Mitigating Risks with Cloud Computing Dan Reis

Similar documents
Why the cloud matters?

Securing Your Virtual World Harri Kaikkonen Channel Manager

Introduction To Cloud Computing

Journey to the Cloud. Jeff Hoehing, Principal Consultant

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Verizon Software Defined Perimeter (SDP).

VMware Hybrid Cloud Solution

Security Models for Cloud

Cloud Computing Overview. The Business and Technology Impact. October 2013

Cloud Computing. Vania Marangozova-Martin. ibd.forge.imag.fr

PCI DSS Compliance. White Paper Parallels Remote Application Server

Best Practices in Securing a Multicloud World

ALERT LOGIC LOG MANAGER & LOG REVIEW

Privacy hacking & Data Theft

Cloud Computing introduction

Multi Packed Security Addressing Challenges in Cloud Computing

Introduction to Cloud Computing. [thoughtsoncloud.com] 1

CLOUD COMPUTING. Lecture 4: Introductory lecture for cloud computing. By: Latifa ALrashed. Networks and Communication Department

Copyright 2011 Trend Micro Inc.

Cloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION

Distributed Systems. 31. The Cloud: Infrastructure as a Service Paul Krzyzanowski. Rutgers University. Fall 2013

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Rijndael Encryption Technique for User Authentication in Cloud Computing

Data Encryption for VMware vcloud Hybrid Service

Cloud Computing and Service-Oriented Architectures

Securing Data in the Cloud: Point of View

CHEM-E Process Automation and Information Systems: Applications

NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

Virtual Machine Encryption Security & Compliance in the Cloud

Copyright 2011 EMC Corporation. All rights reserved.

Cloud Computing: Making the Right Choice for Your Organization

Cloud Computing, SaaS and Outsourcing

Chapter. Securing the Cloud THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:

CLOUD COMPUTING. Rajesh Kumar. DevOps Architect.

Demystifying the Cloud With a Look at Hybrid Hosting and OpenStack

Securing Your Most Sensitive Data

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

1-2-3 Webinar: Demystifying the Cloud

Cloud Customer Architecture for Securing Workloads on Cloud Services

1/10/2011. Topics. What is the Cloud? Cloud Computing

The 11-point checklist for SMB Microsoft Azure Cloud users

CHAPTER 2 BASICS OF CLOUD COMPUTING

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

Programowanie w chmurze na platformie Java EE Wykład 1 - dr inż. Piotr Zając

Moving Workloads to the Public Cloud? Don t Forget About Security.

GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.

How to avoid storms in the cloud. The Australian experience and global trends

Transform Your Business To An Open Hybrid Cloud Architecture. Presenter Name Title Date

Cloud-Security: Show-Stopper or Enabling Technology?

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

Innovative Solutions. Trusted Performance. Intelligently Engineered. Comparison of SD WAN Solutions. Technology Brief

On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor

VMware, SQL Server and Encrypting Private Data Townsend Security

The Challenge of Cloud Security

VMware, SQL Server and Encrypting Private Data Townsend Security

Cloud Computing An IT Paradigm Changer

Cloud Infrastructure and Operations Chapter 2B/8 Page Main concept from which Cloud Computing developed

Cloud Computing and Service-Oriented Architectures

BRINGING CLARITY TO THE CLOUD

Azure SQL Database Basics

Cloud Computing in the enterprise: Not if, but when and how?

2017 RIMS CYBER SURVEY

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

CipherCloud CASB+ Connector for ServiceNow

Network Security Protection Alternatives for the Cloud

Choosing the Right Cloud. ebook

Privacy and Security in the Age of Meaningful Use

COMPLIANCE IN THE CLOUD

NetApp Private Storage for Cloud: Solving the issues of cloud data privacy and data sovereignty

CLOUD COMPUTING WHAT HEALTH CARE INTERNAL AUDITORS NEED TO KNOW GABRIELA MERINO DIRECTOR BUSINESS ADVISORY SERVICES

Securing the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA

10 Considerations for a Cloud Procurement. March 2017

COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Teradata and Protegrity High-Value Protection for High-Value Data

Conceptual Information of Cloud Computing & Migration with Its Security Approaches Renuka Bareth 1 Rakesh Patel 2 Meenu Rani Dey 3

Clouds in the Forecast. Factors to Consider for In-House vs. Cloud-Based Systems and Services

The simplified guide to. HIPAA compliance

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

McAfee Database Security

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

CLOUD FORENSICS : AN OVERVIEW. Kumiko Ogawa

Recommendations for Implementing an Information Security Framework for Life Science Organizations

Open Hybrid Cloud & Red Hat Products Announcements

VMware vcloud Service Definition for a Public Cloud. Version 1.6

Intermedia s Private Cloud Exchange

Examining Public Cloud Platforms

Healthcare in the Public Cloud DIY vs. Managed Services

Deep Security 9. A Server Security Platform for Physical, Virtual, Cloud. Territory Sales Manager SEE, Trend Micro. Copyright 2011 Trend Micro Inc.

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology

Cloud Computing: Is it safe for you and your customers? Alex Hernandez DefenseStorm

DATACENTER AS A SERVICE. We unburden you at the level you desire

Capgemini Dynamic Services

WHITE PAPER. Five AWS Practices. Enhancing Cloud Security through Better Visibility

Data Security and Privacy Principles IBM Cloud Services

Transcription:

Mitigating Risks with Cloud Computing Dan Reis Director of U.S. Product Marketing Trend Micro

Agenda Cloud Adoption Key Characteristics The Cloud Landscape and its Security Challenges The SecureCloud Solution Addressing a primary concern in Cloud Adoption Trend Micro Confidential6/22/2011 Copyright 2009 Trend Micro Inc. 2

Why the Cloud Matters Speed and Business Impact Expertise and Performance Significant Cost Reduction 1) The Cloud Imperative If by mid-year you have not developed and begun to execute upon an ambitious and enterprise-wide cloud strategy, then by year-end the odds are good you'll no longer be a CIO. Global CIO: The Top 10 CIO Issues For 2010 InformationWeek, 21 December 2009 Trend Micro Confidential6/22/2011 Copyright 2009 Trend Micro Inc. 3

Cloud Adoption Primary customer concerns for cloud adoption: Security, Availability, Vendor Viability, Maturity 2010 Global Cloud Services Revenue to reach $68.3bil 16.6% growth from 2009 2014 projected growth to $148.8bil Over the course of the next 5 years, enterprises will cumulatively spend $112bil on SaaS, PaaS and IaaS Economic downturn has made cloud computing more attractive US percentage of 2010 Global Cloud Services utilization at 60%, 50% by 2014 - translating into $74.4bil cloud revenue Gartner June 2010 Trend Micro Confidential6/22/2011 Copyright 2009 Trend Micro Inc. 4

Cloud Computing and Key Characteristics Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. National Institute of Standards & Technology (NIST), USA 5 Key Cloud Characteristics Multi-tenancy Massively scalability Elasticity On-demand, pay per use access Location independence Copyright 2009 Trend Micro Inc. 6/22/2011 Page: 5

Cloud Where is It? This depends where the cloud abstraction layer is relative to the user s data center Three different deployments models: Public Cloud: cloud service provider hosts cloud environment and rents resources to the general public Think Amazon Amazon EC2, GoGrid, Rackspace, Savvis Private Cloud: either internal to the customer s data center or hosted by another provider but resources are dedicated to a single, defined entity Think Vmware vcloud, Rackspace, Hybrid Cloud: joining public and private clouds to take advantage the near infinite, instant-on resources offered by the public cloud without long procurement and provisioning cycles Think Eucalyptus, RightScale Trend Micro Confidential6/22/2011 Copyright 2009 Trend Micro Inc. 6

The Clouds Challenge for Data Security Classification 6/22/2011 Copyright 2009 Trend Micro Inc. 7

Who Has Control? Servers Virtualization & Private Cloud Public Cloud IaaS Public Cloud PaaS Public Cloud SaaS End-User (Enterprise) Service Provider Trend Micro Confidential 6/22/2011 Copyright 2009 Trend Micro Inc. 8

The Challenge of Securing Data Datacenter Perimeter Public Cloud Company n Company 5 Company 4 Company 3 Company 2 Company 1 App 1 App 2 App 3 App 1 App 2 App 3 App 4 App 5 App n Hypervisor Hypervisor Strong perimeter security No shared CPU No shared network No shared storage Weak perimeter security Shared CPU Shared network Shared storage Traditional outside-in approach is inadequate in an inside-out cloud world full of strangers Trend Micro Confidenttial 6/22/2011 Copyright 2009 Trend Micro Inc. 9

What is there to worry about? Use of encryption is rare: Who can see your information? Name: John Doe SSN: 425-79-0053 Visa #: 4456-8732 Virtual volumes and servers are mobile: Your data is mobile has it moved? Rogue servers might access data: Who is attaching to your volumes? Rich audit and alerting modules lacking: What happened when you weren t looking? Name: John Doe SSN: 425-79-0053 Visa #: 4456-8732 Encryption keys remain with vendor: Are you locked into a single security solution? Who has access to your keys? Virtual volumes contain residual data: Are your storage devices recycled securely? Classification 6/22/2011 Copyright 2009 Trend Micro Inc. 10

Challenges for Public Cloud Shared network inside the firewall Multiple customers on one physical server potential for attacks via the hypervisor Internet Shared Firewall Shared Storage Shared firewall Lowest common denominator less fine grained control Easily copied machine images who else has your server? Virtual Servers Shared storage is customer segmentation secure against attack? Copyright 2009 Trend Micro Inc. Trend Micro Confidential 6/22/2011 11

Addressing the Security Challenges of the Cloud Classification 6/22/2011 Copyright 2009 Trend Micro Inc. 12

What Should a Cloud Solution Do? Control - Allow businesses to encrypt and control data in public and private cloud environments via simple policy-based key management, to give businesses power over how and where data is accessed and greatly reduces the complexity inherent in traditional key management solutions. For the Public Cloud: (Amazon.com or Terremark) Safely leverage operational and cost efficiencies of cloud computing Control access to data in shared public cloud environments Additional safety by authenticating virtual servers For the Private Cloud: (vcloud in customer s data center) Segregation of sensitive data stored in internal shared storage Greater ability to achieve compliance with regulations and best practices Copyright 2009 Trend Micro Inc.

How it Works 14 Copyright 2009 Trend Micro Inc.

The Basics: What Should Cloud Security Do? Encrypt data in public or private cloud environments Industry standard AES encryption (128, 192 or 256-bit keys) Manage encryption keys Typically a very tedious, detailed and expensive activity Management happens either in Trend s data center or in customer s Authenticate servers requesting access to data Policy-based system gives wide range of factors on which key deployment decisions are made Delivers keys securely over encrypted SSL channels Audit, alerts, and reports on key delivery activities Multiple reports and alerting mechanisms available Trend Micro Confidential6/22/2011 Copyright 2009 Trend Micro Inc. 15

Data Encryption Protect customer from data breaches because info is now unreadable to anyone without access to encryption keys Includes external storage administrators employed by cloud vendors or internal customer employees Segregate sensitive information from less important data Important in private cloud environments mitigates insider threat Virtually destroy information in the cloud Unruly, nomadic information no longer a concern Enable compliance with various data regulations HIPAA, HITECH, SOX, PCI DSS, EU Data Privacy Directive Trend Micro Confidential6/22/2011 Copyright 2009 Trend Micro Inc. 16

Encryption Key Management Simplify key management by providing a simple, easy to use easy to deploy - key delivery system Reduce costs complexity with hosted system Security enhanced by controlling and keeping keys within customer s physical data center Separation of duties is established through different user roles set by key administrator Trend Micro Confidential6/22/2011 Copyright 2009 Trend Micro Inc. 17

Server Authentication Verifie the identity of virtual machines requesting encryption keys through a series of user defined policies Know when and from where your requests are coming Dictate when and where VMs receive keys and access data Important to ensure geographic or chronologic rules mandates are followed Protect by adding an additional layer of security before keys are released and data unlocked Trend Micro Confidential6/22/2011 Copyright 2009 Trend Micro Inc. 18

Auditing, Reporting and Alerting Accountability is set for all key request and release activities Know when and from where your requests are coming Audit trail is established to comply with external regulations and security best practices Notification of key deployment activities and requests speeds time-to-resolution when problems occur Trend Micro Confidential6/22/2011 Copyright 2009 Trend Micro Inc. 19

So, Now what is there to worry about? Use of encryption is rare: Now only authorized servers can read data! Name: John Doe SSN: 425-79-0053 Visa #: 4456-8732 Virtual volumes and servers are mobile: Policies only allow access in authorized areas! Rogue servers might access data: Yes but the information is unreadable and safe! Rich audit and alerting modules lacking: Now we have reports, alerts and audit trails! Name: John Doe SSN: 425-79-0053 Visa #: 4456-8732 Encryption keys remain with vendor: No vendor lock-in since customer owns solution Customer decides where keys are stored! Virtual volumes contain residual data: Doesn t matter disks are unreadable! Classification 6/22/2011 Copyright 2009 Trend Micro Inc. 20

Challenges for Public Cloud: The Private Security Answer Shared network inside the firewall Doesn t matter treat the LAN as public Multiple customers on one physical server potential for attacks via the hypervisor Doesn t matter the edge of my virtual machine is protected Internet Shared Firewall Shared Storage Shared firewall Lowest common denominator less fine grained control Doesn t matter treat the LAN as public Easily copied machine images who else has your server? Doesn t matter They can start my server but only I can unlock my data Virtual Servers Trend Micro Confidential 6/22/2011 Copyright 2009 Trend Micro Inc. 21 Shared storage is customer segmentation secure against attack? Doesn t matter My data is encrypted

Protecting Enterprise Data in the Cloud Benefit Enablement Compliance Control Business Power Flexibility Business Impact Enables business to leverage cloud economics while protecting data Enables compliance with security best practices, internal governance & external regulations for encryption of sensitive data Control of data resides with enterprise no matter where data is located in the cloud Obviates need to rely on proprietary cloud vendor security because security is controlled by the enterprise Enables bursting or deploying applications to cloud while maintaining adequate security Trend Micro Confidential6/22/2011 Copyright 2009 Trend Micro Inc. 22

In the Cloud Data Security 128 or 256-bit AES encryption Policy-based key delivery Automated for fast operations or manual when extra control is needed Controls how and where data can be accessed by authenticating virtual servers to storage volumes Centralized key management SaaS or on-premise delivery models (on-premise in later version) SaaS (hosted) reduces administrative and maintenance costs. On-premise increases control and ensures custody of encryption keys Audit, alerting and reporting functionalities Records user activity, key use and requests, virtual machine operations, encryption information and more Copyright 2009 Trend Micro Inc. 23

In the Cloud Data Security Key Management Not just encryption: unique in the way it manages keys and its environment Excellent compliment to Deep Security Industry standard encryption Makes data unreadable without encryption keys Greatly reduces the risks of data theft, unauthorized data disclosure or data modification Control of encryption keys Know exactly where your keys are at all times Vendor administrators with powerful rights unable to see information Not subjected to lock-in with cloud vendor s encryption system Governments can no longer seize data without your knowledge Copyright 2009 Trend Micro Inc. 24

In the Cloud Data Security Secure Storage recycling Residual data left on storage devices is unreadable after volumes are terminated Auditing and logging functions Helps ensure compliance with regulations, policies and best practices Reduces work required for external or internal investigations Creates accountability and helps manage system resources Automated policy-based key management Determines which virtual servers access data Imposes security requirements and location constraints on VMs Reduces the likelihood of malware infection, system cloning and server modifications Copyright 2009 Trend Micro Inc. 25

Thank You! Dan Reis dan_reis@trendmicro.com Director Regional Product Marketing Trend Micro Confidential Classification 6/22/2011 Copyright 2009 Trend Micro Inc. 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback