Copyright 2011 Trend Micro Inc.
Dave Asprey • VP Cloud Security
Who Owns Security in the Cloud?
Trend Micro Confidential 7/25/2011 1
Copyright 2011 Trend Micro Inc.
Cloud Computing in the 21st Century
Trend Micro Confidential 7/25/2011 2
• Simplified, pay-per-use IT
Outsourced networking,
storage, server, and
operational elements
• Offers greater autonomy than
Software as a Service (SaaS)
for more security controls
Infrastructure as a Service
(IaaS)
• Efficiencies
• Cost savings
• Scalability
Cloud computing accounts
for unparalleled benefits in…
Copyright 2011 Trend Micro Inc.
Cloud Computing Challenges
Trend Micro Confidential 7/25/2011 3
Numerous new compliance issues
Where does security responsibility
and accountability lie?
Invalidates traditional approaches
to security
Potential areas of data security risk
Copyright 2011 Trend Micro Inc.
Why use the Cloud?
Trend Micro Confidential 7/25/2011 4
Public Cloud Benefits
• OPEX (Operating Expense vs. CAPEX
(Capital expense)
• Avoids expenditure on hardware,
software and other infrastructure
services
• Firms dynamically scale according to
their computing needs in real-time
• Improves business agility
Private Cloud Benefits
• Increases flexibility
• Improves responsiveness
to internal customers’ needs
Copyright 2011 Trend Micro Inc.
TWO SCENARIOS TO SECURING THE CLOUD
Perimeter Security Isn’t Dead
Trend Micro Confidential 7/25/2011 5
Copyright 2011 Trend Micro Inc.
Perimeter Security
Trend Micro Confidential 7/25/2011 6
Firewalls, intrusion prevention,standard security functionality
Additional security levels required in the cloud
Extend firms perimeter into the cloud
Extend cloud inside firms perimeter
Traditional perimeter security models
and the cloud
Perimeter security now
becoming part of overall
security architecture
within the cloud
Copyright 2011 Trend Micro Inc.
Extending your Perimeter to the Cloud: Scenario #1
Trend Micro Confidential 7/25/2011 7
• Simplified, pay-per-use IT
Outsourced networking,
storage, server, and
operational elements
• Offers greater autonomy than
Software as a Service (SaaS)
for more security controls
Benefits
• Create an IPSec VPN tunnel
to your public cloud
provider’s servers
• Enterprise-grade security in
the public cloud server
• Security software and
virtual appliances
Approach
Copyright 2011 Trend Micro Inc.
Scenario #1
Trend Micro Confidential 7/25/2011 8
• May introduce risks associated with the
security of the secured cloud to your
architecture
• Creates additional perimeter
to secure
• Cloud servers subjected to
new threats
• Not given cloud provider’s physical
or admin access logs
• Shared storage
• Public cloud providers are not as
strict on security
• Reimbursement for Data breach
Risks Mitigation
• Maintain access logs
• Data encryption should be standard
• Cloud and internal servers should
monitor for suspicious traffic
• Add an extra DMZ and firewall
• Security on cloud servers
• IDS/IPS bi-directional firewall etc.
• With critical data in the cloud
• Look for strict adherence to
security best practices
• Examine your provider’s SLAs and
security policy
• ISO 27001 and SAS70 II
Copyright 2011 Trend Micro Inc.
Extending the Cloud into the Enterprise:Scenario #2
Trend Micro Confidential 7/25/2011 9
• Cloud extends inside your
perimeter
• Involves agreeing to
• an IaaS public cloud provider
• Or cloud-based MSSP installing a
cloud node on site.
Approach
• Increasingly popular among
larger enterprises
• Well understood model
Benefits
Copyright 2011 Trend Micro Inc.
Scenario #2
Trend Micro Confidential 7/25/2011 10
• Lack of visibility into physical
and/or access logs remain
• Liability for negligence
• Reimbursement for cost
of service only
• Providers have access to your
network and application data
• Must be trusted
Risks
Copyright 2011 Trend Micro Inc.
How to Manage the Gaps in your Cloud Security Policies?
Trend Micro Confidential 7/25/2011 11
Secure your cloud servers as you secure
internal servers
– IDS/IPS, DLP tools
– bi-directional firewall
– Encryption
Vital to understand how much network monitoring and
access your provider allows
Encryption of data is important
Accelerated speed in which servers are created in the
private cloud
Must be properly managed by IT
Copyright 2011 Trend Micro Inc.
Securing the Cloud Successfully
Trend Micro Confidential 7/25/2011
network traffic
customers are clear on security features
security policies
Enterprises
Cloud providers
Private cloud
environments
Store encryption keys in a separate location
Deploy all security tool in the cloud
Not accessible to the cloud provider
Be transparent regarding…
Clarify SLAs so…
Create a central authorization process
Be prepared
procedures
Copyright 2011 Trend Micro Inc.
Thank you
Trend Micro Confidential 7/25/2011 13
To read more on Securing Your Journey to the Cloud, visit www.cloudjourney.com
Top Related