Datacenter 2014: Symantec - Peter Schjøtt
-
Upload
mediehuset-ingenioren-live -
Category
Technology
-
view
129 -
download
4
description
Transcript of Datacenter 2014: Symantec - Peter Schjøtt
Version2, Datacenter 2014 1
Hvorfor kun sikre Cloud’en halvt- tænk sikkerhed fra starten…
Peter SchjøttPr. Security Presales Engineer
Why Cloud• Cloud characteristics – whether private or public
– Broad network access
– Rapid elasticity
– On-demand self-service
– Shared pool of resources
– Measured service
• Cost reduction through efficiency• Comparable better security through standardisation
• Business focus on core, abstract from the rest
Version2, Datacenter 2014 3
4
Market Dynamics
4
Targeted Attacks & APT’s
CloudPrivate, Cloud, Hybrid
ChangeOrganization, Process, Regulation
Virtualization& Software-Defined “X"
Version2, Datacenter 2014
5
Big Picture
5Version2, Datacenter 2014
Data Center RisksIncreased automation and the virtual layer increases the attack surface, convergence of
infrastructure creates big risk around privileged users.
Traditional Data Centers Private Cloud
Many servers, network and storage systems in separate data centers with separate
admins; slow provisioning
Many servers, network and storage systems in fewer consolidated data centers with high
automation and fewer admins; faster provisioning
Large attack surface, concentration of risk
Version2, Datacenter 2014 6
shifting gears the SDDC
7
Drivers Cost
Speed
Flexibility
Inhibitors Security Tax
Complexity
Compliance
The data center of the future is software-defined. It is dynamic and application-centric. Our mission is to support our customers as they evolve to the SDDC.
Dat
a C
ente
r S
ecur
ity
Compute and Storage Virtualization
Network Virtualization
Software Defined Services
On-Prem/Private/Public Cloud Resources
So
ftwa
re-D
efin
ed
Da
ta C
en
ter
Applications and Policies
Aut
omat
ion
and
Man
agem
ent
Version2, Datacenter 2014
Dat
a C
ente
r S
ecur
ity
Compute and Storage Virtualization
Network Virtualization
Software Defined Services
On-Prem/Private/Public Cloud Resources
So
ftwa
re-D
efin
ed
Da
ta C
en
ter
Applications and Policies
Aut
omat
ion
and
Man
agem
ent
The Bets
Version2, Datacenter 2014
theCloud Betthe
virtualization Bet
78%
31%25%
Securing private clouds is a good early bet as private clouds will continue to be
strongly preferred over public and hybrid clouds
HybridPublicPrivateSource: IDC CloudTrack Survey, 2012
Security represents a large opportunity as it is the key
obstacle for the virtualization of mission
critical workloads
theSDN Bet
Aligning with e.g. VMware and Cisco to secure SDNs is
key as customers will definitely adopt pure or
mixed SDNs at a rapid pace
the SDDC Bet
DC Automation and orchestration are key to
SDDCs and will mandate a parallel need for security
orchestration.
0%20%40%60%80%
67%47% 57% 52%
41% 35% 40%
Source: VMware Conference 2012
theData Center Bet
As Data Center consolidation in combination with virtualization increases the concentration of risk, we
will see a corresponding demand for security.
Data center consolidation is projected to account for
27% of IT spend (2010-2016)Gartner, 2011
8
Da
ta C
ente
r S
ecu
rity
Compute/StorageVirtualization
NetworkVirtualization
Software Defined Services
On-Prem/Private/Public Cloud Resources
So
ftw
are
-De
fin
ed
Da
ta
Ce
nte
rApplications and Policies
Au
tom
atio
n a
nd
Man
agem
ent
Support for key standards for private
clouds e.g. Openstack and partner with
vendors delivering those standards e.g. Amazon, VMware,
Openstack
Security for leading hypervisors
Security for hybrid networks
Integrated security orchestration
Dynamic, context-based, policy-
centric security
Software Defined Security
“By 2015, 40% of security controls
used in Enterprise data centers will be virtualized, up from less than 5%
in 2010”
– Neil MacDonald
A dynamic, application-centric data center needs dynamic, application-centric security.
SDN and SDDC platforms will be enablers of security
consolidation offering a platform for security
orchestration
the Security Bet
Version2, Datacenter 2014 9
Version2, Datacenter 2014 10
Public Cloud
Cloud Computing Top Threats• Data Breaches• Data Loss• Account or Service hijacking• Insecure Interfaces and APIs• Denial of Service• Malicious Insiders• Abuse of Cloud Services• Insufficient Due Dilligence• Shared Technology Vulnerablities
Version2, Datacenter 2014 11
What are my risks using Cloud
Identify the asset
Evaluate the asset
Map asset to Cloud depl.
modelsEvaluate Cloud service models and providers
Map data flow
Conclusion
Version2, Datacenter 2014 12
How
do
you
get
out
of a
Clo
ud a
gree
men
t?
•C
loud
ven
dor
lock
-in•
Dat
a lo
ck-in
Version2, Datacenter 2014 13
Summing up
Where can Symantec help
Version2, Datacenter 2014 14
Governance Prevention / Protection /Assurace
Monitoring / Reporting / Alerting
Mitigation / Correction
Risk AnalysisPoliciesComplianceVendor RiskRisk modelling
Desktop/laptop/server protectionEncryptionDLPMessagingAuthenticationCertificates/PKIStorage ManagementHypervisor hardening
Managed servicesDeepSight
BackupArchiving
Addressing Security Challenges Today
Version2, Datacenter 2014
Public Cloud
Integrated Compliance Views across platforms
2
• Broadest Portfolio of Security for physical & virtual1
Latest Offering – DCS : Server and Advanced3
Best in Class Threat Intelligence Symantec DeepSight / GIN4
• Symantec Protection Engine for Cloud Services 5
Information Security
• Threat Protection • Server Hardening • Hypervisor Hardening • Encryption • Data Protection• Messaging Security
Information Assurance
• Archiving• Backup • Availability
Segmented Physical/Virtual
Next Gen SDDC
15
Thank you!
Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Version2, Datacenter 2014 16
Peter Schjø[email protected]