterprise Workloads

What to Expect from the Session
• Demonstrate enterprise policy, governance, and security capabilities
that support the deployment and management of enterprise and
industry applications on AWS using CSC’s Agility Platform
• Demonstrate the value of blueprinting enterprise applications and
environments
• Demonstrate secure and managed connectivity to AWS
• Present how CSC provides agile and consumption-based endpoint
security for workloads in AWS providing enterprise management and
24x7 monitoring of workload compliance, vulnerabilities, and potential
threats

The Market Is Embracing an Application-Centric, Hybrid Cloud Model
Business execs demand greater IT
agility and innovation
This is fostering greater adoption of
hybrid cloud models
71% say their
organizations need to
embrace new technology or
lose market share
47% of businesses
are making technology and
cloud decisions without getting
the IT department involved
… and sidestepping enterprise governance
controls when central IT doesn’t deliver
… and a shift to cloud platforms and
apps, not just infrastructure
Projected allocation of cloud spend
2013 – 2015
Hybrid
43% Private
25%Public
32%

Forward-Thinking IT Organizations Are Adopting Hybrid Cloud Operating
Models to Provide IT as a Service
Virtualize Automation Hybrid Clouds IT as a Service
Improve
asset
utilization and
ROI
Defer data
center build-
outs
Launch initial
private cloud
Self-service access
and on-demand
provisioning
Policy-driven
cloud
governance
Compressed
SDLC and tool
chain
automation
IaaS and PaaS
standardization
Fully
transparent and
auditable
service usage
Broadly adopt utility
cost model with
chargeback
Redundant service
options with low
switching costs
Optimize
variable-to-
fixed costs by
project
Transparent linkage
of demand,
capacity, and costs

• Accelerate AWS benefits to the enterprise, while ensuring compliance with IT
standards, governance, and security requirements
• Expand cloud service portfolios to enterprise platforms and apps (not just
IaaS), available on a self-service, on-demand basis directly to the end users that
need them
• Rapidly obtain the benefits of hybrid environments using a pay-as-you-go OPEX
model and CSC managed services, rather than attempt to build internally with scarce
skills/capital
+Amazon is the undisputed public
cloud market share leader and is
innovating faster than anyone else in
public cloud.
CSC has the market-leading cloud
management and orchestration platform
and strong expertise in enterprise
application migration to cloud.
CSC Enterprise Cloud Services For AWS
The AWS and CSC Partnership

INCLUDED:
BizCloud
BizCloud HC
INCLUDED:
Public
Clouds
Private
Clouds
Dev Test Prod
IaaS
Platforms
Apps
Store SDLC Tools
CSC Agility Platform as a Service For AWS
Manage/Govern Enterprise IT Services Across Hybrid Environments
• Pay-as-you-go model
• CSC Agility Platform provided as-a-Service
• CSC-managed services including
consolidated billing, helpdesk, and OS-
level services
• Integrated hybrid cyber-security model
• Extensible policy engine for cloud
governance
• Cloud-portable blueprints for applications
and platforms
• Additional public and private cloud
adapters available

CLOUD-PORTABLE
BLUEPRINTS
POLICY-DRIVEN
GOVERNANCE
APPLICATION RELEASE
AUTOMATION (ARA)
Put platforms and apps in
“cloud-portable blueprints.”
Embed IT standards
Use policies to automate
governance/compliance,
right sizing, right placement, etc.
Consume cloud IT services
not just from storefronts, but
directly from SDLC tooling
Accelerating Benefits Using CSC Agility Platform
Others…
BroadCloud
Support
CSC

CSC Managed Hybrid Cloud Service
The CSC Managed Hybrid Cloud service provides secure dedicated access between on-premises
infrastructure and the AWS Cloud. IT organizations easily migrate workloads and take advantage of cost
savings when allocating resources for dynamic projects. The CSC Managed Hybrid Cloud service
integrates technology from AWS, Brocade, AT&T, and Intel:
• AWS: Customers use AWS DirectConnect to establish private connectivity between AWS and data
centers, offices, or colocation environments.
• Brocade vRouter and the Brocade vADC: Provides additional secure access, reliability, advanced
networking, and application performance across on-premises infrastructure into an AWS VPC using
IPsec, vRouting, and application load balancing. Brocade leverages Data Plane Development Kit
(DPDK) to deliver performance, boosting packet processing and throughput.
• AT&T Netbond: Allows direct provisioning of 1G and 10G high-speed connections to an AWS VPC
within the AWS cloud infrastructure and global availability zones.
• Intel® Xeon® E5 processor: Enables Amazon EC2 to increase networking capabilities.

CSC Hybrid Cloud Service – A Cloud
Networking Strategy Foundation
• Low-latency, on-net, fully
redundant
• Any-to-any, instant-on
connectivity
• Eliminate data center hairpin
PERFORMANCE
• Private IP address space avoids
Internet/DDoS threats
SECURITY
• API controlled for on-demand
adds and bandwidth changes
AGILITY
• Scales dynamically with cloud
usage; elasticity creates added
pricing value
ELASTICITY
• Save as much as 60% on
networking
• Cost model aligns with cloud
usage
COST-EFFECTIVENESS
A network-enabled cloud solution with performance and security

Big Data Platform as a Service
APP 3
Flexible Deployment
OptionsPublic
Cloud
Virtual
Private Cloud
Dedicated
Cluster
Enterprise
Private Cloud
CSC Big Data Platform as a Service
APP 1
APP 2
REAL
TIMEBATCH
AD HOC
Fully Managed as a Service
Comprehensive, proactive infrastructure, and software
management eliminates the most frustrating reason open source
big data solutions fail: operational complexity.
Big Data Expertise and Experience
We have been working with Hadoop, Cassandra, and Mongo since
2011 and have implemented and managed more than 150 big data
clusters.
The Only PCI & HIPAA Compliance Certified SI Solution
CSC is the first and only solutions integrator to meet stringent PCI
and HIPAA certification standards with an open big data solution.
Integrated Audit Monitoring and Comprehensive Security
Every solution has comprehensive security activity and audit
capabilities out of the box, and can be fully configured with the
latest security features, from infrastructure to application.
Real-Time, Streaming, and In-Memory Capabilities
We have the broadest set of capabilities in the market, including
deep expertise in installing, managing, and developing big and fast
data analytics.

CSC Cybersecurity
On-Demand Workload Protection
Powered by CloudPassage

Top Challenges Facing Cloud Customers:
Why Should CSC’s Customers Care?
• Increased scrutiny and responsibility following
high-profile cloud breaches
• New regulatory demands to better protect
cloud-hosted data
• Existing regulations increasingly applied to cloud
environments
• Require consistent security across workloads in
an agile environment
• Increased criminal attention on cloud assets due
to their increased adoption
• Greater threat to intellectual property as
enterprises host off-premises
• “Need to protect my cloud workloads at same
level as my traditional systems”
• Costs growing as internal IT security
infrastructure expands
• Expanding skilled resources required to manage
security of cloud assets
OPERATIONS
ADVANCED
THREATS
RISK AND COMPLIANCE
NEXT-GEN TECHNOLOGIES
• Require visibility of all assets, regardless of
location or cloud provider
• Cloud expected to be cheaper than traditional —
in reality, security bogs down cost, eliminates
savings
• Growing risk exposure as virtual workloads
increase

SUN MON TUE WED THU FRI SAT
Hosted Intrusion Detection
(HID) Costs (7 days)
PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT
Vulnerability Mgmt. Costs
(7 days)
Tech. Compliance
(7 days)
Client Cost Implications in As-Is Model
Cost of traditional cybersecurity solution relative to overall workload cost
COST OF SECURITY
IS OVERWHELMING
PAY 100%
REGARDLESS OF USAGE
PAY FOR MULTIPLE
SECURITY CONTROLS

Self-Managed Cloud Workload Security
Company A
Public
Private
HR Payroll
HIPAA
Big Data Germany
Production
Dev/Test
Production PCI
Amazon Web Services
Traditional IT
Endpoint
Security
SIEM
Vuln.
Scanning
Payroll
HR
HIPAASales
Dev/Test
Managed
Workloads
Rogue
Systems
Security
Policies

CSC Cloud Security Services
On-Demand Workload Protection—Powered by CloudPassage
Security Information and Event Management (SIEM)
Pulse Advanced Reporting
Policy Creation, Configuration, and Management
Email-Based Alerting
Account Setup and Management
Complete Management of Cloud Workload Security
Monitored
(Optional)
Consulting
(Optional)
Managed
CSC CLOUD SECURITY SERVICES
Configuration
Security Monitoring
Software
Vulnerability
Assessment
Log-Based Intrusion
Detection
Workload Firewall
Management
System Account
Management
File Integrity
Monitoring

Meet All Critical Control Objectives
Gain visibility into enterprise and individual asset security posture
Uncover and manage vulnerabilities and configuration issues
Get immediate reports showing open issues against CIS benchmarks
Do this across an entire account or department, or by type of system
Data Protection
Compromise
Management
Operational
Automation
Visibility
Strong Access
Control
Vulnerability
Management
Ultra-
lightweight
SaaS Based
Workload-Level
Security
Micro-
segmentation
Instant On
BENEFITS
FEATURES

Consumption-Based Pricing Lowers Operating Costs
Cost of traditional cybersecurity solution relative to overall workload cost
Hosted Intrusion Detection
(HID) Costs (7 days) PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT
Vulnerability Mgmt. Costs
(7 days) PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT
Tech. Compliance
(7 days) PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT PROTECT
Customer Workload Costs
(3 days)
OFF OFF OFF WED THU FRI OFF
On-Demand Workload
Protection (3 days)
OFF OFF OFF
PROTECT PROTECT PROTECT
OFF
Customer Workload Costs
(3 days)
OFF OFF OFF WED THU FRI OFF
Cost of On-Demand Workload Protection (OWP)
ConsolidationbyOWP

CSC-Managed Cloud Workload Security with OWP
CSC Proprietary Pulse
Portal
Company A
CSC Risk Management Center (RMC)
Managed
Workloads
Rogue
Systems
Security
Policies
Public
Private
PayrollHR
Dev / Test
Germany
PCI
HIPAA
Production
Big Data Nodes

Digital Trust: Your Future State
CSC ON-DEMAND WORKLOAD
PROTECTION
Reduce cost and complexity
Enable secure adoption of
virtual technologies
Evaluate compliance with
regulatory requirements
Provide full visibility across
cloud workloads
Securely harness cloud’s flexibility
and consumption-based model
Monitor and respond to threats
24x7x365

Why CSC for On-Demand Workload Protection
Global scale
Threat intelligence
24x7 Global SOCs
1,000s of experts
CSC named a Leader in IDC MarketScape
Asia/Pacific Managed Security Services 2015
Vendor Assessment
Consumption-based pricing —
not just in technology, but for services
Enterprise-grade management
and scalability
Customer/App/Regulation-specific
policies
24x7x365 SIEM — monitoring
and investigation
Pulse Customer Portal

We Understand Cybersecurity
GLOBAL CYBERSECURITY
PROFESSIONALS
2,000+
INTEGRATED
GLOBAL RISK
MANAGEMENT
CENTERS
5+
YEARS PROVIDING
CYBERSECURITY
SERVICES
35+
GLOBAL ALLIANCE
PARTNERS PROVIDING
SECURITY EXPERTISE
15+
PUBLIC &
PRIVATE
SECTOR
EXPERTISE
Nearly 40 years of experience in delivering
secure, managed enterprise services
Successfully supporting the world’s most security-
conscious clients, including aerospace and
defense, and banking and financial institutions
worldwide
Helping 250+ clients manage risk and overcome
the most extreme threats
Integrated global Risk Management Centers
IT security experts with in-depth experience
End-to-end visibility of customer’s enterprise
governance and compliance posture
UK
Noida
Kuala
Lumpur
Sydney
Newark

CSC Proprietary Pulse Portal
 24x7x365 visibility
 Immediate access to detailed logs and
incident data
 Executive-oriented dashboard
 Performance metrics
 Simple user-querying methods
 Correlation of incident and vulnerability
data to provide enterprise-wide
“Situational Awareness”
EXAMPLE VIEWSPORTAL FEATURES

Thank You!
Stop by the CSC Booth (424)

Remember to complete
your evaluations!

Thank you!
For longer demos please visit the CSC
(Booth 424) on the expo floor

(SEC321) Implementing Policy, Governance & Security for Enterprises

(SEC321) Implementing Policy, Governance & Security for Enterprises

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente(20)

Destacado

Destacado(20)

Similar a (SEC321) Implementing Policy, Governance & Security for Enterprises

Similar a (SEC321) Implementing Policy, Governance & Security for Enterprises(20)

Más de Amazon Web Services

Más de Amazon Web Services(20)

Último

Último(20)

(SEC321) Implementing Policy, Governance & Security for Enterprises