Upload
inevitablecloud
View
215
Download
2
Tags:
Embed Size (px)
DESCRIPTION
The Inevitable Cloud Conference (CLOUD WEEKEND) is the biggest Cloud Computing event in Egypt that is held annually since 2012. For more information: Facebook: https://www.facebook.com/TheInevitableCloud Linkedin: http://www.linkedin.com/company/2990722?goback=%2Efps_PBCK_inevitable+cloud_*1_*1_*1_*1_*1_*1_*2_*1_Y_*1_*1_*1_false_1_R_*1_*51_*1_*51_true_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2_*2&trk=prof-exp-company-name Contact us: [email protected]
Citation preview
Securing Your Journey to the Cloud
Rami Naccache – Sr. Presales EngineerTrend Micro Middle East
Data Center Evolution: Physical. Virtual. Cloud.
115/13/2013 Copyright 2013 Trend Micro Inc.
PhysicalDesktops & Servers
DesktopVirtualization
Server Virtualization
PrivateCloud
Hybrid Cloud Public Cloud
Mobile
BYOPC
Journey to the Cloud
Where is Your Data?
25/13/2013 Copyright 2013 Trend Micro Inc.
Copyright 2013 Trend Micro Inc.
Empower the business:Improve business agility by providing quick and
intuitive access to the right information, tools
and applications
Mitigate the risk:Protect sensitive information to maintain brand
and comply with regulations,
while controlling costs
CIO
BranchOffices
Main Campus
Mobile Workers
Fixed Telecommuters
Internet
DataCenter
SaaS
IaaSPrivatePublic
ENDPOINT
Infection via Social Engineering
Heavy User Touch Environment
Consumerization is key trend
SERVER
Infection via Threat Injection
Locked Down Mission-Critical Env.
Virtualization/Cloud is key trend
Journey to the Cloud
Endpoint and Server Security Diverging
Virtual CloudPhysical
Cross-platform Security
One Security Model is Possible across Physical, Virtual, and Cloud Environments
• New platforms don’t change the threat landscape
• Each platform has unique security risks
• Integrated security is needed across all platforms
55/13/2013 Copyright 2013 Trend Micro Inc.
Platform-specific Security Risks
One Security Model is Possible across Physical, Virtual, and Cloud Environments
Visibility & Threats
• Less visibility
• More external risks
Performance & Threats
• Security degrades
performance
• New VM-based threats
Manageability
• Glut of security products
• Less security
• Higher TCO
Virtual CloudPhysical
Increase Efficiency Deliver AgilityReduce Complexity
Integrated Security
Single Management Console
65/13/2013 Copyright 2013 Trend Micro Inc.
Physical
Consolidate Physical Security
Reduce Complexity
Advanced Reporting
Module
Single Management
Console
Firewall
HIPS /
Virtual
Patching
File Integrity
MonitoringAntivirusLog
Inspection
Web
Application
Protection
One Server Security Platform
Reduce Complexity
85/13/2013 Copyright 2013 Trend Micro Inc.
Virtual
Server and Desktop Virtualization Security
Increase Efficiency
Typical AV
Console3:00am Scan
Antivirus Storm
Automatic security scans overburden the system
Virtualization Security
Challenge: Resource Contention
105/13/2013 Copyright 2013 Trend Micro Inc.
Reactivated and cloned VMs can have out-of-date security
Dormant
Virtualization Security
Challenge: Instant-on Gaps
Active
Reactivated with
out dated security Cloned
115/13/2013 Copyright 2013 Trend Micro Inc.
Attacks can spread across VMs
Virtualization Security
Challenge: Inter-VM Attacks / Blind Spots
125/13/2013 Copyright 2013 Trend Micro Inc.
Virtualization Security
VM sprawl inhibits compliance
Challenge: Complexity of Management
Patch
agents
Rollout
patterns
Provisioning
new VMs
Reconfiguring
agents
135/13/2013 Copyright 2013 Trend Micro Inc.
• Antivirus
• Integrity Monitoring
Agentless Security for VMware — Antivirus and more
VM VM VM
The Old WaySecurity Virtual Appliance
VM VM VM
With Agentless Security
VM
• Intrusion Prevention
• Virtual Patching
• Firewall
• Web Application Protection
Virtualization Security
What is the Solution? A Dedicated Security Virtual Appliance
VM VM VM VMVM VM
Maximizes Performance and ROI
145/13/2013 Copyright 2013 Trend Micro Inc.
Sources: Tolly Enterprises Test Report, Trend Micro Deep Security vs. McAfee and Symantec, February 2011;
Saving estimate based on VMware ROI calculations
0 10 20 30 40 50 60 70 80
Traditional AV
Agentless AV
VM’s per host
75
25 3X higher VDI VM consolidation ratios
3-year Savings on 1000 VDI VMs = $539,600
Virtualization Security
Increased ROI with Agentless Security
Example: Agentless Antivirus
155/13/2013 Copyright 2013 Trend Micro Inc.
Security Virtual Appliance
VM VM VM
With Agentless Security
VM
Virtualization Security
What is the Solution? Layered, Virtualization-Aware Security in One Platform
VM VM VM VMVM VM
Protect your efforts to consolidate servers,
enable VDI, and support consumerization
Integrated Modules:
• Antivirus
• Integrity Monitoring
• Intrusion Prevention
• Web Application Protection
• Application Control
• Firewall
• Log Inspection
SimplifiedManagement
HigherDensity
OptimizedResources
StrongerSecurity
165/13/2013 Copyright 2013 Trend Micro Inc.
vShield
Endpoint
Security Virtual
Appliance
Other
VMware
APIs
Security agent
on individual VMs
Integrates
with
vCenter
Antivirus
Agentless
Agentless
IDS / IPS
Web Application Protection
Application Control
Firewall
Log Inspection
Agent-based
Virtualization Security
Integrity Monitoring
vSphere
Virtual
Environment
Virtualization Security
Fitting into the VMware Ecosystem
175/13/2013 Copyright 2013 Trend Micro Inc.
Hypervisor-integrated agentless antivirus released in Nov. 2010
1000 agentless security customers in the first year
Over 250,000 VMs are licensed for agentless antivirus
Agentless FIM released in 2012
Multiple agentless security modules now available
Largest customer purchase is 8,000 VMs
Most dense deployment is 300 VMs/host
“Deep Security provides a robust set of tools to add to your toolbox.
The realized performance improvement is visible to the naked eye.”
- Ed Haletky, Virtualization Practice (www.virtualizationpractice.com)
Virtualization Security
Trend Micro Market MomentumAgentless Security
185/13/2013 Copyright 2013 Trend Micro Inc.
AM Scan Performance
5/13/2013 19Copyright 2013 Trend Micro Inc.
1st AM
scan
2nd AM
scan
(cached)
Scan time ~ 20x faster
Significant DSVA CPU
Reduction
Huge IO Volume
Reduction
Cloud Computing
Cloud Deployments and Security
Deliver Agility
Additional Resources
• Scalability
• Cost savings
Provides business agility
Data Access
• Anytime, anywhere
• Device flexibility
Supports BYOD and consumerization
Security is the
#1 cloud adoption inhibitor
Sources: 1) Security Catalyst. Barometer Assessment: Final Report, Oct 14, 2011; 2) Trend Micro Survey, May 2011
Cloud Security
Why Companies Turn to the Cloud
215/13/2013 Copyright 2013 Trend Micro Inc.
Who is responsible for security?
• With IaaS the customer is responsible for VM-level security
• With SaaS or PaaS the service provider is responsible for security
Public Cloud
PaaS
Public Cloud
IaaS
Servers Virtualization &
Private Cloud
End-User (Enterprise) Service Provider
Public Cloud
SaaS
Cloud Security
Cloud Models: Who Has Control?
22Copyright 2013 Trend Micro Inc.5/13/2013
Cloud Security
Challenge: Multi-tenancy / Mixed Trust Level VMs
Shared resources creates a mixed trust level environment
235/13/2013 Copyright 2013 Trend Micro Inc.
Cloud Security
Challenge: Data Access and Governance
Cloud data can provide less visibility and control
1001001101101100
245/13/2013 Copyright 2013 Trend Micro Inc.
1001101110
00101
Cloud Security
Challenge: Data Destruction
When data is moved, unsecured data remnants can remain
1001101110
00101
100110
00101
255/13/2013 Copyright 2013 Trend Micro Inc.
Patient Medical RecordsCredit Card Payment
InformationSensitive Research ResultsSocial Security Numbers
• Unreadable for
unauthorized users
• Control of when and
where data is accessed
• Server validation
• Custody of keys
Encryptionwith Policy-based
Key Management
Cloud Security
Modular Protection
• Self-defending VM security
• Agentless and agent-based
• One management portal for
all modules, all deployments
vSphere & vCloud
Cloud Security
What is the Solution? Workload and Data Protection
Integration ensures servers have up-to-date
security before encryption keys are released
VM VM VM VMVM VM VM VMVM VM VM VM
Data Center Private Cloud Public Cloud
VMware vCloud
VMware
vSphere
Encryption throughout your cloud journey—
data protection for physical, virtual & cloud
1 Cloud Security
Fitting Encryption into a VMware Ecosystem
Enterprise Key
Key Service
Console
Encryption
Solution
275/13/2013 Copyright 2013 Trend Micro Inc.
Physical
Database
Storage
Virtual
Web Server
Mail Server
Web
Server
Enterprise
Providers
Deep Security
Web
Access
Securing Workloads
Physical, Private, and Public Clouds
VM
VMware VirtualizationSecurity
Virtual Appliance
VM VM VM VM
• Agentless security
• Layered server security
• Encryption for vSphere
Private Cloud
• Agentless security
• Layered server security
Security Virtual
ApplianceVM VM VM
Public Cloud
Server security console
• Shared policy profile
• Virtual patching
VM
VM VM VMVM
• Encryption for vCloud
• Compliance support
(FIM, Encryption, etc.)
Encryption console
• Shared policy profile
• Key ownership
• Agent-based security
• Layered server security
• Encryption for leading cloud providers
• Compliance support
(FIM, Encryption, etc.)
VM
Virtualization and Cloud Security
One Security Model
295/13/2013 Copyright 2013 Trend Micro Inc.
Trend Micro Confidential-NDA Required
Extending to cloud scale
• Resource-pooling – independent tenant policies/data forshared, multi-tenant clouds
• Elasticity – Automated deployment of components to cloud scale
• Self-service – Policies can be delegated by cloud admin to tenantsthrough self-service GUI
Same architecture can be deployed as security-as-a-service by IaaSpublic cloud providers, or within enterprise ITaaS for private clouds.
―Cloud Workloads Security‖ as a Service
Support for Multi-Tenant clouds
5/13/2013 31Copyright 2013 Trend Micro Inc.
Virtualization and Cloud Security
Leading Industry Success Stories
Trend Micro
Worldwide Endpoint Security
Revenue Share by Vendor, 2010
Source: IDC, 2011
Trend Micro
Source: 2011 Technavio – Global Virtualization
Security Management Solutions
Source: 2012 Technavio – Global
Cloud Security Software Market
Trend Micro is No.1 in Server, Virtualization, & Cloud Security
Why is Trend Micro an Expert?
#1 in Cloud Security
#1 in Virtualization
Security
#1 in Server
Security
Trend Micro
Trend Micro
Virtual CloudPhysical
Virtualization and Cloud Security
One Security Model is Possible
• Reduce Your Cost of Operations
• Reduce Your Investment in Management
• Increase Application Stability and Performance
• Achieve Compliance in Virtual and Cloud Environments
• Get Higher Virtualization and Cloud ROI
• Safely Use Private, Public, and Hybrid Clouds
335/13/2013 Copyright 2013 Trend Micro Inc.
Copyright 2013 Trend Micro Inc.
www.cloudjourney.com