Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing your Journey to the Cloud

Published byClement Lane Modified over 5 years ago

Similar presentations

Presentation on theme: "Securing your Journey to the Cloud"— Presentation transcript:

1 Securing your Journey to the Cloud
Kamal Sharma• Technical Consultant Classification 9/15/2018

2 Next Generation Security Infrastructure How it Works ? Summary
Agenda The Cloud Landscape Security Challenges Journey to the Cloud Next Generation Security Infrastructure How it Works ? Summary Classification 9/15/2018

3 The Benefits of Virtualization & Cloud Computing
Reduce IT Capital Expense by 50% Reduce Administration overhead Reduce IT operational expense And more… Reduce Carbon Footprint Increase Flexibility Reduce IT Capital Expense by 50% Reduce Administration overhead Reduce IT operational expense Increase Flexibility Reduce Carbon Footprint And more… Classification 9/15/2018

4 Customer Cloud Journey
Stage 1 - Private Cloud Stage Hybrid Cloud Stage Public Cloud 15% 30% 70% 85% Desktops Servers Secure The Cloud Workload Protect The Workload Data Consolidate Security Across DC & Cloud This depends where the cloud abstraction layer is relative to the user’s data center Three different deployments models: Public Cloud: cloud service provider hosts cloud environment and rents resources to the general public Think Amazon Amazon EC2, GoGrid, Rackspace, Savvis Private Cloud: either internal to the customer’s data center or hosted by another provider – but resources are dedicated to a single, defined entity Think Vmware vCloud, Rackspace, Hybrid Cloud: joining public and private clouds to take advantage the near infinite, instant-on resources offered by the public cloud without long procurement and provisioning cycles Think Eucalyptus, RightScale

5 Cloud Layers Three basic cloud layers: IaaS, PaaS, SaaS
IaaS: is the cloud layer in which cloud consumers have the ability to provision virtual servers, storage, networks, and other fundamental computing resources PaaS: provides a development platform, sandbox and management system to develop, and in some cases, sell the applications that will be operated in the cloud. SaaS: capability for a consumer to use the provider’s applications running on a cloud infrastructure. IaaS: is the cloud layer in which cloud consumers have the ability to provision virtual servers, storage, networks, and other fundamental computing resources PaaS: provides a development platform, sandbox and management system to develop, and in some cases, sell the applications that will be operated in the cloud SaaS: capability for a consumer to use the provider’s applications running on a cloud infrastructure Trend Micro Confidential9/15/2018

6 Types of cloud computing & examples
Applications Software-as-a-Service Cloud Software Development Platform-as-a-Service Cloud-based Infrastructure Infrastructure-as-a-Service This depends where the cloud abstraction layer is relative to the user’s data center Three different deployments models: Public Cloud: cloud service provider hosts cloud environment and rents resources to the general public Think Amazon Amazon EC2, GoGrid, Rackspace, Savvis Private Cloud: either internal to the customer’s data center or hosted by another provider – but resources are dedicated to a single, defined entity Think Vmware vCloud, Rackspace, Hybrid Cloud: joining public and private clouds to take advantage the near infinite, instant-on resources offered by the public cloud without long procurement and provisioning cycles Think Eucalyptus, RightScale Classification 9/15/2018

7 End-User (Enterprise)
Who Has Control? Servers Virtualization & Private Cloud Public Cloud IaaS Public Cloud PaaS Public Cloud SaaS End-User (Enterprise) Service Provider Trend Micro Confidential 9/15/2018

8 “The number one concern about cloud services is security.”
Frank Gens, IDC, Senior VP & Chief Analyst Key Challenges/Issues to the Cloud/On-demand Model “By far, the number one concern about cloud services is Security. With their businesses’ information and critical IT resources outside the firewall, customers worry about their vulnerability to attack.” Source: Source: IDC eXchange, "New IDC IT Cloud Services Survey: Top Benefits and Challenges," ( December 2009

9 What is there to Worry ? Stage 1 - Private Cloud Stage 2 - 2011
Hybrid Cloud Stage Public Cloud 15% 30% 70% 85% Desktops Servers -Traditional Security Approach VM Sprawl / Cloning, V-Motion Inter VM Communication Resource Contention - Use of Encryption is rare Virtual volumes and servers are mobile Virtual volumes contain residual data Compliance Concern Rogue servers might access data

10 Security Challenges Along the Virtualization Journey
Private Public Cloud Data destruction 11 Multi-tenancy 10 9 Diminished perimeter Data access & governance 8 Compliance/ Lack of audit trail 7 Complexity of Management 6 Resource Contention 5 Virtualization Adoption Rate Mixed trust level VMs 4 Instant-on gaps 3 Inter-VM attacks 2 Host controls under-deployed 1

11 How do we get there – a journey to the cloud
Virtualization 3G Network Net Devices Cloud Infrastructure Cloud End Devices Hybrid Cloud Management Security That Fits Dynamic Data Center with Shared System, Share Storage Deep Security Office Scan, Titanium, Safe Sync Ubiquitous, Borderless Data Access, Data Everywhere Data Centric Protection Cloud Application Cloud Data Cloud Application Ownership of Data vs. Computing Confidentiality & Access Control Deep Security New Platform for New Apps. Example, Web Defacing, SQL Injection Secure Cloud

12 Next Generation Security Infrastructure
Classification 9/15/2018

13 Mission Critical Servers
Virtualization Virtualization Virtual Appliance Anti-malware Firewall IDS/IPS DMZ Firewall Web / IDS / IPS Internet Firewall Mission Critical Servers IDS / IPS Endpoints

14 Mission Critical Servers
Public Cloud Computing Cloud Computing Virtual Appliance Agent-based protection Anti-malware Firewall IDS/IPS Integrity Monitoring Encryption Anti-malware Firewall IDS/IPS DMZ Firewall Web / IDS / IPS Internet Firewall Mission Critical Servers IDS / IPS Endpoints

15 Next Generation Security
Cloud Computing Next Generation Security DMZ Firewall Web / IDS / IPS Internet Firewall Mission Critical Servers IDS / IPS Endpoints

16 How it Works ? Classification 9/15/2018

17 What is Deep Security? Server & application protection for:
PHYSICAL VIRTUAL & PRIVATE CLOUD PUBLIC CLOUD Deep Packet Inspection Firewall Integrity Monitoring Log Inspection Malware Protection IDS / IPS Web App. Protection Application Control 9/15/2018

18 Intrusion Detection Prevention
Trend Micro Deep Security Server & application protection Latest anti-malware module adds to existing set of advanced protection modules Anti-Malware Firewall Intrusion Detection Prevention Web app protection Log Inspection Integrity Monitoring

19 Trend Micro Deep Security Server & application protection
5 protection modules Deep Packet Inspection Detects and blocks known and zero-day attacks that target vulnerabilities IDS / IPS Shields web application vulnerabilities Web Application Protection Provides increased visibility into, or control over, applications accessing the network Application Control Reduces attack surface. Prevents DoS & detects reconnaissance scans Detects and blocks malware (web threats, viruses & worms, Trojans) Firewall Anti-Virus Optimizes the identification of important security events buried in log entries Detects malicious and unauthorized changes to directories, files, registry keys… Log Inspection Integrity Monitoring Protection is delivered via Agent and/or Virtual Appliance

20 Secure Cloud >> SecureCloud provides a data encryption layer within a machine image to decrypt customer data in real-time after the appropriate credentials have been validated. Likewise, SecureCloud encrypts customer data in real-time when putting the information back into data storage. SecureCloud provides and maintains your encryption keys. The virtual machine image does not store encryption or decryption keys. SecureCloud also provides other management capabilities such as limited reporting and auditing functions. 20

21 Trend Micro: Server Security Leadership
IDC Market Analysis: Worldwide Corporate Server Security Market Share Trend Micro 22.9% All Others 77.1% Trend Micro fits into the new threat landscape (build) These products are generally more robust than desktop endpoint security and are available for a much wider set of operating systems (Windows, Unix, and Linux).  This category also includes products that are designed to protect hypervisors and virtual servers.” Source: Worldwide Endpoint Security Forecast and 2009 Vendor Shares, IDC

22 Securing Your Journey to the Cloud THANK YOU!
Classification 9/15/2018

23 What’s the Solution? SecureCloud makes it possible for businesses to encrypt and control data in public and private cloud environments via simple policy-based key management. It gives businesses power over how and where data is accessed and greatly reduces the complexity of inherent in traditional key management solutions. For the Public Cloud: (Amazon.com or Terremark) Safely leverage operational and cost efficiencies of cloud computing Control access to data in shared public cloud environments Additional safety by authenticating virtual servers For the Private Cloud: (vCloud in customer’s data center) Segregation of sensitive data stored in internal shared storage Greater ability to achieve compliance with regulations and best practices Key Benefits Encryption makes data unreadable and unusable to those without the encryption keys, reducing risks of data theft, unauthorized data exposure or malicious manipulation Constant custody and control of encryption keys allows users to determine when and by whom data is decrypted.

24 Key Product Benefits (Continued)
Secure Storage recycling Residual data left on storage devices is unreadable after volumes are terminated Auditing and logging functions Helps ensure compliance with regulations, policies and best practices Reduces work required for external or internal investigations Creates accountability and helps manage system resources Automated policy-based key management Determines which virtual servers access data Imposes security requirements and location constraints on VMs Reduces the likelihood of malware infection, system cloning and server modifications Secure storage recycling: Customers might have only a temporary need for cloud storage and volumes that once contained sensitive information will eventually be terminated. This creates a problem because the physical devices that supported these virtual volumes still contain remnants of customer data. These devices will be provisioned to different cloud users. Sophisticated administrators could access and read this sensitive information if the cloud vendor has not overwritten devices before provisioning them. Data encrypted by SecureCloud with AES is nearly impossible to decipher without the correct encryption key and will appear unintelligible to someone searching for lingering information. Audit and logging functions: Audit logging of events establishes user accountability and reduces the scope of any necessary forensic investigation. Audit features help companies keep in compliance with internal security policies, industry best practices and external regulations. System reports keep administrators informed of SecureCloud usage and administrative details. Automated policy-based key management: This is really the factor that sets SecureCloud apart from competitors. Encrypting information is easy and other key management solutions already exist. SecureCloud approaches key management and data access in a unique way. Virtual servers starting in the cloud must first authenticate to the SecureCloud key server with credentials that have been encrypted in the virtual machine’s kernel. Servers without these credentials will not be given encryption keys and will be unable to read data on secure volumes. Further, these credentials contain information about the security parameters associated with the respective server. These security parameters reduce the likelihood of malware infection, control geographic locations in which the server is allowed to operate and takes away an attackers ability to modify important system settings.

25 What is there to worry about?
Name: John Doe SSN: Visa #: … Use of encryption is rare: Now only authorized servers can read data! Virtual volumes and servers are mobile: Policies only allow access in authorized areas! Rogue servers might access data: Yes – but the information is unreadable and safe! Name: John Doe SSN: Visa #: … Rich audit and alerting modules lacking: Now we have reports, alerts and audit trails! Encryption keys remain with vendor: No vendor lock-in since customer owns solution Customer decides where keys are stored! Virtual volumes contain residual data: Doesn’t matter – disks are unreadable! Classification 9/15/2018

26 SecureCloud Key Benefits
SecureCloud is unique Not just encryption: unique in the way it manages keys and its environment Excellent compliment to Deep Security Industry standard encryption Makes data unreadable without encryption keys Greatly reduces the risks of data theft, unauthorized data disclosure or data modification Control of encryption keys Know exactly where your keys are at all times Vendor administrators with powerful rights unable to see information Not subjected to lock-in with cloud vendor’s encryption system Governments can no longer seize data without your knowledge SecureCloud is unique: While other whole disk encryption or key management solutions exist (e.g.: Vormetric or PGP/Symantec), no other product integrates with the virtual environment like SC. SecureCloud is not just encryption but a unique way to manage keys and control access to data by authenticating virtual machine access in public or private clouds. When combined with Deep Security, Trend Micro can provide customers with an overall cloud security solution. Deep Security can create a secure barrier for virtual environments while SecureCloud protects all that data stored within that barrier. Industry standard encryption: 128 or 256-bit AES encryption makes data unreadable and unusable to those without the encryption key. Rendering the data useless greatly reduces risk if the information is stolen or that the information will be revealed to unauthorized parties. It also reduces the risk that the data will be changed since one will not understand its structure or content. Control of encryption keys: Users determine where encryption keys are stored and who gets access to them. Our SaaS solution adds value to the customer by moving physical storage of keys away from the cloud infrastructure provider. This stops infrastructure administrators from accessing data or keys and gives customers the freedom to move data from one provider to another without the fear of vendor lock-in. Our on-premise solution gives customers even more control by keeping keys within their trusted environment and controlling custody at all times. (Downside: this produces yet another key server in the customer environment that must be managed, maintained and secured.) A secondary benefit comes from separating the custody of keys from the cloud infrastructure provider when we consider potentially invasive legislation like the US Patriot Act. Governance like this allows federal agencies (like the Federal Bureau of Investigation) to present vendors with subpoenas and seize data without informing or getting consent from data owners. Now, even though encrypted volumes can taken but they remain useless without the encryption keys. The intruding agencies must now inform and negotiate with the data owners to get access to useful data.

27 What is there to worry about?
Name: John Doe SSN: Visa #: … Use of encryption is rare: Who can see your information? Virtual volumes and servers are mobile: Your data is mobile — has it moved? Rogue servers might access data: Who is attaching to your volumes? Name: John Doe SSN: Visa #: … Rich audit and alerting modules lacking: What happened when you weren’t looking? Encryption keys remain with vendor: Are you locked into a single security solution? Who has access to your keys? Virtual volumes contain residual data: Are your storage devices recycled securely? Classification 9/15/2018

28 9/15/2018

29 9/15/2018

30 9/15/2018

Download ppt "Securing your Journey to the Cloud"

Similar presentations

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.

1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.
Joey Yep Technical Marketing, Seagate CSS Creating a Competitive Advantage with Cloud.

Joey Yep Technical Marketing, Seagate CSS Creating a Competitive Advantage with Cloud.
Matt Hubbard Regional Product Marketing Securing Today’s Computing Ecosystem: Physical, Virtual and Cloud Confidential | Copyright.

Matt Hubbard Regional Product Marketing Securing Today’s Computing Ecosystem: Physical, Virtual and Cloud Confidential | Copyright.
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.

INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.

What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.
© 2010 VMware Inc. All rights reserved Confidential VMware Vision Jarod Martin Senior Solutions Engineer.

© 2010 VMware Inc. All rights reserved Confidential VMware Vision Jarod Martin Senior Solutions Engineer.
Copyright 2009 Trend Micro Inc. Classification 11/3/10 1 Andy Dancer CTO – Trend Micro, EMEA Virtualisation and Cloud: New security for a new era.

Copyright 2009 Trend Micro Inc. Classification 11/3/10 1 Andy Dancer CTO – Trend Micro, EMEA Virtualisation and Cloud: New security for a new era.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
© 2004-2014. Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.

© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Copyright 2011 Trend Micro Inc. Securing your Journey to the Cloud Kamal Sharma Technical Consultant Classification 8/27/2015 1.

Copyright 2011 Trend Micro Inc. Securing your Journey to the Cloud Kamal Sharma Technical Consultant Classification 8/27/
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
Copyright 2009 Trend Micro Inc. OfficeScan 10.5 VDI-aware endpoint security.

Copyright 2009 Trend Micro Inc. OfficeScan 10.5 VDI-aware endpoint security.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.

Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.

Similar presentations

Ads by Google