Data Centre Evolution: Securing Your Journey to the Cloud

27
Data Center Evolution: Physical. Virtual. Cloud. Securing Your Journey to the Cloud Trend Micro

description

The world of computing is moving to the cloud – shared infrastructures, shared systems, instant provisioning and pay-as-you-go services. And users can enjoy anytime, anywhere access to services and their data. But how secure is your data in the cloud and do conventional security products offer the optimal approach to securing your virtualised environments? In this presentation we examine security and performance concerns along your journey to the cloud and explore new technologies from VMware and Trend Micro. These innovations are all ready helping thousands of businesses to address the security challenges with Physical, Virtual and cloud platforms.

Transcript of Data Centre Evolution: Securing Your Journey to the Cloud

Page 1: Data Centre Evolution: Securing Your Journey to the Cloud

Data Center Evolution: Physical. Virtual. Cloud.Securing Your Journey to the Cloud

Trend Micro

Page 2: Data Centre Evolution: Securing Your Journey to the Cloud

Where is Your Data?JOURNEY TO THE CLOUD

where is your

Data?SERVER

VIRTUALIZATION

HYBRID CLOUD PUBLIC CLOUD

BYOPC

DESKTOPVIRTUALIZATION

PHYSICALDESKTOPS & SERVERS

MOBILE PRIVATE CLOUD

Page 3: Data Centre Evolution: Securing Your Journey to the Cloud

One Security Model is Possible across Physical, Virtual, and Cloud Environments

CROSS-PLATFORM SECURITY

Physical Virtual Cloud

New platforms don’t change the threat landscape

Each platform has unique security risks

Integrated security is needed across all platforms

Page 4: Data Centre Evolution: Securing Your Journey to the Cloud

Physical Virtual Cloud

One Security Model is Possible across Physical, Virtual, and Cloud Environments

PLATFORM-SPECIFIC SECURITY RISKS

Integrated Security: Single Management Console

Manageability

Glut of security products

Less security

Higher TCO

Reduce Complexity

Performance & Threats

Traditional security degrades performance

New VM-based threats

Increase Efficiency

Visibility & Threats

Less visibility

More external risks

Deliver Agility

Page 5: Data Centre Evolution: Securing Your Journey to the Cloud

Consolidate Physical Security REDUCE COMPLEXITY

Page 6: Data Centre Evolution: Securing Your Journey to the Cloud

One Server Security PlatformREDUCE COMPLEXITY

Firewall HIPS / Virtual Patching

Web Application Protection

Antivirus Integrity Monitoring

Log Inspection

AdvancedReporting Module

Single ManagementConsole

Page 7: Data Centre Evolution: Securing Your Journey to the Cloud

Server and DesktopVirtualization Security

INCREASE EFFICIENCY

Page 8: Data Centre Evolution: Securing Your Journey to the Cloud

Challenge: Resource ContentionVIRTUALIZATION SECURITY

Typical AV

Console3:00am Scan

Antivirus Storm

Automatic security scans overburden the system

Page 9: Data Centre Evolution: Securing Your Journey to the Cloud

Challenge: Instant-on GapsVIRTUALIZATION SECURITY

Dormant Active

Page 10: Data Centre Evolution: Securing Your Journey to the Cloud

Cloned

Challenge: Instant-on GapsVIRTUALIZATION SECURITY

Active Reactivated without dated security

Reactivated and cloned VMs can have out-of-date security

Page 11: Data Centre Evolution: Securing Your Journey to the Cloud

Challenge: Complexity of ManagementVIRTUALIZATION SECURITY

VM sprawl inhibits compliance

Patch agents

Rollout patterns

Provisioning new VMs

Reconfiguring agents

Page 12: Data Centre Evolution: Securing Your Journey to the Cloud

Attacks can spread across VMs

Challenge: Inter-VM Attacks / Blind Spots

VIRTUALIZATION SECURITY

Page 13: Data Centre Evolution: Securing Your Journey to the Cloud

ESX

vSphere Platform

Guest VM’s

OS

Trend MicroDeep Security

Manager

Agent-less Security Architecture

vShield Endpoint ESX Module

vCenter

VM tools

vShield Manager

Trend Microproduct

components

Trend Microproduct

components

vShield Endpoint

Components

VMware Platform

VI Admin

Security Admin

APPsAPPsAPPsAPPs

APPsAPPs

Trend Micro Deep Security Virtual Appliance

Anti-Malware

- Real-time

Scan- Scheduled &

Manual

Scan

Network Security

- IDS/IPS- Web App

Protection- Application

Control- Firewall

Trend Microfilter driver

Trend Microfilter driver

VMsafe-net API

vShield Endpoint API

Legend

Page 14: Data Centre Evolution: Securing Your Journey to the Cloud

What is the Solution?Layered, Virtualization-Aware Security in One Platform

VIRTUALIZATION SECURITY

Security Virtual Appliance

VM VM VM

With Agentless Security

VM

VM VM VM VMVM VM

Deep Security Integrated Modules:

• Antivirus• Integrity Monitoring• Intrusion Prevention• Web Application Protection• Application Control• Firewall• Log Inspection

HigherDensity

OptimizedResources

SimplifiedManagement

StrongerSecurity

Maximizes Performance and ROI

Page 15: Data Centre Evolution: Securing Your Journey to the Cloud

Agentless Anti-malwareCity of Oulu, Finland

CASE STUDY

Industry Municipal Government

Number of Employees 10,000

Challenge

• Merge infrastructures of four surrounding cities in less than one year

• Extend the lives of existing PCs that cannot be upgraded to Windows 7

• Minimize the start-up efforts for the infrastructure merger

• Avoid complexity that would slow systems or increase workload

Solution

• vShield Endpoint and Trend Micro Deep Security, for agentless protection of virtual desktop infrastructure (VDI)

Business Results

• Protection that is easy to deploy, administer, and scale

• Agentless security that is more resource

• Instant protection of new VMs at time of spin-up

Page 16: Data Centre Evolution: Securing Your Journey to the Cloud

Cloud Deploymentsand Security

DELIVER AGILITY

Page 17: Data Centre Evolution: Securing Your Journey to the Cloud

Cloud Models: Who Has Control?CLOUD SECURITY

Servers Virtualization & Private Cloud

Public CloudIaaS

Public CloudPaaS

Public CloudSaaS

End-User (Enterprise) Service Provider

Who is responsible for security?

With IaaS the customer is responsible for VM-level security

With SaaS or PaaS the service provider is responsible for security

Page 18: Data Centre Evolution: Securing Your Journey to the Cloud

Shared resources creates a mixed trust level environment

Challenge: Multi-tenancy / Mixed Trust Level VMsCLOUD SECURITY

Page 19: Data Centre Evolution: Securing Your Journey to the Cloud

There can be less visibility and control of cloud data

Challenge: Data Access and GovernanceCLOUD SECURITY

Page 20: Data Centre Evolution: Securing Your Journey to the Cloud

When data is moved, unsecured data remnants can remain

Challenge: Data DestructionCLOUD SECURITY

100110111000101

100110111000101

10011 000101

Page 21: Data Centre Evolution: Securing Your Journey to the Cloud

Sensitive Research Results

• Unreadable for unauthorized users

• Control of when and where data is accessed

• Server validation

• Custody of keys

Data SecurityEncryption

with Policy-based Key Management

Server & App Security Modular Protection

• Self-defending VM security

• Agentless and agent-based

• One management portal for all modules, all deployments

22

vSphere & vCloud

Integration ensures servers have up-to-date security before encryption keys are released

What is the Solution? Data ProtectionCLOUD SECURITY

Page 22: Data Centre Evolution: Securing Your Journey to the Cloud

23

VM VM VM VMVM VM VM VMVM VM VM VM

VMware vCloud

VMware vSphere

Encryption throughout your cloud journey—data protection for virtual & cloud environments

Enterprise Key

Key Service Console

Trend Micro SecureCloud

Data Center Private Cloud Public Cloud

Fitting Encryption into a VMware EcosystemCLOUD SECURITY

Page 23: Data Centre Evolution: Securing Your Journey to the Cloud

Test Test

Deep Security / Secure Cloud Example

VMware Vsphere ESX

CustomerCustomer

Customer 1 Customer 2

Unix/Win

Server

Page 24: Data Centre Evolution: Securing Your Journey to the Cloud

Specialized Protectionfor Physical, Virtual, and Cloud

Physical Virtual Cloud

TREND MICRO DEEP SECURITY

Only fully integrated server security platform

First hypervisor-integrated agentless antivirus

First agentless file integrity monitoring (FIM)

Only solution in its category to be EAL4+and FIPS certified

Only solution to offer agentless:AntivirusIntegrity monitoringIntrusion detection & preventionWeb application protection Firewall

Page 25: Data Centre Evolution: Securing Your Journey to the Cloud

2011 Technology Alliance Partner of the YearTREND MICRO: VMWARE’S NUMBER 1 SECURITY PARTNER

Improves Securityby providing the most secure virtualization

infrastructure, with APIs, and certification programs

Improves Virtualizationby providing security solutions architected to fully

exploit the VMware platform

2008 2009 2011

Feb: Join VMsafe program

RSA: Trend Micro VMsafe demo, announces

Coordinated approach & Virtual pricing

RSA: Trend Micro announces virtual appliance

2010:>100 customers >$1M revenue

VMworld: Announce Deep Security 8w/ Agentless FIM

1000 Agentless customers

VMworld: Trend virtsec customer, case study,

webinar, video

May: Trend acquires

Third Brigade

July:CPVM

GA

Nov: Deep Security 7with virtual appliance

RSA: Trend Micro Demos Agentless

2010

Q4: Joined EPSEC vShield

Program

VMworld: Announce

Deep Security 7.5

Sale of DS 7.5 Before GA

Dec: Deep Security 7.5w/ Agentless Antivirus

RSA: Other vendors

“announce” Agentless

Page 26: Data Centre Evolution: Securing Your Journey to the Cloud

Trend is No.1 in Server and Virtualization Security

Physical Virtual Cloud

VIRTUALIZATION AND CLOUD SECURITY

Trend Micro23.7%

Trend Micro13%

Source: IDC, 2011 - Worldwide Endpoint Security Revenue Share by Vendor, 2010 Source: 2011 Technavio – Global Virtualization Security Management Solutions

Page 27: Data Centre Evolution: Securing Your Journey to the Cloud