Copyright 2011 Trend Micro Inc. Securing your Journey to the Cloud Kamal Sharma Technical Consultant...
-
Upload
alan-anthony -
Category
Documents
-
view
217 -
download
1
Transcript of Copyright 2011 Trend Micro Inc. Securing your Journey to the Cloud Kamal Sharma Technical Consultant...
Copyright 2011 Trend Micro Inc.
Securing your Journey to the CloudKamal Sharma• Technical Consultant
Classification 04/19/23 1
Copyright 2011 Trend Micro Inc.Classification 04/19/23 2
Agenda
• The Cloud Landscape
• Security Challenges
• Journey to the Cloud
• Next Generation Security Infrastructure
• How it Works ?
• Summary
Copyright 2011 Trend Micro Inc.
The Benefits of Virtualization & Cloud Computing
Classification 04/19/23 3
Reduce IT Capital Expense
by 50%
Reduce Administration
overhead
Reduce IT operational
expense
Increase Flexibility
Reduce Carbon
Footprint
And more…
Copyright 2011 Trend Micro Inc.
Stage 1 -Private Cloud
Stage 2 - 2011Hybrid Cloud
Stage 3 - 2012Public Cloud
15% 30% 70%
85%
Servers
Desktops
Customer Cloud Journey
SecureThe
CloudWorkload
ProtectThe
WorkloadData
ConsolidateSecurity Across
DC & Cloud
Copyright 2011 Trend Micro Inc.
Cloud Layers
• Three basic cloud layers: IaaS, PaaS, SaaS– IaaS: is the cloud layer in which cloud consumers have the ability
to provision virtual servers, storage, networks, and other fundamental computing resources
– PaaS: provides a development platform, sandbox and management system to develop, and in some cases, sell the applications that will be operated in the cloud.
– SaaS: capability for a consumer to use the provider’s applications running on a cloud infrastructure.
Trend Micro Confidential04/19/23 5
Copyright 2011 Trend Micro Inc.
Types of cloud computing & examples
Classification 04/19/23 6
Cloud Applications
Software-as-a-Service
Cloud Software Development
Platform-as-a-Service
Cloud-based Infrastructure
Infrastructure-as-a-Service
Copyright 2011 Trend Micro Inc.
Who Has Control?
Servers Virtualization & Private Cloud
Public CloudPaaS
Public CloudIaaS
End-User (Enterprise) Service Provider
Public CloudSaaS
7Trend Micro Confidential 04/19/23
Copyright 2011 Trend Micro Inc.
Source: Source: IDC eXchange, "New IDC IT Cloud Services Survey: Top Benefits and Challenges," (http://blogs.idc.com/ie/?p=730) December 2009
“The number one concern about cloud services is security.”
Frank Gens, IDC, Senior VP & Chief Analyst
Key Challenges/Issues to the Cloud/On-demand Model
Copyright 2011 Trend Micro Inc.
Stage 1 -Private Cloud
Stage 2 - 2011Hybrid Cloud
Stage 3 - 2012Public Cloud
15% 30% 70%
85%
Servers
Desktops
What is there to Worry ?
-Traditional Security Approach-VM Sprawl / Cloning, V-Motion-Inter VM Communication-Resource Contention
- Use of Encryption is rare- Virtual volumes and servers are mobile- Virtual volumes contain residual data
-Compliance Concern-Rogue servers might access data
Copyright 2011 Trend Micro Inc.
Private Public Cloud
Data destruction
Diminished perimeter
Resource Contention
Multi-tenancy
Data access & governance
Complexity of Management
Mixed trust level VMs
Compliance/ Lack of audit trail
1
2
3
4
5
6
7
8
9
10
11
Virtualiz
ation
Adoption R
ate
Security Challenges Along the Virtualization Journey
Inter-VM attacks
Instant-on gaps
Host controls under-deployed
Copyright 2011 Trend Micro Inc.
How do we get there – a journey to the cloud
Virtualization
Dynamic Data Center withShared System, Share Storage
Cloud Application
New Platform for New Apps. Example, Web Defacing, SQL Injection
3G NetworkNet Devices
Ubiquitous, BorderlessData Access, Data Everywhere
Data Centric Protection
Ownership of Data vs. ComputingConfidentiality & Access Control
Hybrid Cloud Management
SecurityThat Fits
Cloud Infrastructure
Cloud Data Cloud Application
Cloud End Devices
Deep Security Office Scan, Titanium, Safe Sync
Secure CloudDeep Security
Copyright 2011 Trend Micro Inc.
Next Generation Security Infrastructure
Classification 04/19/23 12
Copyright 2011 Trend Micro Inc.
Virtualization
DMZ
Mission Critical ServersInternet
Firewall
Web / Email
IDS / IPS
Firewall
IDS / IPS
Anti-malware
Firewall
IDS/IPS
Endpoints
Virtualization
Virtual Appliance
Copyright 2011 Trend Micro Inc.
Cloud Computing
DMZ
Mission Critical ServersInternet
Firewall
IDS / IPS
Anti-malware
Firewall
IDS/IPS
Endpoints
Virtual Appliance
Public Cloud Computing
Agent-based protection• Anti-malware• Firewall• IDS/IPS• Integrity Monitoring• Encryption
Firewall
Web / Email
IDS / IPS
Copyright 2011 Trend Micro Inc.
Next Generation Security
DMZ
Mission Critical ServersInternet
Firewall
Web / Email
IDS / IPS
Firewall
IDS / IPS
Endpoints
Cloud Computing
Copyright 2011 Trend Micro Inc.
How it Works ?
Classification 04/19/23 16
Copyright 2011 Trend Micro Inc.
What is Deep Security?Server & application protection for:
17
PHYSICAL VIRTUAL & PRIVATE CLOUD
PUBLIC CLOUD
Deep Packet Inspection
IDS / IPSWeb App.Protection
ApplicationControl
FirewallIntegrity
MonitoringLog
InspectionMalware
Protection
04/19/23
Copyright 2011 Trend Micro Inc. 18
Trend Micro Deep SecurityServer & application protection
• Latest anti-malware module adds to existing set of advanced protection modules
FirewallWeb app
protectionLog
InspectionIntegrity
MonitoringAnti-
Malware
Intrusion Detection Prevention
Copyright 2011 Trend Micro Inc. 19
IDS / IPS
Web Application Protection
Application Control
Firewall
Deep Packet Inspection
Log Inspection
Anti-Virus
Detects and blocks known and zero-day attacks that target vulnerabilities
Shields web application vulnerabilities Provides increased visibility into,
or control over, applications accessing the network
Reduces attack surface. Prevents DoS & detects reconnaissance scans
Detects malicious and unauthorized changes to directories, files, registry keys…
Optimizes the identification of important security events buried in log entries
Detects and blocks malware (web threats, viruses & worms, Trojans)
Trend Micro Deep SecurityServer & application protection
Protection is delivered via Agent and/or Virtual Appliance
5 protection modules
IntegrityMonitoring
Copyright 2011 Trend Micro Inc.
Secure Cloud
20
Copyright 2011 Trend Micro Inc. 21
Trend Micro: Server Security LeadershipIDC Market Analysis: Worldwide Corporate Server Security Market Share
All Others77.1%
Trend Micro22.9%
Source: Worldwide Endpoint Security 2010-2014 Forecast and 2009 Vendor Shares, IDC
These products are generally more robust than desktop endpoint security and are available for a much wider set of operating systems (Windows, Unix, and Linux). This category also includes products that are designed to protect hypervisors and virtualservers.”
Copyright 2011 Trend Micro Inc.Classification 04/19/23 22
Securing Your Journey to the Cloud
THANK YOU!
Copyright 2011 Trend Micro Inc.
What’s the Solution?
• SecureCloud makes it possible for businesses to encrypt and control data in public and private cloud environments via simple policy-based key management. It gives businesses power over how and where data is accessed and greatly reduces the complexity of inherent in traditional key management solutions.
• For the Public Cloud: (Amazon.com or Terremark)
– Safely leverage operational and cost efficiencies of cloud computing– Control access to data in shared public cloud environments– Additional safety by authenticating virtual servers
• For the Private Cloud: (vCloud in customer’s data center)
• Segregation of sensitive data stored in internal shared storage• Greater ability to achieve compliance with regulations and best
practices
Copyright 2011 Trend Micro Inc.
Key Product Benefits (Continued)
• Secure Storage recycling– Residual data left on storage devices is unreadable after volumes
are terminated
• Auditing and logging functions– Helps ensure compliance with regulations, policies and best
practices– Reduces work required for external or internal investigations – Creates accountability and helps manage system resources
• Automated policy-based key management– Determines which virtual servers access data – Imposes security requirements and location constraints on VMs– Reduces the likelihood of malware infection, system cloning and
server modifications
24
Copyright 2011 Trend Micro Inc.
What is there to worry about?
Classification 04/19/23 25
Name: John DoeSSN: 425-79-0053
Visa #: 4456-8732…
Name: John DoeSSN: 425-79-0053
Visa #: 4456-8732…
Use of encryption is rare:• Now only authorized servers can read data!
Virtual volumes and servers are mobile: • Policies only allow access in authorized areas!
Rogue servers might access data: • Yes – but the information is unreadable and safe!
Rich audit and alerting modules lacking:• Now we have reports, alerts and audit trails!
Encryption keys remain with vendor:• No vendor lock-in since customer owns solution• Customer decides where keys are stored!
Virtual volumes contain residual data:•Doesn’t matter – disks are unreadable!
Copyright 2011 Trend Micro Inc.
SecureCloud Key Benefits
• SecureCloud is unique– Not just encryption: unique in the way it manages keys and its
environment– Excellent compliment to Deep Security
• Industry standard encryption– Makes data unreadable without encryption keys– Greatly reduces the risks of data theft, unauthorized data disclosure or
data modification
• Control of encryption keys– Know exactly where your keys are at all times– Vendor administrators with powerful rights unable to see information– Not subjected to lock-in with cloud vendor’s encryption system– Governments can no longer seize data without your knowledge
26
Copyright 2011 Trend Micro Inc.
What is there to worry about?
Classification 04/19/23 27
Name: John DoeSSN: 425-79-0053
Visa #: 4456-8732…
Name: John DoeSSN: 425-79-0053
Visa #: 4456-8732…
Use of encryption is rare:• Who can see your information?
Virtual volumes and servers are mobile: • Your data is mobile — has it moved?
Rogue servers might access data: • Who is attaching to your volumes?
Rich audit and alerting modules lacking:• What happened when you weren’t looking?
Encryption keys remain with vendor:• Are you locked into a single security solution? Who has access to your keys?
Virtual volumes contain residual data:• Are your storage devices recycled securely?
Copyright 2011 Trend Micro Inc.04/19/23 Page: 28
Copyright 2011 Trend Micro Inc.04/19/23 Page: 29
Copyright 2011 Trend Micro Inc.04/19/23 Page: 30