SlideShare a Scribd company logo

Migrating Critical Applications to the Cloud - isaca seattle - sanitized

UnifyCloud
UnifyCloud

The magnitude of the migration effort to the Cloud, the complexity of both customized apps and Cloud environments, and the requirement for ongoing app-level monitoring suggests the need for what Gartner calls a “programmable security infrastructure capable of supporting security policy ‘toolchains’.”

Internet
1 of 30
Download to read offline
© UnifyCloud LLC All rights reserved Norm Barber, Managing Director UnifyCloud LLC February 2015 Migrating Applications To The Cloud Security and Compliance Considerations 1
© UnifyCloud LLC All rights reserved 2 • 35-year veteran of the IT industry starting as an IT Director in traditional IT organizations. • Participated in the transition from distributed processing through client-server to the use of Cloud and mobile. • Last 15 years focused on Security, Identity & Access Management (S/IAM), and IT Risk Management. • Currently, Managing Director at UnifyCloud LLC, a Cloud-focused consultancy specializing in S/IAM controls. • Previously, held management positions with PwC, KPMG, Andersen Worldwide (Partner and Global Services Director for the Security & Privacy practice) and Protiviti (Founding Managing Director and Identity Practice Lead). • Microsoft’s Strategic Security Advisor for the US Financial Services sector and Principal Program Manager for the Customer & Partner Engineering Group within the Azure Identity & Security Services Division. • Held CISSP and CISM certifications and served on the Technology Committee of the Institute of Internal Auditors. • Member of the Cloud Security Alliance (CSA), the Information Systems Audit and Control Association (ISACA), the Information Systems Security Association (ISSA), InfraGard (the private sector and FBI partnership), and U.S. Secret Service Electronic Crimes Task Force. Speaker: Norm Barber Managing Director, UnifyCloud LLC
© UnifyCloud LLC All rights reserved 3 15-year journey…the Security threat landscape… Key Threats • Melissa (1999), Love Letter (2000) • Mainly leveraging social engineering Key Threats • Code Red and Nimda (2001), Blaster (2003), Slammer (2003) • 9/11 • Mainly exploiting buffer overflows • Script kiddies • Time from patch to exploit: Several weeks Key Threats • Zotob (2005) • Attacks «moving up the stack» (Summer of Office 0-day) • Rootkits • Exploitation of Buffer Overflows • Script Kiddies • Raise of Phishing • User running as Admin Key Threats • Organized Crime • Botnets • Identity Theft • Conficker (2008) • Time from patch to exploit: a few days Key Threats • Organized Crime, potential state actors • Sophisticated Targeted Attacks • Operation Aurora (2009) • Stuxnet (2010) 2001 2004 2007 2009 2012 Key Threats • Nation-state attacks; Sony is not an anomaly • Kinetic Attacks; the Internet of Things (IoT) • Technology innovations that outpace security • Data on user-owned mobile devices 2015 Key IT Risks • Security • Confidentiality • Reliability • Availability Key IT Risks • Security • Confidentiality • Reliability • Availability • Stability • Speed
© UnifyCloud LLC All rights reserved 4 New IT all up risks for the Cloud-era… Cloud Feature PMs - “Start me up!” Stability of Cloud platforms Stability [stuh-bil-i-tee] noun 1. continuance without change; permanence. 2. resistance to change, especially sudden change
© UnifyCloud LLC All rights reserved 5 New IT all up risks for the Cloud-era… CIOs - “Must go faster!” Speed of Cloud adoption Speed [speed] noun 1. relative rapidity in moving, going, etc.; rate of motion or progress. 2. full, maximum, or optimum rate of motion.
© UnifyCloud LLC All rights reserved Our Mission is to help our clients deal with the speed of Cloud adoption and the utilization of ever-evolving Cloud-based services. We focus on the implementation of effective Enterprise-grade S/IAM* controls, creation of Cloud app-development Best Practices, and the migration of apps to the Cloud. The capabilities we deliver are: • Native in a CSV’s IaaS / PaaS platforms • Configurable by the subscriber • Provided by a 3rd party Cloud service (as needed) • Delivered by migration / compliance tools UnifyCloud’s Mission * Security and Identity & Access Management
© UnifyCloud LLC All rights reserved 7 • Four Premises associated with Cloud adoption; • Using technology to address the challenges of these Premises; and • A case study on lighting up this “toolchain” technology. Key Takeaway: Discussion Areas: The magnitude of the migration effort to the Cloud, the complexity of both customized apps and Cloud environments, and the requirement for ongoing app-level monitoring suggests the need for what Gartner calls a “programmable security infrastructure capable of supporting security policy ‘toolchains’.”
© UnifyCloud LLC All rights reserved Infrastructure as a Service (IaaS) - The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying Cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls). 8 Premise #1: Cloud adoption is accelerating around PaaS… Platform as a Service (PaaS) — The capability provided to the consumer is to deploy onto the Cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying Cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. Examples: NIST Special Publication 800-145 • Application Development, Data, Workflow, etc. • Security Services (Single Sign-On, Authentication, etc.) • Database Management • Directory Services
© UnifyCloud LLC All rights reserved 9 • Gartner considers PaaS as “Transformational” over the next 2 to 5 years (as of July 2014). • PaaS is more than a collection of outsourced infrastructure services that can support legacy apps tweaked for the Cloud. • PaaS can provide the building blocks for innovative, new scenarios. Beyond IaaS, PaaS will unleash creativity in rethinking scenarios… Source: Microsoft
© UnifyCloud LLC All rights reserved 10 Premise #2: Adopting DevOps is happening concurrently… How soon? Gartner indicates: “By 2015, 20% of enterprise IT departments that have adopted DevOps principles will extend this vision to incorporate information security up from 2% at year end 2011.” “When every deployment is done differently, every production environment is a different snowflake. When this occurs, no mastery is ever built in the organization in procedures or configurations.” Gene Kim; The Top 11 Things You Need To Know About DevOps “…for core components that make up a delivery pipeline, each of the components need to be available as a service, in order to provide a complete ‘DevOps on PaaS’ solution,” DevOps.com
© UnifyCloud LLC All rights reserved 11 DevOps in the Cloud impacts Security processes as well… Gartner Recommendations • DevOps teams need to evolve into integrated DevOpsSec teams, with security personnel recognized as critical peer members. • Develop a simplified framework for security policies and processes that complements the agile foundation of DevOps, yet still provides the necessary protection of key enterprise assets. • Invest in programmable security infrastructure capable of supporting security policy "toolchains," which facilitates speed through automation and flexibility via open APIs. “DevOps cannot be successful if security is not an integral part of the vision. We believe a combined philosophy of “DevOpsSec” will become a critical capability for IT departments embracing Cloud operating models to improve security, lower costs, securely embrace new business requirements and protect from advanced threats.” DevOpsSec: Creating the Agile Triangle; Gartner
© UnifyCloud LLC All rights reserved 12 Premise #3: IT Risk Management is evolving along with the Cloud… “…by understanding what Cloud is and what it is not and by asking a few key questions of management teams, boards can gain that confidence—in management plans and strategic goals, as well as in the decisions made in response to those plans.” “The potential benefits of Cloud services can be enticing, but with reward comes risk. The enterprise must decide whether the potential risk is within acceptable limits.” Source: ISACA Source: Cloud Security Alliance: SecaaS Model “Current and potential Cloud customers must avoid the trap of ‘Cloud complacency’: assuming that anything that's as easy to use a Cloud-based service must automatically be secure and reliable. All IT decision makers need to be aware of the degree to which Cloud-using organizations must be responsible for their own security destiny.” Gartner: Hype Cycle for Cloud Security, 2014
© UnifyCloud LLC All rights reserved 13 • Greater dependency on third parties: ▫ Increased vulnerabilities in external interfaces ▫ Increased risk in aggregated data centers ▫ Immaturity of the service providers with the potential for service provider ongoing concern issues ▫ Increased reliance on independent assurance processes • Increased complexity of compliance with laws and regulations: ▫ Greater magnitude of privacy risk ▫ Transborder flow of personally identifiable information (PII) ▫ Affecting contractual compliance • Reliance on the Internet as the primary conduit to the enterprise’s data introduces: ▫ Security issues with a public environment ▫ Availability issues of Internet connectivity • Due to the dynamic nature of cloud computing: ▫ The location of the processing facility may change according to load balancing ▫ The processing facility may be located across international boundaries ▫ Operating facilities may be shared with competitors ▫ Legal issues (liability, ownership, etc.) relating to differing laws in hosting countries may put data at risk” “Additional Cloud risk has the following main components…”
© UnifyCloud LLC All rights reserved 14 At the end of the day, your Board expects you’ll own IT risk all up… Source: Microsoft “Ensuring systems are secure and risk is managed is challenging in any environment and even more daunting with Cloud computing… A risk management program should also be in place that is flexible enough to deal with the continuously evolving and shifting risk landscape.” NIST: Guidelines on Security and Privacy in Public Cloud Computing
© UnifyCloud LLC All rights reserved 15 Cloud “shared responsibility” models need to be understood… Source: MicrosoftSource: Amazon Web Services
© UnifyCloud LLC All rights reserved • Implementing interconnectivity between Cloud and on-premises resources. • Security Development Lifecycle for applications. • Application QA prior to moving to Cloud production. • Monitoring the security of applications. • Reviewing and applying public security and patch updates (IaaS). • Reporting the incidents and alerts specific to systems and subscriptions. • Support timely responses with Cloud platform. • Implementing redundant systems for hot-failover. • Controls over account / subscription IDs and passwords and access to applications. • Compliance with applicable laws/regulations. • Determining and implementing encryption for data. • Securing certificates used to access applications. • Selection of access mechanism for data. • Determining the Services configurations. • Backup of data to local / Cloud storage. • Protection of the secrets associated with accounts. 16 Controls and reporting as well as configuration oversight excluded from a CSV platform SOC report What “managed by customer” means (from a typical SOC* report)… * AICPA Service Organization Control (SOC) Reports (Type I and Type II) formerly Statement on Auditing Standards No. 70: Service Organizations (SAS 70)
© UnifyCloud LLC All rights reserved 1. What are the Enterprise standards for PaaS and app-level settings based on Cloud S/IAM policies and best practices? 2. How do we know if LOB apps, once re-factored, or built from the ground up, will be in compliance once deployed? 3. As Cloud environments are evolved by CSVs, apps are enhanced by developers, and/or controls are updated due to emerging threats, how will compliance “drift” be monitored, reported and remediated quickly? 17 Premise #4: Moving apps to the Cloud is not once and done… Application Services Compute Data Services Networks Hi, I am Rudy, a Dev, and I need to migrate a group of apps and spin up a set of PaaS Services. I am NOT a Infrastructure guy, though. CDN Integration HPC Analytics Caching Identity Service bus Media Virtual machines websites Cloud services Mobile services SQL database HD insight Tables Blob storage Connections Virtual network Traffic manager Name resolution Integration Analytics Identity Virtual machines Cloud services SQL database HD insight Connections Virtual network Azure Services…Source: Microsoft
© UnifyCloud LLC All rights reserved 18 Moving apps to “the Cloud” can seem straightforward…. • Discover & Assess – Create an inventory of applications and workloads that are candidates for Cloud - SaaS (replace), IaaS (lift and shift), PaaS (refactor / rebuild). Sort out the “noise” (agents, drivers, hot fixes). Use criteria such as infrastructure, architecture (32- vs. 64-bit), data compliance requirements, hardware dependency, software EOS, and mission criticality (BCDR). • Target & Migrate – Determine those apps that have potential SaaS alternatives, that need to be encapsulated to run on IaaS, or can be moved to a more long-term PaaS environment. For PaaS- bound apps, determine the specific PaaS services (Compute, Storage, Network) required, validate at the code level what remediation is required, remediate and test against PaaS standards. Use this same process to validate app readiness for PaaS on new apps developed in the Cloud. • Monitor & Report – Using a baseline of Enterprise standards for S/IAM and Cloud best practices, monitor and report on app compliance as PaaS environments evolve, apps are changed, and Enterprise standards are updated. Rinse and repeat. Monitor & Report 3Target & Migrate 2Discover & Assess 1
© UnifyCloud LLC All rights reserved Once moved, apps running on PaaS will experience “drift”… Main reasons for Drift: • Devs responsible for LOB apps may: ▫ Not have understood fully the S/IAM requirements in the first place, ▫ Find guidance too complex to digest, and/or ▫ Not have the time / skills to make appropriate changes to meet baseline S/IAM requirements; • Aggressive, VM-centric, migrations may have swept up LOB apps on those targeted VMs not fully configured or tested for compliance against a S/IAM controls baseline; • Even with diligence on the part of Devs, over time PaaS environments will evolve as will the associated S/IAM Cloud controls baseline, often in six-month cycles; and • Manually certifying LOB apps against an ever-evolving S/IAM baseline, will be a time sink and raise questions about thoroughness and accuracy.
© UnifyCloud LLC All rights reserved 20 Cloud evolution, enhancements and change are inevitable… Traditional On-Premises Server Migration 6 months Cloud Services Adoption, Provisioning and Deployment Cloud Feature PMs - “Start me up!” 6 months 6 months When “Drift” is unmanaged
© UnifyCloud LLC All rights reserved 21 1. Cloud adoption is accelerating around PaaS… 2. Adopting DevOps is happening concurrently… 3. IT Risk Management is evolving along with the Cloud… 4. Moving apps to the Cloud is not once and done… These four Premises argue for technology as a way to cope… Technology that can provide both guidance and governance while evolving at Cloud-speed as platforms evolve, apps change, and IT Risk Management / threat models adapt. This technology should have four components: App Cloud Readiness Assessment, Remediation, and Test Compliance Monitoring and Reporting Controls & Settings Knowledgebase / RepositoryApp Discovery and Migration Target Assessment
© UnifyCloud LLC All rights reserved Tooling to support the app migration roadmap to PaaS… 22 AzureMonitor™AzureValidator™ AzureNavigator™ AzureAssessor™ Monitor & Report 3Target & Migrate 2Discover & Assess 1
© UnifyCloud LLC All rights reserved Migrating Applications To The Cloud 23 Case Study
© UnifyCloud LLC All rights reserved 24 Client’s charter: Create a Dev-centric, self-service solution to… • Move LBI and MBI LOB apps* to Azure PaaS in an efficient and highly leveraged way (i.e., is NOT dependent only on development resources); • Assure those moved LOB apps are compliant with our S/IAM controls and preferred Enterprise PaaS settings in the first place; • Allow for the evolution of S/IAM controls and PaaS settings so that the baseline for migration and operations are consistent; and • Monitor LoB app compliance over time providing for fast and efficient remediation when the inevitable “drift” happens. *Data Classification: Low Business Impact (LBI) and Medium Business Impact (MBI)
© UnifyCloud LLC All rights reserved 25 App assessment was detailed and prescriptive… Typical app patterns • Web-based • Websites • Mobile • 30+ Azure Services • >200 Data Points • >300 Settings
© UnifyCloud LLC All rights reserved 26 Included the “As Is” app architecture… as well as the “To-Be”…
© UnifyCloud LLC All rights reserved 27
© UnifyCloud LLC All rights reserved 28 • Understand the unique End of Service risks associated with Windows Server 2003 (7/15) and SQL Server 2005 (4/16) regarding applications built on those platforms: ▫ Upgrade applications to run on-premises on Windows / SQL with more current versions; ▫ Retire older applications and look for SaaS solutions as replacements; ▫ Encapsulate the older, unsupported applications and “lift and shift” to IaaS; and ▫ Refactor / rebuild mission critical applications into “modern applications” to run on PaaS. • Understand the importance of Security, Identity Management and Compliance all-up in a Hybrid IT environment. A CSV’s SOC report (or other risk assessment) is necessary, but not sufficient; • Prepare to operate your IT Risk Management program at “Cloud Speed”. Recognize that threats, platform features, and modern apps will constantly evolve and you must manage “drift”; and • Evaluate risk management tools that have been designed to operate in the Cloud and take into consideration the ever changing nature of Hybrid IT and its frequently updated IT control structure. IT Risk Management Professionals Call To Action
© UnifyCloud LLC All rights reserved 29 Summary: • Four challenges can make migration slow, tedious and complex: ▫ Cloud adoption is accelerating around PaaS… ▫ Adopting DevOps is happening concurrently… ▫ IT Risk Management is evolving along with the Cloud… ▫ Migrating apps to the Cloud is not once and done… • Technology can address these challenges. • UnifyCloud LLC has developed this technology.
© UnifyCloud LLC All rights reserved Migrating Applications To The Cloud 30 Questions? Norm Barber, Managing Director normb@unifycloud.com

Recommended

Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
4.5.cloud security
4.5.cloud security4.5.cloud security
4.5.cloud securityDrRajapraveenkN
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersGokul Alex
 
Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityNetIQ
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewPeter HJ van Eijk
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 

Recommended

Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
4.5.cloud security
4.5.cloud security4.5.cloud security
4.5.cloud securityDrRajapraveenkN
 
Cloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersCloud Security - Emerging Facets and Frontiers
Cloud Security - Emerging Facets and FrontiersGokul Alex
 
Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityNetIQ
 
CCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewCCSK Certificate of Cloud Computing Knowledge - overview
CCSK Certificate of Cloud Computing Knowledge - overviewPeter HJ van Eijk
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Dell World
 
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK CertificationGetting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK CertificationITpreneurs
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJNIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJSherry Jones
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter PresentationCloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter PresentationVenkateswar Reddy Melachervu
 
Cloud security
Cloud securityCloud security
Cloud securityBikashPokharel3
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudCloudHesive
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Cloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedCloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedPorticor - The Cloud Security Experts
 
Industrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity StandardIndustrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity StandardGerardo Pardo-Castellote
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 
Cloud security
Cloud securityCloud security
Cloud securityTushar Kayande
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...TheAnfieldGroup
 
Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloudJulian Knight
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
 
Case Study_Non-Traditional Security Threats and Global Governance
Case Study_Non-Traditional Security Threats and Global Governance Case Study_Non-Traditional Security Threats and Global Governance
Case Study_Non-Traditional Security Threats and Global Governance Mohammad Naeem Shinwari
 
Resume
ResumeResume
ResumeGabriela Signori
 
в.и.намятова
в.и.намятовав.и.намятова
в.и.намятоваsanat1
 

More Related Content

What's hot

Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Dell World
 
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK CertificationGetting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK CertificationITpreneurs
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJNIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJSherry Jones
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter PresentationCloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter PresentationVenkateswar Reddy Melachervu
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudCloudHesive
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...TheAnfieldGroup
 
Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloudJulian Knight
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
 

What's hot (19)

Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
 
Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption
 
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK CertificationGetting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
 
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJNIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
 
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter PresentationCloud Computing and Security - ISACA Hyderabad Chapter Presentation
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
 
Cloud security
Cloud securityCloud security
Cloud security
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
Cloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption ExplainedCloud Security & Cloud Encryption Explained
Cloud Security & Cloud Encryption Explained
 
Industrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity StandardIndustrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity Standard
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
 
Cloud security
Cloud securityCloud security
Cloud security
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
 
Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloud
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
 

Viewers also liked

Case Study_Non-Traditional Security Threats and Global Governance
Case Study_Non-Traditional Security Threats and Global Governance Case Study_Non-Traditional Security Threats and Global Governance
Case Study_Non-Traditional Security Threats and Global Governance Mohammad Naeem Shinwari
 
в.и.намятова
в.и.намятовав.и.намятова
в.и.намятоваsanat1
 
Boredom-Triggered Proactive Recommendations
Boredom-Triggered Proactive RecommendationsBoredom-Triggered Proactive Recommendations
Boredom-Triggered Proactive RecommendationsMartin Pielot
 
Integrare WordPress e MailChimp
Integrare WordPress e MailChimpIntegrare WordPress e MailChimp
Integrare WordPress e MailChimpCristiano Ferrari
 
K8s meetup containerized_cloud_foundry
K8s meetup containerized_cloud_foundryK8s meetup containerized_cloud_foundry
K8s meetup containerized_cloud_foundryJUNICHI YOSHISE
 
The prelude by wordsworth
The prelude by wordsworthThe prelude by wordsworth
The prelude by wordsworthmrhoward12
 
Contratación digital. semana del seguro 2016
Contratación digital. semana del seguro 2016Contratación digital. semana del seguro 2016
Contratación digital. semana del seguro 2016Luis Carlos Tristán
 
Transformadores Parte I. Aspectos constructivos. Principio de funcionamiento
Transformadores Parte I. Aspectos constructivos. Principio de funcionamientoTransformadores Parte I. Aspectos constructivos. Principio de funcionamiento
Transformadores Parte I. Aspectos constructivos. Principio de funcionamientoUniversidad Nacional de Loja
 
L’écriture avec la tablette tactile : quels usages ? Quels processus ? Quelle...
L’écriture avec la tablette tactile : quels usages ? Quels processus ? Quelle...L’écriture avec la tablette tactile : quels usages ? Quels processus ? Quelle...
L’écriture avec la tablette tactile : quels usages ? Quels processus ? Quelle...Aurélien Fiévez
 

Viewers also liked (12)

Case Study_Non-Traditional Security Threats and Global Governance
Case Study_Non-Traditional Security Threats and Global Governance Case Study_Non-Traditional Security Threats and Global Governance
Case Study_Non-Traditional Security Threats and Global Governance
 
Resume
ResumeResume
Resume
 
в.и.намятова
в.и.намятовав.и.намятова
в.и.намятова
 
Boredom-Triggered Proactive Recommendations
Boredom-Triggered Proactive RecommendationsBoredom-Triggered Proactive Recommendations
Boredom-Triggered Proactive Recommendations
 
Integrare WordPress e MailChimp
Integrare WordPress e MailChimpIntegrare WordPress e MailChimp
Integrare WordPress e MailChimp
 
K8s meetup containerized_cloud_foundry
K8s meetup containerized_cloud_foundryK8s meetup containerized_cloud_foundry
K8s meetup containerized_cloud_foundry
 
The prelude by wordsworth
The prelude by wordsworthThe prelude by wordsworth
The prelude by wordsworth
 
Contratación digital. semana del seguro 2016
Contratación digital. semana del seguro 2016Contratación digital. semana del seguro 2016
Contratación digital. semana del seguro 2016
 
New joinee
New joineeNew joinee
New joinee
 
Isms info
Isms infoIsms info
Isms info
 
Transformadores Parte I. Aspectos constructivos. Principio de funcionamiento
Transformadores Parte I. Aspectos constructivos. Principio de funcionamientoTransformadores Parte I. Aspectos constructivos. Principio de funcionamiento
Transformadores Parte I. Aspectos constructivos. Principio de funcionamiento
 
L’écriture avec la tablette tactile : quels usages ? Quels processus ? Quelle...
L’écriture avec la tablette tactile : quels usages ? Quels processus ? Quelle...L’écriture avec la tablette tactile : quels usages ? Quels processus ? Quelle...
L’écriture avec la tablette tactile : quels usages ? Quels processus ? Quelle...
 

Similar to Migrating Critical Applications to the Cloud - isaca seattle - sanitized

Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
Cybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platformCybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platformVertex Holdings
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Mark Williams
 
Gitex journey to the cloud
Gitex journey to the cloudGitex journey to the cloud
Gitex journey to the cloudJorge Sebastiao
 
Building Cloud capability for startups
Building Cloud capability for startupsBuilding Cloud capability for startups
Building Cloud capability for startupsSekhar Mohanty
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhShah Sheikh
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityJisc
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Agora Group
 
The Cloud Security Landscape
The Cloud Security LandscapeThe Cloud Security Landscape
The Cloud Security LandscapePeter Wood
 
Application Darwinism: Why Most Enterprise Apps Will Move to the Cloud (SVC20...
Application Darwinism: Why Most Enterprise Apps Will Move to the Cloud (SVC20...Application Darwinism: Why Most Enterprise Apps Will Move to the Cloud (SVC20...
Application Darwinism: Why Most Enterprise Apps Will Move to the Cloud (SVC20...Amazon Web Services
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudCompTIA UK
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessCloudPassage
 
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Denim Group
 

Similar to Migrating Critical Applications to the Cloud - isaca seattle - sanitized (20)

Presd1 10
Presd1 10Presd1 10
Presd1 10
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Cybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platformCybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platform
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
 
Gitex journey to the cloud
Gitex journey to the cloudGitex journey to the cloud
Gitex journey to the cloud
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Building Cloud capability for startups
Building Cloud capability for startupsBuilding Cloud capability for startups
Building Cloud capability for startups
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
 
Shared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud securityShared responsibility - a model for good cloud security
Shared responsibility - a model for good cloud security
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Datacenter 2014: Trend Micro - Bill MCGee
Datacenter 2014: Trend Micro - Bill MCGeeDatacenter 2014: Trend Micro - Bill MCGee
Datacenter 2014: Trend Micro - Bill MCGee
 
Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012Radu crahmaliuc 23feb2012
Radu crahmaliuc 23feb2012
 
The Cloud Security Landscape
The Cloud Security LandscapeThe Cloud Security Landscape
The Cloud Security Landscape
 
Application Darwinism: Why Most Enterprise Apps Will Move to the Cloud (SVC20...
Application Darwinism: Why Most Enterprise Apps Will Move to the Cloud (SVC20...Application Darwinism: Why Most Enterprise Apps Will Move to the Cloud (SVC20...
Application Darwinism: Why Most Enterprise Apps Will Move to the Cloud (SVC20...
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
 
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...
 

More from UnifyCloud

UnifyCloud-recognized-as-finalist-for-2022-microsoft-migration-to-azure-partn...
UnifyCloud-recognized-as-finalist-for-2022-microsoft-migration-to-azure-partn...UnifyCloud-recognized-as-finalist-for-2022-microsoft-migration-to-azure-partn...
UnifyCloud-recognized-as-finalist-for-2022-microsoft-migration-to-azure-partn...UnifyCloud
 
Cloud Atlas Presentation Ignite Sept 2017
Cloud Atlas Presentation Ignite Sept 2017Cloud Atlas Presentation Ignite Sept 2017
Cloud Atlas Presentation Ignite Sept 2017UnifyCloud
 
Cloud Cost management Solutions - CloudAtlas®
Cloud Cost management Solutions - CloudAtlas®Cloud Cost management Solutions - CloudAtlas®
Cloud Cost management Solutions - CloudAtlas®UnifyCloud
 
Cloud Cost Management Tools - CloudAtlas®
Cloud Cost Management Tools - CloudAtlas®Cloud Cost Management Tools - CloudAtlas®
Cloud Cost Management Tools - CloudAtlas®UnifyCloud
 
Office 365 Dashboards - Analytical Reporting Tools
Office 365 Dashboards - Analytical Reporting ToolsOffice 365 Dashboards - Analytical Reporting Tools
Office 365 Dashboards - Analytical Reporting ToolsUnifyCloud
 
Azure Monitoring Tools CloudSupervisor® - Advisor Analytics
Azure Monitoring Tools CloudSupervisor® - Advisor AnalyticsAzure Monitoring Tools CloudSupervisor® - Advisor Analytics
Azure Monitoring Tools CloudSupervisor® - Advisor AnalyticsUnifyCloud
 
Cloud Consulting Services Company | UnifyCloud LLC
Cloud Consulting Services Company | UnifyCloud LLCCloud Consulting Services Company | UnifyCloud LLC
Cloud Consulting Services Company | UnifyCloud LLCUnifyCloud
 
CloudPilot Application Migration Tools Datasheet - CloudOrigin®
CloudPilot Application Migration Tools Datasheet - CloudOrigin®CloudPilot Application Migration Tools Datasheet - CloudOrigin®
CloudPilot Application Migration Tools Datasheet - CloudOrigin®UnifyCloud
 

More from UnifyCloud (8)

UnifyCloud-recognized-as-finalist-for-2022-microsoft-migration-to-azure-partn...
UnifyCloud-recognized-as-finalist-for-2022-microsoft-migration-to-azure-partn...UnifyCloud-recognized-as-finalist-for-2022-microsoft-migration-to-azure-partn...
UnifyCloud-recognized-as-finalist-for-2022-microsoft-migration-to-azure-partn...
 
Cloud Atlas Presentation Ignite Sept 2017
Cloud Atlas Presentation Ignite Sept 2017Cloud Atlas Presentation Ignite Sept 2017
Cloud Atlas Presentation Ignite Sept 2017
 
Cloud Cost management Solutions - CloudAtlas®
Cloud Cost management Solutions - CloudAtlas®Cloud Cost management Solutions - CloudAtlas®
Cloud Cost management Solutions - CloudAtlas®
 
Cloud Cost Management Tools - CloudAtlas®
Cloud Cost Management Tools - CloudAtlas®Cloud Cost Management Tools - CloudAtlas®
Cloud Cost Management Tools - CloudAtlas®
 
Office 365 Dashboards - Analytical Reporting Tools
Office 365 Dashboards - Analytical Reporting ToolsOffice 365 Dashboards - Analytical Reporting Tools
Office 365 Dashboards - Analytical Reporting Tools
 
Azure Monitoring Tools CloudSupervisor® - Advisor Analytics
Azure Monitoring Tools CloudSupervisor® - Advisor AnalyticsAzure Monitoring Tools CloudSupervisor® - Advisor Analytics
Azure Monitoring Tools CloudSupervisor® - Advisor Analytics
 
Cloud Consulting Services Company | UnifyCloud LLC
Cloud Consulting Services Company | UnifyCloud LLCCloud Consulting Services Company | UnifyCloud LLC
Cloud Consulting Services Company | UnifyCloud LLC
 
CloudPilot Application Migration Tools Datasheet - CloudOrigin®
CloudPilot Application Migration Tools Datasheet - CloudOrigin®CloudPilot Application Migration Tools Datasheet - CloudOrigin®
CloudPilot Application Migration Tools Datasheet - CloudOrigin®
 

Recently uploaded

定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 

Recently uploaded (20)

定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 

Migrating Critical Applications to the Cloud - isaca seattle - sanitized

  • 1. © UnifyCloud LLC All rights reserved Norm Barber, Managing Director UnifyCloud LLC February 2015 Migrating Applications To The Cloud Security and Compliance Considerations 1
  • 2. © UnifyCloud LLC All rights reserved 2 • 35-year veteran of the IT industry starting as an IT Director in traditional IT organizations. • Participated in the transition from distributed processing through client-server to the use of Cloud and mobile. • Last 15 years focused on Security, Identity & Access Management (S/IAM), and IT Risk Management. • Currently, Managing Director at UnifyCloud LLC, a Cloud-focused consultancy specializing in S/IAM controls. • Previously, held management positions with PwC, KPMG, Andersen Worldwide (Partner and Global Services Director for the Security & Privacy practice) and Protiviti (Founding Managing Director and Identity Practice Lead). • Microsoft’s Strategic Security Advisor for the US Financial Services sector and Principal Program Manager for the Customer & Partner Engineering Group within the Azure Identity & Security Services Division. • Held CISSP and CISM certifications and served on the Technology Committee of the Institute of Internal Auditors. • Member of the Cloud Security Alliance (CSA), the Information Systems Audit and Control Association (ISACA), the Information Systems Security Association (ISSA), InfraGard (the private sector and FBI partnership), and U.S. Secret Service Electronic Crimes Task Force. Speaker: Norm Barber Managing Director, UnifyCloud LLC
  • 3. © UnifyCloud LLC All rights reserved 3 15-year journey…the Security threat landscape… Key Threats • Melissa (1999), Love Letter (2000) • Mainly leveraging social engineering Key Threats • Code Red and Nimda (2001), Blaster (2003), Slammer (2003) • 9/11 • Mainly exploiting buffer overflows • Script kiddies • Time from patch to exploit: Several weeks Key Threats • Zotob (2005) • Attacks «moving up the stack» (Summer of Office 0-day) • Rootkits • Exploitation of Buffer Overflows • Script Kiddies • Raise of Phishing • User running as Admin Key Threats • Organized Crime • Botnets • Identity Theft • Conficker (2008) • Time from patch to exploit: a few days Key Threats • Organized Crime, potential state actors • Sophisticated Targeted Attacks • Operation Aurora (2009) • Stuxnet (2010) 2001 2004 2007 2009 2012 Key Threats • Nation-state attacks; Sony is not an anomaly • Kinetic Attacks; the Internet of Things (IoT) • Technology innovations that outpace security • Data on user-owned mobile devices 2015 Key IT Risks • Security • Confidentiality • Reliability • Availability Key IT Risks • Security • Confidentiality • Reliability • Availability • Stability • Speed
  • 4. © UnifyCloud LLC All rights reserved 4 New IT all up risks for the Cloud-era… Cloud Feature PMs - “Start me up!” Stability of Cloud platforms Stability [stuh-bil-i-tee] noun 1. continuance without change; permanence. 2. resistance to change, especially sudden change
  • 5. © UnifyCloud LLC All rights reserved 5 New IT all up risks for the Cloud-era… CIOs - “Must go faster!” Speed of Cloud adoption Speed [speed] noun 1. relative rapidity in moving, going, etc.; rate of motion or progress. 2. full, maximum, or optimum rate of motion.
  • 6. © UnifyCloud LLC All rights reserved Our Mission is to help our clients deal with the speed of Cloud adoption and the utilization of ever-evolving Cloud-based services. We focus on the implementation of effective Enterprise-grade S/IAM* controls, creation of Cloud app-development Best Practices, and the migration of apps to the Cloud. The capabilities we deliver are: • Native in a CSV’s IaaS / PaaS platforms • Configurable by the subscriber • Provided by a 3rd party Cloud service (as needed) • Delivered by migration / compliance tools UnifyCloud’s Mission * Security and Identity & Access Management
  • 7. © UnifyCloud LLC All rights reserved 7 • Four Premises associated with Cloud adoption; • Using technology to address the challenges of these Premises; and • A case study on lighting up this “toolchain” technology. Key Takeaway: Discussion Areas: The magnitude of the migration effort to the Cloud, the complexity of both customized apps and Cloud environments, and the requirement for ongoing app-level monitoring suggests the need for what Gartner calls a “programmable security infrastructure capable of supporting security policy ‘toolchains’.”
  • 8. © UnifyCloud LLC All rights reserved Infrastructure as a Service (IaaS) - The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying Cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls). 8 Premise #1: Cloud adoption is accelerating around PaaS… Platform as a Service (PaaS) — The capability provided to the consumer is to deploy onto the Cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying Cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. Examples: NIST Special Publication 800-145 • Application Development, Data, Workflow, etc. • Security Services (Single Sign-On, Authentication, etc.) • Database Management • Directory Services
  • 9. © UnifyCloud LLC All rights reserved 9 • Gartner considers PaaS as “Transformational” over the next 2 to 5 years (as of July 2014). • PaaS is more than a collection of outsourced infrastructure services that can support legacy apps tweaked for the Cloud. • PaaS can provide the building blocks for innovative, new scenarios. Beyond IaaS, PaaS will unleash creativity in rethinking scenarios… Source: Microsoft
  • 10. © UnifyCloud LLC All rights reserved 10 Premise #2: Adopting DevOps is happening concurrently… How soon? Gartner indicates: “By 2015, 20% of enterprise IT departments that have adopted DevOps principles will extend this vision to incorporate information security up from 2% at year end 2011.” “When every deployment is done differently, every production environment is a different snowflake. When this occurs, no mastery is ever built in the organization in procedures or configurations.” Gene Kim; The Top 11 Things You Need To Know About DevOps “…for core components that make up a delivery pipeline, each of the components need to be available as a service, in order to provide a complete ‘DevOps on PaaS’ solution,” DevOps.com
  • 11. © UnifyCloud LLC All rights reserved 11 DevOps in the Cloud impacts Security processes as well… Gartner Recommendations • DevOps teams need to evolve into integrated DevOpsSec teams, with security personnel recognized as critical peer members. • Develop a simplified framework for security policies and processes that complements the agile foundation of DevOps, yet still provides the necessary protection of key enterprise assets. • Invest in programmable security infrastructure capable of supporting security policy "toolchains," which facilitates speed through automation and flexibility via open APIs. “DevOps cannot be successful if security is not an integral part of the vision. We believe a combined philosophy of “DevOpsSec” will become a critical capability for IT departments embracing Cloud operating models to improve security, lower costs, securely embrace new business requirements and protect from advanced threats.” DevOpsSec: Creating the Agile Triangle; Gartner
  • 12. © UnifyCloud LLC All rights reserved 12 Premise #3: IT Risk Management is evolving along with the Cloud… “…by understanding what Cloud is and what it is not and by asking a few key questions of management teams, boards can gain that confidence—in management plans and strategic goals, as well as in the decisions made in response to those plans.” “The potential benefits of Cloud services can be enticing, but with reward comes risk. The enterprise must decide whether the potential risk is within acceptable limits.” Source: ISACA Source: Cloud Security Alliance: SecaaS Model “Current and potential Cloud customers must avoid the trap of ‘Cloud complacency’: assuming that anything that's as easy to use a Cloud-based service must automatically be secure and reliable. All IT decision makers need to be aware of the degree to which Cloud-using organizations must be responsible for their own security destiny.” Gartner: Hype Cycle for Cloud Security, 2014
  • 13. © UnifyCloud LLC All rights reserved 13 • Greater dependency on third parties: ▫ Increased vulnerabilities in external interfaces ▫ Increased risk in aggregated data centers ▫ Immaturity of the service providers with the potential for service provider ongoing concern issues ▫ Increased reliance on independent assurance processes • Increased complexity of compliance with laws and regulations: ▫ Greater magnitude of privacy risk ▫ Transborder flow of personally identifiable information (PII) ▫ Affecting contractual compliance • Reliance on the Internet as the primary conduit to the enterprise’s data introduces: ▫ Security issues with a public environment ▫ Availability issues of Internet connectivity • Due to the dynamic nature of cloud computing: ▫ The location of the processing facility may change according to load balancing ▫ The processing facility may be located across international boundaries ▫ Operating facilities may be shared with competitors ▫ Legal issues (liability, ownership, etc.) relating to differing laws in hosting countries may put data at risk” “Additional Cloud risk has the following main components…”
  • 14. © UnifyCloud LLC All rights reserved 14 At the end of the day, your Board expects you’ll own IT risk all up… Source: Microsoft “Ensuring systems are secure and risk is managed is challenging in any environment and even more daunting with Cloud computing… A risk management program should also be in place that is flexible enough to deal with the continuously evolving and shifting risk landscape.” NIST: Guidelines on Security and Privacy in Public Cloud Computing
  • 15. © UnifyCloud LLC All rights reserved 15 Cloud “shared responsibility” models need to be understood… Source: MicrosoftSource: Amazon Web Services
  • 16. © UnifyCloud LLC All rights reserved • Implementing interconnectivity between Cloud and on-premises resources. • Security Development Lifecycle for applications. • Application QA prior to moving to Cloud production. • Monitoring the security of applications. • Reviewing and applying public security and patch updates (IaaS). • Reporting the incidents and alerts specific to systems and subscriptions. • Support timely responses with Cloud platform. • Implementing redundant systems for hot-failover. • Controls over account / subscription IDs and passwords and access to applications. • Compliance with applicable laws/regulations. • Determining and implementing encryption for data. • Securing certificates used to access applications. • Selection of access mechanism for data. • Determining the Services configurations. • Backup of data to local / Cloud storage. • Protection of the secrets associated with accounts. 16 Controls and reporting as well as configuration oversight excluded from a CSV platform SOC report What “managed by customer” means (from a typical SOC* report)… * AICPA Service Organization Control (SOC) Reports (Type I and Type II) formerly Statement on Auditing Standards No. 70: Service Organizations (SAS 70)
  • 17. © UnifyCloud LLC All rights reserved 1. What are the Enterprise standards for PaaS and app-level settings based on Cloud S/IAM policies and best practices? 2. How do we know if LOB apps, once re-factored, or built from the ground up, will be in compliance once deployed? 3. As Cloud environments are evolved by CSVs, apps are enhanced by developers, and/or controls are updated due to emerging threats, how will compliance “drift” be monitored, reported and remediated quickly? 17 Premise #4: Moving apps to the Cloud is not once and done… Application Services Compute Data Services Networks Hi, I am Rudy, a Dev, and I need to migrate a group of apps and spin up a set of PaaS Services. I am NOT a Infrastructure guy, though. CDN Integration HPC Analytics Caching Identity Service bus Media Virtual machines websites Cloud services Mobile services SQL database HD insight Tables Blob storage Connections Virtual network Traffic manager Name resolution Integration Analytics Identity Virtual machines Cloud services SQL database HD insight Connections Virtual network Azure Services…Source: Microsoft
  • 18. © UnifyCloud LLC All rights reserved 18 Moving apps to “the Cloud” can seem straightforward…. • Discover & Assess – Create an inventory of applications and workloads that are candidates for Cloud - SaaS (replace), IaaS (lift and shift), PaaS (refactor / rebuild). Sort out the “noise” (agents, drivers, hot fixes). Use criteria such as infrastructure, architecture (32- vs. 64-bit), data compliance requirements, hardware dependency, software EOS, and mission criticality (BCDR). • Target & Migrate – Determine those apps that have potential SaaS alternatives, that need to be encapsulated to run on IaaS, or can be moved to a more long-term PaaS environment. For PaaS- bound apps, determine the specific PaaS services (Compute, Storage, Network) required, validate at the code level what remediation is required, remediate and test against PaaS standards. Use this same process to validate app readiness for PaaS on new apps developed in the Cloud. • Monitor & Report – Using a baseline of Enterprise standards for S/IAM and Cloud best practices, monitor and report on app compliance as PaaS environments evolve, apps are changed, and Enterprise standards are updated. Rinse and repeat. Monitor & Report 3Target & Migrate 2Discover & Assess 1
  • 19. © UnifyCloud LLC All rights reserved Once moved, apps running on PaaS will experience “drift”… Main reasons for Drift: • Devs responsible for LOB apps may: ▫ Not have understood fully the S/IAM requirements in the first place, ▫ Find guidance too complex to digest, and/or ▫ Not have the time / skills to make appropriate changes to meet baseline S/IAM requirements; • Aggressive, VM-centric, migrations may have swept up LOB apps on those targeted VMs not fully configured or tested for compliance against a S/IAM controls baseline; • Even with diligence on the part of Devs, over time PaaS environments will evolve as will the associated S/IAM Cloud controls baseline, often in six-month cycles; and • Manually certifying LOB apps against an ever-evolving S/IAM baseline, will be a time sink and raise questions about thoroughness and accuracy.
  • 20. © UnifyCloud LLC All rights reserved 20 Cloud evolution, enhancements and change are inevitable… Traditional On-Premises Server Migration 6 months Cloud Services Adoption, Provisioning and Deployment Cloud Feature PMs - “Start me up!” 6 months 6 months When “Drift” is unmanaged
  • 21. © UnifyCloud LLC All rights reserved 21 1. Cloud adoption is accelerating around PaaS… 2. Adopting DevOps is happening concurrently… 3. IT Risk Management is evolving along with the Cloud… 4. Moving apps to the Cloud is not once and done… These four Premises argue for technology as a way to cope… Technology that can provide both guidance and governance while evolving at Cloud-speed as platforms evolve, apps change, and IT Risk Management / threat models adapt. This technology should have four components: App Cloud Readiness Assessment, Remediation, and Test Compliance Monitoring and Reporting Controls & Settings Knowledgebase / RepositoryApp Discovery and Migration Target Assessment
  • 22. © UnifyCloud LLC All rights reserved Tooling to support the app migration roadmap to PaaS… 22 AzureMonitor™AzureValidator™ AzureNavigator™ AzureAssessor™ Monitor & Report 3Target & Migrate 2Discover & Assess 1
  • 23. © UnifyCloud LLC All rights reserved Migrating Applications To The Cloud 23 Case Study
  • 24. © UnifyCloud LLC All rights reserved 24 Client’s charter: Create a Dev-centric, self-service solution to… • Move LBI and MBI LOB apps* to Azure PaaS in an efficient and highly leveraged way (i.e., is NOT dependent only on development resources); • Assure those moved LOB apps are compliant with our S/IAM controls and preferred Enterprise PaaS settings in the first place; • Allow for the evolution of S/IAM controls and PaaS settings so that the baseline for migration and operations are consistent; and • Monitor LoB app compliance over time providing for fast and efficient remediation when the inevitable “drift” happens. *Data Classification: Low Business Impact (LBI) and Medium Business Impact (MBI)
  • 25. © UnifyCloud LLC All rights reserved 25 App assessment was detailed and prescriptive… Typical app patterns • Web-based • Websites • Mobile • 30+ Azure Services • >200 Data Points • >300 Settings
  • 26. © UnifyCloud LLC All rights reserved 26 Included the “As Is” app architecture… as well as the “To-Be”…
  • 27. © UnifyCloud LLC All rights reserved 27
  • 28. © UnifyCloud LLC All rights reserved 28 • Understand the unique End of Service risks associated with Windows Server 2003 (7/15) and SQL Server 2005 (4/16) regarding applications built on those platforms: ▫ Upgrade applications to run on-premises on Windows / SQL with more current versions; ▫ Retire older applications and look for SaaS solutions as replacements; ▫ Encapsulate the older, unsupported applications and “lift and shift” to IaaS; and ▫ Refactor / rebuild mission critical applications into “modern applications” to run on PaaS. • Understand the importance of Security, Identity Management and Compliance all-up in a Hybrid IT environment. A CSV’s SOC report (or other risk assessment) is necessary, but not sufficient; • Prepare to operate your IT Risk Management program at “Cloud Speed”. Recognize that threats, platform features, and modern apps will constantly evolve and you must manage “drift”; and • Evaluate risk management tools that have been designed to operate in the Cloud and take into consideration the ever changing nature of Hybrid IT and its frequently updated IT control structure. IT Risk Management Professionals Call To Action
  • 29. © UnifyCloud LLC All rights reserved 29 Summary: • Four challenges can make migration slow, tedious and complex: ▫ Cloud adoption is accelerating around PaaS… ▫ Adopting DevOps is happening concurrently… ▫ IT Risk Management is evolving along with the Cloud… ▫ Migrating apps to the Cloud is not once and done… • Technology can address these challenges. • UnifyCloud LLC has developed this technology.
  • 30. © UnifyCloud LLC All rights reserved Migrating Applications To The Cloud 30 Questions? Norm Barber, Managing Director normb@unifycloud.com