Copyright 2011 Trend Micro Inc. Securing your Journey to the Cloud Kamal Sharma Technical Consultant...

Copyright 2011 Trend Micro Inc.

Securing your Journey to the CloudKamal Sharma• Technical Consultant

[email protected]

Classification 04/19/23 1

Copyright 2011 Trend Micro Inc.Classification 04/19/23 2

Agenda

• The Cloud Landscape

• Security Challenges

• Journey to the Cloud

• Next Generation Security Infrastructure

• How it Works ?

• Summary


The Benefits of Virtualization & Cloud Computing


Reduce IT Capital Expense

by 50%

Reduce Administration

overhead

Reduce IT operational

expense

Increase Flexibility

Reduce Carbon

Footprint

And more…


Stage 1 -Private Cloud

Stage 2 - 2011Hybrid Cloud

Stage 3 - 2012Public Cloud

15% 30% 70%

85%

Servers

Desktops

Customer Cloud Journey

SecureThe

CloudWorkload

ProtectThe

WorkloadData

ConsolidateSecurity Across

DC & Cloud


Cloud Layers

• Three basic cloud layers: IaaS, PaaS, SaaS– IaaS: is the cloud layer in which cloud consumers have the ability

to provision virtual servers, storage, networks, and other fundamental computing resources

– PaaS: provides a development platform, sandbox and management system to develop, and in some cases, sell the applications that will be operated in the cloud.

– SaaS: capability for a consumer to use the provider’s applications running on a cloud infrastructure.

Trend Micro Confidential04/19/23 5


Types of cloud computing & examples


Cloud Applications

Software-as-a-Service

Cloud Software Development

Platform-as-a-Service

Cloud-based Infrastructure

Infrastructure-as-a-Service


Who Has Control?

Servers Virtualization & Private Cloud

Public CloudPaaS

Public CloudIaaS

End-User (Enterprise) Service Provider

Public CloudSaaS

7Trend Micro Confidential 04/19/23


Source: Source: IDC eXchange, "New IDC IT Cloud Services Survey: Top Benefits and Challenges," (http://blogs.idc.com/ie/?p=730) December 2009

“The number one concern about cloud services is security.”

Frank Gens, IDC, Senior VP & Chief Analyst

Key Challenges/Issues to the Cloud/On-demand Model


Stage 1 -Private Cloud

Stage 2 - 2011Hybrid Cloud

Stage 3 - 2012Public Cloud

15% 30% 70%

85%

Servers

Desktops

What is there to Worry ?

-Traditional Security Approach-VM Sprawl / Cloning, V-Motion-Inter VM Communication-Resource Contention

- Use of Encryption is rare- Virtual volumes and servers are mobile- Virtual volumes contain residual data

-Compliance Concern-Rogue servers might access data


Private Public Cloud

Data destruction

Diminished perimeter

Resource Contention

Multi-tenancy

Data access & governance

Complexity of Management

Mixed trust level VMs

Compliance/ Lack of audit trail

1

2

3

4

5

6

7

8

9

10

11

Virtualiz

ation

Adoption R

ate

Security Challenges Along the Virtualization Journey

Inter-VM attacks

Instant-on gaps

Host controls under-deployed


How do we get there – a journey to the cloud

Virtualization

Dynamic Data Center withShared System, Share Storage

Cloud Application

New Platform for New Apps. Example, Web Defacing, SQL Injection

3G NetworkNet Devices

Ubiquitous, BorderlessData Access, Data Everywhere

Data Centric Protection

Ownership of Data vs. ComputingConfidentiality & Access Control

Hybrid Cloud Management

SecurityThat Fits

Cloud Infrastructure

Cloud Data Cloud Application

Cloud End Devices

Deep Security Office Scan, Titanium, Safe Sync

Secure CloudDeep Security


Next Generation Security Infrastructure



Virtualization

DMZ

Mission Critical ServersInternet

Firewall

Web / Email

IDS / IPS

Firewall

IDS / IPS

Anti-malware

Firewall

IDS/IPS

Endpoints

Virtualization

Virtual Appliance


Cloud Computing

DMZ


Firewall

IDS / IPS

Anti-malware

Firewall

IDS/IPS

Endpoints

Virtual Appliance

Public Cloud Computing

Agent-based protection• Anti-malware• Firewall• IDS/IPS• Integrity Monitoring• Encryption

Firewall

Web / Email

IDS / IPS


Next Generation Security

DMZ


Firewall

Web / Email

IDS / IPS

Firewall

IDS / IPS

Endpoints

Cloud Computing


How it Works ?



What is Deep Security?Server & application protection for:

17

PHYSICAL VIRTUAL & PRIVATE CLOUD

PUBLIC CLOUD

Deep Packet Inspection

IDS / IPSWeb App.Protection

ApplicationControl

FirewallIntegrity

MonitoringLog

InspectionMalware

Protection

04/19/23

Copyright 2011 Trend Micro Inc. 18

Trend Micro Deep SecurityServer & application protection

• Latest anti-malware module adds to existing set of advanced protection modules

FirewallWeb app

protectionLog

InspectionIntegrity

MonitoringAnti-

Malware

Intrusion Detection Prevention


IDS / IPS

Web Application Protection

Application Control

Firewall

Deep Packet Inspection

Log Inspection

Anti-Virus

Detects and blocks known and zero-day attacks that target vulnerabilities

Shields web application vulnerabilities Provides increased visibility into,

or control over, applications accessing the network

Reduces attack surface. Prevents DoS & detects reconnaissance scans

Detects malicious and unauthorized changes to directories, files, registry keys…

Optimizes the identification of important security events buried in log entries

Detects and blocks malware (web threats, viruses & worms, Trojans)

Trend Micro Deep SecurityServer & application protection

Protection is delivered via Agent and/or Virtual Appliance

5 protection modules

IntegrityMonitoring


Secure Cloud

20


Trend Micro: Server Security LeadershipIDC Market Analysis: Worldwide Corporate Server Security Market Share

All Others77.1%

Trend Micro22.9%

Source: Worldwide Endpoint Security 2010-2014 Forecast and 2009 Vendor Shares, IDC

These products are generally more robust than desktop endpoint security and are available for a much wider set of operating systems (Windows, Unix, and Linux). This category also includes products that are designed to protect hypervisors and virtualservers.”

Copyright 2011 Trend Micro Inc.Classification 04/19/23 22

Securing Your Journey to the Cloud

THANK YOU!


What’s the Solution?

• SecureCloud makes it possible for businesses to encrypt and control data in public and private cloud environments via simple policy-based key management. It gives businesses power over how and where data is accessed and greatly reduces the complexity of inherent in traditional key management solutions.

• For the Public Cloud: (Amazon.com or Terremark)

– Safely leverage operational and cost efficiencies of cloud computing– Control access to data in shared public cloud environments– Additional safety by authenticating virtual servers

• For the Private Cloud: (vCloud in customer’s data center)

• Segregation of sensitive data stored in internal shared storage• Greater ability to achieve compliance with regulations and best

practices


Key Product Benefits (Continued)

• Secure Storage recycling– Residual data left on storage devices is unreadable after volumes

are terminated

• Auditing and logging functions– Helps ensure compliance with regulations, policies and best

practices– Reduces work required for external or internal investigations – Creates accountability and helps manage system resources

• Automated policy-based key management– Determines which virtual servers access data – Imposes security requirements and location constraints on VMs– Reduces the likelihood of malware infection, system cloning and

server modifications

24


What is there to worry about?


Name: John DoeSSN: 425-79-0053

Visa #: 4456-8732…


Visa #: 4456-8732…

Use of encryption is rare:• Now only authorized servers can read data!

Virtual volumes and servers are mobile: • Policies only allow access in authorized areas!

Rogue servers might access data: • Yes – but the information is unreadable and safe!

Rich audit and alerting modules lacking:• Now we have reports, alerts and audit trails!

Encryption keys remain with vendor:• No vendor lock-in since customer owns solution• Customer decides where keys are stored!

Virtual volumes contain residual data:•Doesn’t matter – disks are unreadable!


SecureCloud Key Benefits

• SecureCloud is unique– Not just encryption: unique in the way it manages keys and its

environment– Excellent compliment to Deep Security

• Industry standard encryption– Makes data unreadable without encryption keys– Greatly reduces the risks of data theft, unauthorized data disclosure or

data modification

• Control of encryption keys– Know exactly where your keys are at all times– Vendor administrators with powerful rights unable to see information– Not subjected to lock-in with cloud vendor’s encryption system– Governments can no longer seize data without your knowledge

26


What is there to worry about?



Visa #: 4456-8732…


Visa #: 4456-8732…

Use of encryption is rare:• Who can see your information?

Virtual volumes and servers are mobile: • Your data is mobile — has it moved?

Rogue servers might access data: • Who is attaching to your volumes?

Rich audit and alerting modules lacking:• What happened when you weren’t looking?

Encryption keys remain with vendor:• Are you locked into a single security solution? Who has access to your keys?

Virtual volumes contain residual data:• Are your storage devices recycled securely?

Copyright 2011 Trend Micro Inc. Securing your Journey to the Cloud Kamal Sharma Technical Consultant...

Documents

Transcript of Copyright 2011 Trend Micro Inc. Securing your Journey to the Cloud Kamal Sharma Technical Consultant...