Securing your Journey to the Cloud Kamal Sharma

Securing your Journey to the Cloud Kamal Sharma • Technical Consultant kamal_s@trendmicro. com Classification 12/28/2021 Copyright 2011 Trend Micro Inc. 1

Agenda • The Cloud Landscape • Security Challenges • Journey to the Cloud • Next Generation Security Infrastructure • How it Works ? • Summary Classification 12/28/2021 Copyright 2011 Trend Micro Inc. 2

The Benefits of Virtualization & Cloud Computing Reduce IT Capital Expense by 50% Reduce Administration overhead And more… Reduce IT operational expense Reduce Carbon Footprint Classification 12/28/2021 Copyright 2011 Trend Micro Increase Flexibility 3

Customer Cloud Journey Stage 1 Private Cloud Stage 2 - 2011 Hybrid Cloud Stage 3 - 2012 Public Cloud 85% Desktops 15% Secure The Cloud Workload 30% 70% Servers Protect The Workload Data Copyright 2011 Trend Micro Inc. Consolidate Security Across DC & Cloud

Cloud Layers • Three basic cloud layers: Iaa. S, Paa. S, Saa. S – Iaa. S: is the cloud layer in which cloud consumers have the ability to provision virtual servers, storage, networks, and other fundamental computing resources – Paa. S: provides a development platform, sandbox and management system to develop, and in some cases, sell the applications that will be operated in the cloud. – Saa. S: capability for a consumer to use the provider’s applications running on a cloud infrastructure. Trend Micro Confidential 12/28/2021 Copyright 2011 Trend Micro Inc. 5

Types of cloud computing & examples Cloud Applications Software-as-a-Service Cloud Software Development Platform-as-a-Service Cloud-based Infrastructure-as-a-Service Classification 12/28/2021 Copyright 2011 Trend Micro Inc. 6

Who Has Control? Servers Virtualization & Private Cloud Public Cloud Iaa. S Public Cloud Paa. S Saa. S End-User (Enterprise) Trend Micro Confidential 12/28/2021 Service Provider Copyright 2011 Trend Micro Inc. 7

“The number one concern about cloud services is security. ” Frank Gens, IDC, Senior VP & Chief Analyst Key Challenges/Issues to the Cloud/On-demand Model Source: IDC e. Xchange, "New IDC IT Cloud Services Survey: Top Benefits and Challenges, " (http: //blogs. idc. com/ie/? p=730) December 2009 Copyright 2011 Trend Micro Inc.

What is there to Worry ? Stage 1 Private Cloud Stage 2 - 2011 Hybrid Cloud Stage 3 - 2012 Public Cloud 85% Desktops 15% 30% 70% Servers -Traditional Security Approach -VM Sprawl / Cloning, V-Motion -Inter VM Communication -Resource Contention - Use of Encryption is rare - Virtual volumes and servers are mobile - Virtual volumes contain residual data -Compliance Concern -Rogue servers might access data Copyright 2011 Trend Micro Inc.

Security Challenges Along the Virtualization Journey Private Public Cloud Data destruction 11 Multi-tenancy 10 Diminished perimeter 9 Data access & governance 8 Compliance/ Lack of audit trail 7 Complexity of Management 6 Resource Contention 5 Mixed trust level VMs 4 Instant-on gaps 3 Inter-VM attacks 2 n tio ate a iz al on R u rt ti Vi op Ad Host controls under-deployed Copyright 2011 Trend Micro Inc. 1

How do we get there – a journey to the cloud Virtualization 3 G Network Net Devices Cloud Infrastructure Dynamic Data Center with Deep Security Shared System, Share Storage Cloud End Devices Hybrid Cloud Management Security That Fits Office Scan, Borderless Titanium, Safe Sync Ubiquitous, Data Access, Data Everywhere Data Centric Protection Cloud Application Cloud Data Cloud Application Ownership of Data vs. Computing Secure Cloud& Access Control Confidentiality Deep Securityfor New Apps. Example, New Platform Web Defacing, SQL Injection Copyright 2011 Trend Micro Inc.

Next Generation Security Infrastructure Classification 12/28/2021 Copyright 2011 Trend Micro Inc. 12

Virtualization Anti-malware Firewall IDS/IPS Virtual Appliance DMZ Virtualization Firewall Internet Web / Email Mission Critical Servers IDS / IPS Endpoints Copyright 2011 Trend Micro Inc.

Public Cloud Computing Anti-malware Firewall IDS/IPS Virtual Appliance Agent-based protection • Anti-malware • Firewall • IDS/IPS • Integrity Monitoring • Encryption DMZ Firewall Internet Web / Email Mission Critical Servers IDS / IPS Endpoints Copyright 2011 Trend Micro Inc.

Next Generation Security Cloud Computing DMZ Firewall Internet Web / Email Mission Critical Servers IDS / IPS Endpoints Copyright 2011 Trend Micro Inc.

How it Works ? Classification 12/28/2021 Copyright 2011 Trend Micro Inc. 16

What is Deep Security? Server & application protection for: PHYSICAL VIRTUAL & PRIVATE CLOUD PUBLIC CLOUD Deep Packet Inspection IDS / IPS Web Application Protection Control 12/28/2021 Firewall Copyright 2011 Trend Micro Inc. 17 Integrity Monitoring Log Inspection Malware Protection

Trend Micro Deep Security Server & application protection • Latest anti-malware module adds to existing set of advanced protection modules Anti. Malware Firewall Intrusion Detection Prevention Web app protection Copyright 2011 Trend Micro Inc. 18 Log Inspection Integrity Monitoring

Trend Micro Deep Security Server & application protection 5 protection modules Deep Packet Inspection IDS / IPS Shields web application vulnerabilities Web Application Protection Application Control Reduces attack surface. Prevents Do. S & detects reconnaissance scans Optimizes the identification of important security events buried in log entries Detects and blocks known and zero-day attacks that target vulnerabilities Provides increased visibility into, or control over, applications accessing the network Firewall Anti-Virus Detects and blocks malware (web threats, viruses & worms, Trojans) Log Inspection Integrity Monitoring Detects malicious and unauthorized changes to directories, files, registry keys… Protection is delivered via Agent and/or Virtual Appliance Copyright 2011 Trend Micro Inc. 19

Secure Cloud Copyright 2011 Trend Micro Inc. 20

Trend Micro: Server Security Leadership IDC Market Analysis: Worldwide Corporate Server Security Market Share Trend Micro 22. 9% All Others 77. 1% These products are generally more robust than desktop endpoint security and are available for a much wider set of operating systems (Windows, Unix, and Linux). This category also includes products that are designed to protect hypervisors and virtual Source: Worldwide Endpoint Security 2010 -2014 servers. ” Forecast and 2009 Vendor Shares, IDC Copyright 2011 Trend Micro Inc. 21

Securing Your Journey to the Cloud THANK YOU! Classification 12/28/2021 Copyright 2011 Trend Micro Inc. 22

What’s the Solution? • Secure. Cloud makes it possible for businesses to encrypt and control data in public and private cloud environments via simple policybased key management. It gives businesses power over how and where data is accessed and greatly reduces the complexity of inherent in traditional key management solutions. • For the Public Cloud: (Amazon. com or Terremark) – Safely leverage operational and cost efficiencies of cloud computing – Control access to data in shared public cloud environments – Additional safety by authenticating virtual servers • For the Private Cloud: (v. Cloud in customer’s data center) • Segregation of sensitive data stored in internal shared storage • Greater ability to achieve compliance with regulations and best practices Copyright 2011 Trend Micro Inc.

Key Product Benefits (Continued) • Secure Storage recycling – Residual data left on storage devices is unreadable after volumes are terminated • Auditing and logging functions – Helps ensure compliance with regulations, policies and best practices – Reduces work required for external or internal investigations – Creates accountability and helps manage system resources • Automated policy-based key management – Determines which virtual servers access data – Imposes security requirements and location constraints on VMs – Reduces the likelihood of malware infection, system cloning and server modifications Copyright 2011 Trend Micro Inc. 24

What is there to worry about? Use of encryption is rare: Name: John Doe SSN: 425 -79 -0053 Visa #: 4456 -8732… • Now only authorized servers can read data! Virtual volumes and servers are mobile: • Policies only allow access in authorized areas! Rogue servers might access data: Name: John Doe SSN: 425 -79 -0053 Visa #: 4456 -8732… • Yes – but the information is unreadable and safe! Rich audit and alerting modules lacking: • Now we have reports, alerts and audit trails! Encryption keys remain with vendor: • No vendor lock-in since customer owns solution • Customer decides where keys are stored! Virtual volumes contain residual data: • Doesn’t matter – disks are unreadable! Classification 12/28/2021 Copyright 2011 Trend Micro Inc. 25

Secure. Cloud Key Benefits • Secure. Cloud is unique – Not just encryption: unique in the way it manages keys and its environment – Excellent compliment to Deep Security • Industry standard encryption – Makes data unreadable without encryption keys – Greatly reduces the risks of data theft, unauthorized data disclosure or data modification • Control of encryption keys – – Know exactly where your keys are at all times Vendor administrators with powerful rights unable to see information Not subjected to lock-in with cloud vendor’s encryption system Governments can no longer seize data without your knowledge Copyright 2011 Trend Micro Inc. 26

What is there to worry about? Use of encryption is rare: Name: John Doe SSN: 425 -79 -0053 Visa #: 4456 -8732… • Who can see your information? Virtual volumes and servers are mobile: • Your data is mobile — has it moved? Rogue servers might access data: Name: John Doe SSN: 425 -79 -0053 Visa #: 4456 -8732… • Who is attaching to your volumes? Rich audit and alerting modules lacking: • What happened when you weren’t looking? Encryption keys remain with vendor: • Are you locked into a single security solution? Who has access to your keys? Virtual volumes contain residual data: • Are your storage devices recycled securely? Classification 12/28/2021 Copyright 2011 Trend Micro Inc. 27

12/28/2021 Copyright 2011 Trend Micro Inc. Page: 28

12/28/2021 Copyright 2011 Trend Micro Inc. Page: 29

12/28/2021 Copyright 2011 Trend Micro Inc. Page: 30