Copyright 2011 Trend Micro Inc. Securing your Journey to the Cloud Kamal Sharma Technical Consultant Classification 8/27/2015 1

Copyright 2011 Trend Micro Inc. Classification 8/27/ Agenda The Cloud Landscape Security Challenges Journey to the Cloud Next Generation Security Infrastructure How it Works ? Summary

Copyright 2011 Trend Micro Inc. The Benefits of Virtualization & Cloud Computing Classification 8/27/ Reduce IT Capital Expense by 50% Reduce Administration overhead Reduce IT operational expense Increase Flexibility Reduce Carbon Footprint And more…

Copyright 2011 Trend Micro Inc. Stage 1 - Private Cloud Stage 1 - Private Cloud Stage Hybrid Cloud Stage Hybrid Cloud Stage Public Cloud Stage Public Cloud 15%30% 70% 85% Servers Desktops Customer Cloud Journey Secure The Cloud Workload Secure The Cloud Workload Protect The Workload Data Protect The Workload Data Consolidate Security Across DC & Cloud Consolidate Security Across DC & Cloud

Copyright 2011 Trend Micro Inc. Cloud Layers Three basic cloud layers: IaaS, PaaS, SaaS –IaaS: is the cloud layer in which cloud consumers have the ability to provision virtual servers, storage, networks, and other fundamental computing resources –PaaS: provides a development platform, sandbox and management system to develop, and in some cases, sell the applications that will be operated in the cloud. –SaaS: capability for a consumer to use the provider’s applications running on a cloud infrastructure. Trend Micro Confidential8/27/2015 5

Copyright 2011 Trend Micro Inc. Types of cloud computing & examples Classification 8/27/ Cloud Applications Software-as-a-Service Cloud Software Development Platform-as-a-Service Cloud-based Infrastructure Infrastructure-as-a-Service

Copyright 2011 Trend Micro Inc. Who Has Control? ServersVirtualization & Private Cloud Public Cloud PaaS Public Cloud IaaS End-User (Enterprise) Service Provider Public Cloud SaaS 7 Trend Micro Confidential 8/27/2015

Copyright 2011 Trend Micro Inc. Source: Source: IDC eXchange, "New IDC IT Cloud Services Survey: Top Benefits and Challenges," ( December 2009 “The number one concern about cloud services is security.” Frank Gens, IDC, Senior VP & Chief Analyst Key Challenges/Issues to the Cloud/On-demand Model

Copyright 2011 Trend Micro Inc. Stage 1 - Private Cloud Stage 1 - Private Cloud Stage Hybrid Cloud Stage Hybrid Cloud Stage Public Cloud Stage Public Cloud 15%30% 70% 85% Servers Desktops What is there to Worry ? -Traditional Security Approach -VM Sprawl / Cloning, V-Motion -Inter VM Communication -Resource Contention - Use of Encryption is rare - Virtual volumes and servers are mobile - Virtual volumes contain residual data -Compliance Concern -Rogue servers might access data

Copyright 2011 Trend Micro Inc. PrivatePublicCloud Data destruction Diminished perimeter Resource Contention Multi-tenancy Data access & governance Complexity of Management Mixed trust level VMs Compliance/ Lack of audit trail Virtualization Adoption Rate Security Challenges Along the Virtualization Journey Inter-VM attacks Instant-on gaps Host controls under-deployed

Copyright 2011 Trend Micro Inc. How do we get there – a journey to the cloud Virtualization Dynamic Data Center with Shared System, Share Storage Cloud Application New Platform for New Apps. Example, Web Defacing, SQL Injection 3G Network Net Devices Ubiquitous, Borderless Data Access, Data Everywhere Data Centric Protection Ownership of Data vs. Computing Confidentiality & Access Control Hybrid Cloud Management Security That Fits Cloud Infrastructure Cloud Data Cloud Application Cloud End Devices Deep Security Office Scan, Titanium, Safe Sync Secure Cloud Deep Security

Copyright 2011 Trend Micro Inc. Next Generation Security Infrastructure Classification 8/27/

Copyright 2011 Trend Micro Inc. Virtualization DMZ Mission Critical Servers Internet Firewall Web / IDS / IPS Firewall IDS / IPS Anti-malware Firewall IDS/IPS Endpoints Virtualization Virtual Appliance

Copyright 2011 Trend Micro Inc. Cloud Computing DMZ Mission Critical Servers Internet Firewall IDS / IPS Anti-malware Firewall IDS/IPS Endpoints Virtual Appliance Public Cloud Computing Agent-based protection Anti-malware Firewall IDS/IPS Integrity Monitoring Encryption Firewall Web / IDS / IPS

Copyright 2011 Trend Micro Inc. Next Generation Security DMZ Mission Critical Servers Internet Firewall Web / IDS / IPS Firewall IDS / IPS Endpoints Cloud Computing

Copyright 2011 Trend Micro Inc. How it Works ? Classification 8/27/

Copyright 2011 Trend Micro Inc. What is Deep Security? Server & application protection for: 17 PHYSICALVIRTUAL & PRIVATE CLOUD PUBLIC CLOUD Deep Packet Inspection IDS / IPS Web App. Protection Application Control Firewall Integrity Monitoring Integrity Monitoring Log Inspection Log Inspection Malware Protection 8/27/2015

Copyright 2011 Trend Micro Inc. 18 Trend Micro Deep Security Server & application protection Latest anti-malware module adds to existing set of advanced protection modules Firewall Web app protection Log Inspection Integrity Monitoring Anti- Malware Intrusion Detection Prevention

Copyright 2011 Trend Micro Inc. 19 IDS / IPS Web Application Protection Application Control Firewall Deep Packet Inspection Log Inspection Anti-Virus Detects and blocks known and zero-day attacks that target vulnerabilities Shields web application vulnerabilities Provides increased visibility into, or control over, applications accessing the network Reduces attack surface. Prevents DoS & detects reconnaissance scans Detects malicious and unauthorized changes to directories, files, registry keys… Optimizes the identification of important security events buried in log entries Detects and blocks malware (web threats, viruses & worms, Trojans) Trend Micro Deep Security Server & application protection Protection is delivered via Agent and/or Virtual Appliance 5 protection modules Integrity Monitoring

Copyright 2011 Trend Micro Inc. Secure Cloud 20

Copyright 2011 Trend Micro Inc. 21 Trend Micro: Server Security Leadership IDC Market Analysis: Worldwide Corporate Server Security Market Share All Others 77.1% Trend Micro 22.9% Source: Worldwide Endpoint Security Forecast and 2009 Vendor Shares, IDC These products are generally more robust than desktop endpoint security and are available for a much wider set of operating systems (Windows, Unix, and Linux). This category also includes products that are designed to protect hypervisors and virtual servers.”

Copyright 2011 Trend Micro Inc. Classification 8/27/ Securing Your Journey to the Cloud THANK YOU!

Copyright 2011 Trend Micro Inc. What’s the Solution? SecureCloud makes it possible for businesses to encrypt and control data in public and private cloud environments via simple policy- based key management. It gives businesses power over how and where data is accessed and greatly reduces the complexity of inherent in traditional key management solutions. For the Public Cloud: (Amazon.com or Terremark) –Safely leverage operational and cost efficiencies of cloud computing –Control access to data in shared public cloud environments –Additional safety by authenticating virtual servers For the Private Cloud: (vCloud in customer’s data center) Segregation of sensitive data stored in internal shared storage Greater ability to achieve compliance with regulations and best practices

Copyright 2011 Trend Micro Inc. Key Product Benefits (Continued) Secure Storage recycling –Residual data left on storage devices is unreadable after volumes are terminated Auditing and logging functions –Helps ensure compliance with regulations, policies and best practices –Reduces work required for external or internal investigations –Creates accountability and helps manage system resources Automated policy-based key management –Determines which virtual servers access data –Imposes security requirements and location constraints on VMs –Reduces the likelihood of malware infection, system cloning and server modifications 24

Copyright 2011 Trend Micro Inc. What is there to worry about? Classification 8/27/ Name: John Doe SSN: Visa #: … Name: John Doe SSN: Visa #: … Use of encryption is rare: Now only authorized servers can read data! Virtual volumes and servers are mobile: Policies only allow access in authorized areas! Rogue servers might access data: Yes – but the information is unreadable and safe! Rich audit and alerting modules lacking: Now we have reports, alerts and audit trails! Encryption keys remain with vendor: No vendor lock-in since customer owns solution Customer decides where keys are stored! Virtual volumes contain residual data: Doesn’t matter – disks are unreadable!

Copyright 2011 Trend Micro Inc. SecureCloud Key Benefits SecureCloud is unique –Not just encryption: unique in the way it manages keys and its environment –Excellent compliment to Deep Security Industry standard encryption –Makes data unreadable without encryption keys –Greatly reduces the risks of data theft, unauthorized data disclosure or data modification Control of encryption keys –Know exactly where your keys are at all times –Vendor administrators with powerful rights unable to see information –Not subjected to lock-in with cloud vendor’s encryption system –Governments can no longer seize data without your knowledge 26

Copyright 2011 Trend Micro Inc. What is there to worry about? Classification 8/27/ Name: John Doe SSN: Visa #: … Name: John Doe SSN: Visa #: … Use of encryption is rare: Who can see your information? Virtual volumes and servers are mobile: Your data is mobile — has it moved? Rogue servers might access data: Who is attaching to your volumes? Rich audit and alerting modules lacking: What happened when you weren’t looking? Encryption keys remain with vendor: Are you locked into a single security solution? Who has access to your keys? Virtual volumes contain residual data: Are your storage devices recycled securely?

Copyright 2011 Trend Micro Inc. 8/27/2015 Page: 28

Copyright 2011 Trend Micro Inc. 8/27/2015 Page: 29

Copyright 2011 Trend Micro Inc. 8/27/2015 Page: 30