Extending the Enterprise into the Cloud
- Hybrid Infrastructure & Security
Management
Seoul, Korea
COEX Convention Centre
...
Hybrid Cloud & the
Enterprise
Anthony Russell
Technology Partner Manager – Amazon Web
Services (APAC)
How customers are using hybrid infrastructure

Augment On-Premises
resources with cloud
capacity

Migrate existing apps &
...
Shell uses AWS to Develop Software Faster and Cheaper

Core Development
Team

Extra Development
Resources

Contractor Team...
S&P Capital IQ Uses AWS for Big Data Processing

S3

Provides data to
4200+ top global
investment firms

Hadoop Cluster

L...
Shaw Media uses AWS for Disaster Recovery

Before

Primary site

After

Primary site

Saved $1.8
Million in
second site
co...
Lionsgate uses AWS To host SharePoint & SAP

Amazon VPC

Avoided data
center build
out

50% lower
cost than
hosting option...
How AWS enables the hybrid environment
Deployment & Administration

Application Services

Compute

Storage

Networking

AW...
How you can extend your own on-premise environments
into the AWS Cloud?

Active Directory

VMware Images

VM Import/Export...
Extending the power of existing applications with AWS

App 1
App 2

Compute
Hadoop
clusters

Analytics
Data
Warehouses

Ap...
Enterprise management & security objectives
1. Secure and robust infrastructure
2. Control access and authorisation
3. Kee...
AWS supports your enterprise Cloud based security objectives

AWS DirectConnect

Amazon VPC

Private connectivity
between ...
Enterprise management & security objectives
1. Secure and robust infrastructure
2. Control access and authorisation
3. Kee...
AWS offers global reach and high-availability
US-WEST (N. California)

EU-WEST (Ireland)

GOV CLOUD

ASIA PAC (Tokyo)

US-...
The AWS platform has strong security foundations
•

SOC 1 (SSAE 16 & ISAE 3204) Type II Audit (was SAS70)

•

SOC 2 Type 1...
Security is a shared responsibility with AWS
Customer

Facilities

Network configuration

Physical security

Security grou...
AWS Partners help customers deploy & enhance their
own controls

AWS Partner Solutions

Facilities
Physical security
Compu...
Building secure, reliable connectivity to the hybrid
environment
Connect over the pubic Internet

www
Data center

AWS Cloud
Connect over industry-standard IPSEC VPN

router

router

www
AWS Cloud

Data center

IPSec tunnel via
statically-routed o...
Connect in private with AWS Direct Connect

AWS Direct
Connect
Location
Data center

Amazon Partner
Network suppliers
can ...
Building a secure hybrid environment with the AWS Virtual
Private Cloud
The AWS Virtual Private Cloud

VPC A - 10.0.0.0/16

• VPC spans an AWS region
– Customer chooses what
geography their cont...
Security Groups and Network Access Control Lists

VPC A - 10.0.0.0/16

•

– Stateful ingress and egress firewall
rules
– G...
External VPC connectivity can be private or public

• Customers are in full control of
VPC external connectivity

VPC A - ...
Partners build on top of the strong AWS baseline

•

Customers remain in control to
implement their own security
controls ...
Enterprise management & security objectives
1. Secure and robust infrastructure
2. Control access and authorisation
3. Kee...
Get fine-grained control of the cloud environment
AWS IAM enables you to securely control access to AWS services
and resou...
Enterprise management & security objectives
1. Secure and robust infrastructure
2. Control access and authorisation
3. Kee...
Using CloudFormation to deploy AWS configurations

Template

CloudFormation

Stack

Configuration files

Framework

Config...
Enterprise management & security objectives
1. Secure and robust infrastructure
2. Control access and authorisation
3. Kee...
AWS governance augments existing processes …
Your compute

Your configurations

AWS configurations

Your network

AWS netw...
… to give our customers governance over everything

Governance processes

Roles and responsibilities
Configuration managem...
Trusted Advisor offers further governance review
•

Online service from AWS Support
– Analyzes account for various kinds o...
AWS Partners Complete the Picture
AWS Partner Solutions

Facilities
Physical security

Compute infrastructure
Storage infr...
Next Stop, Hybrid……
David Carless
Cloud Computing Specialist –
BMC Software (APAC)
Two revolutions
in IT
right now
REVOLUTION ONE

The front end
How services are consumed
Its Mobile
Its Social
Expectations of IT have changed

The Consume...
•REVOLUTION TWO

The back end
How services are delivered
Pay as you use
Scale up Scale down
Always on
Immediately availabl...
Cloud is transforming the way we deliver IT
The rise of the IT BROKER
The Business
IT / Cloud Management Platform

Private...
Enterprise Hybrid Cloud is the Future
Reality
Public
Clouds
Internal
Private
Clouds

Virtual
Private
Clouds

Dedicated
Inf...
Why Enterprises are Embracing Cloud Computing

Accelerate business
Accelerate IT velocity
Improve IT efficiency and
effect...
Cloud Spending Is On The Rise In 2013-2014

Public Cloud Spending 2013-2014 (Gartner/IDC):
• 60% of Fortune 1000’s will in...
The cloud-enabled enterprise will be an agile, fierce
competitor
Current

Future

• Fixed Costs

• ‘Pay by the Drink’

• C...
The Goals of a Hybrid IT Environment
•
•
•
•
•

•
•
•

A seamless end-user experience
regardless of how
a service is provi...
Misconception, Hybrid is not only “Cloudbursting”
Hybrid IT Vision:
Implementing IT Operations and Policies in a Software based
Management Platform
How do I make this work ?

How do you empower users with self-service,
implement cost effective sourcing strategies
while ...
Impact of Control & Governance for Cloud

No Control &
Governance

Manual Control & Automated Cloud
Governance
Management ...
BMC & AWS Alliance ?

55
BMC and Amazon Web Services join forces to deliver
Managed Hybrid computing environments

On Premise
Resources
•
•
•

Amaz...
Cloud Management
with BMC Software
BMC Cloud Lifecycle Management CLM 3.0
End-to-end Cloud Management Platform

Service Catalog
Single self-service portal
Dy...
BMC Cloud Lifecycle Management
End-to-end Cloud Management Platform
Single, Unified User Request
BMC Cloud Lifecycle Management

Provide AWS
Service Options
Automated provisioning of cloud services
Provision complete cloud services with Post Deployment actions
“No one wants an e...
Aug 2013
Nov 2013
Feb 2014

Portal

Enterprise

Web
&

OS/MW/RTE Content available
Microsoft IIS 7.x
Microsoft IIS 8.x

Mi...
BMC Cloud Lifecycle Management
End-to-end Cloud Management Platform
Service Governance & Compliance
Place cloud services with policies & capacity data
Across private, public, and hybrid clou...
Closed loop Compliance & Configuration Automation

One platform for automation
• Software packaging
• Deployment
• Patchin...
BMC Cloud Lifecycle Management
End-to-end Cloud Management Platform
Integrated and Automated Change Control

Change
Management

1. Simple integration 2. Agile, automated
to IT release proces...
BMC Cloud Lifecycle Management
End-to-end Cloud Management Platform
BMC Software - AWS Resource Management capability
Amazon Web Services
•Fully Automated provisioning to AWS and support for...
BMC Cloud Lifecycle Management
End-to-end Cloud Management Platform
Visibility of current and forecasted cloud capacity
BMC Cloud Operations Management

Monitor capacity utilization
across d...
Real-time insight on health with cloud panorama
BMC Cloud Operations Management

• Identify performance issues
• Determine...
Automated chargeback reporting for the business

BMC Cloud Lifecycle
Management records pricing
in customer contract

BMC ...
The Power of BMC - Pearson
The Power of BMC - Pearson

50% Reduction in Global Time to Provision
With both BMC Software and AWS, IT can deliver the
benefits of Cloud

Across both on-premise and AWS cloud services:
• Red...
SAFE CHOICE: A Mainstream Business for BMC
BMC Cloud Lifecycle Management Customers

Telco
Clouds

Service
Provider
Clouds...
Thank you
Advanced Cloud Security
for AWS
Anthony Kim
Sr. Engineer of Cloud Security Business TrendMicro (Korea)
The Global Growth of Cloud Computing

Copyright 2013 Trend Micro Inc.

80 80
Source: Cloud Readiness Index 2012, Asia Cloud Computing Association
Copyright 2013 Trend Micro Inc.
Enterprises and the Cloud …
•
•

Security & compliance are top priorities for enterprise-wide adoption of the
cloud
Are cl...
Cloud Security is a
Shared
Responsibility
Consumer of Cloud Services Responsibilities
• Consumers of cloud services are responsible
for
– Security of the VMs/Instan...
Need to Secure the Complete Journey to the Cloud
The AWS Shared Responsibility Model
OS Security
 Application Security
...
Security
Considerations in the
Cloud
Security Considerations in the Cloud

Instance Awareness
• Knowing that the instance is
IN THE CLOUD
• Understanding where...
Security Considerations in the Cloud

Scale & Automation
• Next generation applications will
be elastic by nature
• Securi...
Security Considerations in the Cloud

Complexity
• Supporting large scale, distributed
and even distinct cloud
environment...
Security Considerations in the Cloud

Data Access & Governance
• How do I ensure my data
confidentiality & integrity?
• Ad...
Security Considerations in the Cloud
 Security principles don’t change
 Security policy don’t change
 Implementation & ...
Practical Guidance for Security
in the Cloud
Cloud Security: Shared Responsibility
What type of instance security controls are required?
The Need

Preferred Security C...
Trend Micro Deep Security for AWS
Next Generation Security for Hybrid Datacenter

Deep Packet Inspection
Defend against SQ...
Gartner Server Security Strategy
From Gartner paper in decreasing order of
importance)

Trend Micro Deep Security
capabili...
Trend Micro Deep Security as a Service*

DS as a Service
Manager Service
DS as a
Manager Service
DS as a
Manager Service
D...
Which Deep Security version is for you?
Buy Deep Security Software
• Datacenter security
requirements
• Hybrid cloud envir...
Trend Micro SecureCloud for AWS
Securing and Controlling Sensitive Data in the Cloud

Encryption
Credit Card Payment
Patie...
Trend Micro SecureCloud for AWS
 Protection for data in the cloud
 Automated encryption and key management
 Solution th...
Why Trend Micro for AWS?
 Amazon Advanced Technology Partner
 Deep Security is Common Criteria EAL 4+
 #1 in Server Sec...
Thank you
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
Upcoming SlideShare
Loading in...5
×

엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리

591

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
591
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
35
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리

  1. 1. Extending the Enterprise into the Cloud - Hybrid Infrastructure & Security Management Seoul, Korea COEX Convention Centre 24th October 2013
  2. 2. Hybrid Cloud & the Enterprise Anthony Russell Technology Partner Manager – Amazon Web Services (APAC)
  3. 3. How customers are using hybrid infrastructure Augment On-Premises resources with cloud capacity Migrate existing apps & data to the cloud Build new apps, sites, services & lines of businesses
  4. 4. Shell uses AWS to Develop Software Faster and Cheaper Core Development Team Extra Development Resources Contractor Team Remote Team
  5. 5. S&P Capital IQ Uses AWS for Big Data Processing S3 Provides data to 4200+ top global investment firms Hadoop Cluster Launched Hadoop faster, Learned Hadoop faster
  6. 6. Shaw Media uses AWS for Disaster Recovery Before Primary site After Primary site Saved $1.8 Million in second site costs Disaster Recovery Site Snapshots for granular rollbacks
  7. 7. Lionsgate uses AWS To host SharePoint & SAP Amazon VPC Avoided data center build out 50% lower cost than hosting options Saved $1M over 3 years
  8. 8. How AWS enables the hybrid environment Deployment & Administration Application Services Compute Storage Networking AWS Global Infrastructure Database
  9. 9. How you can extend your own on-premise environments into the AWS Cloud? Active Directory VMware Images VM Import/Export Your networks Virtual Private Network Your Data Cloud Storage Your Apps Your Data Centers Users & Access Rules Your Cloud Apps
  10. 10. Extending the power of existing applications with AWS App 1 App 2 Compute Hadoop clusters Analytics Data Warehouses App 3 Backup Your Data Centers App N Storage and archives VPC
  11. 11. Enterprise management & security objectives 1. Secure and robust infrastructure 2. Control access and authorisation 3. Keep track of assets and configuration 4. Governance across everything
  12. 12. AWS supports your enterprise Cloud based security objectives AWS DirectConnect Amazon VPC Private connectivity between AWS and your datacenter Private, isolated section of the AWS Cloud with VPN connectivity AWS IAM (Identity & Access Mgmt) Manage users, groups & permissions AWS CloudFormation Templates to deploy & manage Web App Enterprise App Database
  13. 13. Enterprise management & security objectives 1. Secure and robust infrastructure 2. Control access and authorisation 3. Keep track of assets and configuration 4. Governance across everything
  14. 14. AWS offers global reach and high-availability US-WEST (N. California) EU-WEST (Ireland) GOV CLOUD ASIA PAC (Tokyo) US-EAST (Virginia) ASIA PAC (Sydney) US-WEST (Oregon) ASIA PAC (Singapore) SOUTH AMERICA (Sao Paulo)
  15. 15. The AWS platform has strong security foundations • SOC 1 (SSAE 16 & ISAE 3204) Type II Audit (was SAS70) • SOC 2 Type 1 Audit • ISO 27001 Certification • Payment Card Industry Data Security Standard (PCI DSS) Level 1 Service Provider • FedRAMP (FISMA), ITAR, FIPS 140-2 • Cloud Security Alliance Questionnaire • MPAA (best practices for storage, processing, delivery) Foundation Services Compute Storage Database Networking Availability Zones AWS Global Infrastructure Edge Locations Regions
  16. 16. Security is a shared responsibility with AWS Customer Facilities Network configuration Physical security Security groups Compute infrastructure Storage infrastructure Network infrastructure + OS firewalls Operating systems Applications Virtualization layer (EC2) Proper service configuration Hardened service endpoints AuthN & acct management Rich IAM capabilities = Authorization policies Security scope for customers is reduced Take advantage of high levels of uniformity and automation to enhance security posture when moving into the cloud
  17. 17. AWS Partners help customers deploy & enhance their own controls AWS Partner Solutions Facilities Physical security Compute infrastructure Storage infrastructure Network infrastructure Virtualization layer (EC2) + = Managed, secure hybrid customer solutions Hardened service endpoints Rich IAM capabilities AWS Partners Build on AWS strong foundations to complete the enterprise security solution
  18. 18. Building secure, reliable connectivity to the hybrid environment
  19. 19. Connect over the pubic Internet www Data center AWS Cloud
  20. 20. Connect over industry-standard IPSEC VPN router router www AWS Cloud Data center IPSec tunnel via statically-routed or dynamicallyrouted (BGP) VPN
  21. 21. Connect in private with AWS Direct Connect AWS Direct Connect Location Data center Amazon Partner Network suppliers can hook up the last leg AWS Cloud New York Los Angeles Washington DC San Jose Singapore Tokyo London Docklands Sao Paulo Sydney
  22. 22. Building a secure hybrid environment with the AWS Virtual Private Cloud
  23. 23. The AWS Virtual Private Cloud VPC A - 10.0.0.0/16 • VPC spans an AWS region – Customer chooses what geography their content resides • Customer chooses their own private IP address range Subnet 10.0.1.0/24 Availability Zone Router • Split the VPC into multiple internal public and private network segments • Retain full control over routing Subnet 10.0.2.0/24 Availability Zone Region
  24. 24. Security Groups and Network Access Control Lists VPC A - 10.0.0.0/16 • – Stateful ingress and egress firewall rules – Granular – firewalls for every host in the VPC • Subnet 10.0.1.0/24 Router • Availability Zone Region Network Access Control Lists – Stateless network filter controls – Offer defence in depth over security groups Availability Zone Subnet 10.0.2.0/24 AWS Security Groups Duties can be controlled and segregated
  25. 25. External VPC connectivity can be private or public • Customers are in full control of VPC external connectivity VPC A - 10.0.0.0/16 Internet • Internet connectivity is optional and disabled by default Internet Gateway Subnet 10.0.1.0/24 Availability Zone Router • Connect privately to on-premise systems over VPN or direct connect Customer Gateway Subnet 10.0.2.0/24 Availability Zone Region On-premise Data centres
  26. 26. Partners build on top of the strong AWS baseline • Customers remain in control to implement their own security controls on top of the AWS environment • Trend Deep Security is a leading partner solution for host protection on the AWS environment in addition to intrusion detection & protection services • VPC A - 10.0.0.0/16 BMC integrate on-premise and cloud management and monitoring to provide a single pane of control for your hybrid IT solutions Subnet 10.0.1.0/24 Availability Zone Router Subnet 10.0.2.0/24 Availability Zone Region
  27. 27. Enterprise management & security objectives 1. Secure and robust infrastructure 2. Control access and authorisation 3. Keep track of assets and configuration 4. Governance across everything
  28. 28. Get fine-grained control of the cloud environment AWS IAM enables you to securely control access to AWS services and resources • Fine grained control of user permissions, resources and actions • Configure users, groups, roles • Several multi factor authentication options • Hardware token or smartphone apps • Create a private AWS console URL (http://aws.yourcompany.com)
  29. 29. Enterprise management & security objectives 1. Secure and robust infrastructure 2. Control access and authorisation 3. Keep track of assets and configuration 4. Governance across everything
  30. 30. Using CloudFormation to deploy AWS configurations Template CloudFormation Stack Configuration files Framework Configured AWS services Data centre configurations can be treated as version controlled configurations Stack creation Comprehensive service support Stack updates Service event aware Error detection and rollback Customisable
  31. 31. Enterprise management & security objectives 1. Secure and robust infrastructure 2. Control access and authorisation 3. Keep track of assets and configuration 4. Governance across everything
  32. 32. AWS governance augments existing processes … Your compute Your configurations AWS configurations Your network AWS network Your storage Your Data Centers AWS compute AWS Storage Your On-Premises Apps Your Cloud Apps Direct Connect } } Existing governance processes VPC AWS governance enablers
  33. 33. … to give our customers governance over everything Governance processes Roles and responsibilities Configuration management Financial controls Monitoring and reporting Your Data Centers Secure processing, storage and transmission Network security Access control Identity and authorisation Visibility across the complete hybrid environment
  34. 34. Trusted Advisor offers further governance review • Online service from AWS Support – Analyzes account for various kinds of issues and possible concerns – Soon available as an API for integration with your tools or 3rd party solutions • Four categories: – – – – Cost savings Security Fault tolerance Performance
  35. 35. AWS Partners Complete the Picture AWS Partner Solutions Facilities Physical security Compute infrastructure Storage infrastructure Network infrastructure + = Secure hybrid environments Virtualization layer (EC2) Hardened service endpoints Rich IAM capabilities AWS Partners Build on AWS strong foundations to complete the enterprise security solution
  36. 36. Next Stop, Hybrid…… David Carless Cloud Computing Specialist – BMC Software (APAC)
  37. 37. Two revolutions in IT right now
  38. 38. REVOLUTION ONE The front end How services are consumed Its Mobile Its Social Expectations of IT have changed The Consumerization of IT
  39. 39. •REVOLUTION TWO The back end How services are delivered Pay as you use Scale up Scale down Always on Immediately available Making IT fast, flexible and personal Physical Virtual IaaS PaaS SaaS
  40. 40. Cloud is transforming the way we deliver IT The rise of the IT BROKER The Business IT / Cloud Management Platform Private Cloud SaaS Public Cloud 45 PaaS IaaS Legacy Apps
  41. 41. Enterprise Hybrid Cloud is the Future Reality Public Clouds Internal Private Clouds Virtual Private Clouds Dedicated Infrastructure 46
  42. 42. Why Enterprises are Embracing Cloud Computing Accelerate business Accelerate IT velocity Improve IT efficiency and effectiveness Enable innovation Enable alternative sourcing models based on economic, service level and compliance requirements Response to demand for“consumerisation” 47
  43. 43. Cloud Spending Is On The Rise In 2013-2014 Public Cloud Spending 2013-2014 (Gartner/IDC): • 60% of Fortune 1000’s will increase current public cloud spend • Spend on public cloud services will grow 18% in 2013-2014 • $131B in 2013 - $180B expected by 2015!
  44. 44. The cloud-enabled enterprise will be an agile, fierce competitor Current Future • Fixed Costs • ‘Pay by the Drink’ • Cumbersome • Responsive • Capital Intensive • Capital Light • High Maintenance and Run Costs • 40%+ Lower Maintenance and Run Costs • Security Issues • Managed Security • Business Lagging • Business Leading • Outdated • New Technologies The Agile Enterprise …Cloud is the “on-ramp” to the Agile Enterprise 49
  45. 45. The Goals of a Hybrid IT Environment • • • • • • • • A seamless end-user experience regardless of how a service is provisioned Present users with a single unified request portal Instantly Deploy complete multi-tier applications Seamlessly incorporate Public Cloud providers into IT architecture Integrate with change and configuration management Maintain Security and Compliance across all available resource sets Optimize CapEx and OpEx to meet business goals While automation is key, the governance, people and process change is most significant Single Pane of Glass
  46. 46. Misconception, Hybrid is not only “Cloudbursting”
  47. 47. Hybrid IT Vision: Implementing IT Operations and Policies in a Software based Management Platform
  48. 48. How do I make this work ? How do you empower users with self-service, implement cost effective sourcing strategies while maintaining Control and Governance…. What is the impact implementing a Hybrid environment with no change management ? ? What is the impact of implementing manual process to control my cloud ? How do I make this work ?
  49. 49. Impact of Control & Governance for Cloud No Control & Governance Manual Control & Automated Cloud Governance Management Platform Speed X Cost X Control X Service Quality ? ?
  50. 50. BMC & AWS Alliance ? 55
  51. 51. BMC and Amazon Web Services join forces to deliver Managed Hybrid computing environments On Premise Resources • • • Amazon EC2 Amazon Elastic Block Storage Amazon Virtual Private Cloud Unified Management of the Hybrid Cloud • • • • • Self Service Management Service Management • Seamless provisioning • Integrated Service Catalogue Service Governance and control Ongoing performance optimization Monitoring and Analytics
  52. 52. Cloud Management with BMC Software
  53. 53. BMC Cloud Lifecycle Management CLM 3.0 End-to-end Cloud Management Platform Service Catalog Single self-service portal Dynamic Provisioning of Multi-tier Services Cloud Service Delivery Policy based Placement and Governance Compliance and Change Configuration Mgmt Resource Management Totally Heterogenous Avoid and “vendor lock in”
  54. 54. BMC Cloud Lifecycle Management End-to-end Cloud Management Platform
  55. 55. Single, Unified User Request BMC Cloud Lifecycle Management Provide AWS Service Options
  56. 56. Automated provisioning of cloud services Provision complete cloud services with Post Deployment actions “No one wants an empty Ipad” From hardware… …To fully configured services Infrastructure • Physical machines • Virtual machines • Physical or virtual networks • Operating Systems Platforms • • • • • LAMP/WAMP IBM Websphere Microsoft SQL & .NET Oracle Databases Tibco Applications • • • • • Exchange Sharepoint COTS Custom Web App’s SAP /Oracle / etc Monitoring , compliance, configuration management Deliver a broad range of complete cloud services (With PDA) 61
  57. 57. Aug 2013 Nov 2013 Feb 2014 Portal Enterprise Web & OS/MW/RTE Content available Microsoft IIS 7.x Microsoft IIS 8.x Mid Tier MYSQL SE/EE MYSQL CCE DB Tier SQL 2K8R2 SQL 2K12 Virtual Liferay Portal 6.x GWS WAS 7.x WAS 8.x JBoss AS 7.1 WildFly 8 5.6 vFabric tc Server Oracle 11g Oracle 11g RAC RH 5.8 RH 6.2 W2K8R2 W2K12 NXT GEN Apache http 2.4 Gitla b HANA Gitorious WAPP LAPP APACHE ZOOKEEPER ownCloud Alfresco CMS
  58. 58. BMC Cloud Lifecycle Management End-to-end Cloud Management Platform
  59. 59. Service Governance & Compliance Place cloud services with policies & capacity data Across private, public, and hybrid clouds
  60. 60. Closed loop Compliance & Configuration Automation One platform for automation • Software packaging • Deployment • Patching • Policy management • Virtualization management Same solution for continuous compliance • Automated, periodic auditing • Automatic remediation generation • Reduced staff utilization • Consistent high levels of compliance • On-demand compliance reporting Unified architecture for configuration automation and compliance
  61. 61. BMC Cloud Lifecycle Management End-to-end Cloud Management Platform
  62. 62. Integrated and Automated Change Control Change Management 1. Simple integration 2. Agile, automated to IT release processes change management (e.g. standard change request to deploy a new cloud service) 3. “Embedded” change, patch, and incident processes (e.g. pre-approved change request to increase (e.g. drift mgmt, audit logging) capacity) 4. Enterprise Governance and Compliance (e.g. IT change policy adherence through automation)
  63. 63. BMC Cloud Lifecycle Management End-to-end Cloud Management Platform
  64. 64. BMC Software - AWS Resource Management capability Amazon Web Services •Fully Automated provisioning to AWS and support for provision, decommission, extend, start, stop, modify CPU/RAM •Full support for AWS VPC •Support for multiple regions and AZs •Multiple account management for AWS •Layered software deployments on top of AMIs •OOTB Content to create unique & “safe” MI’s •Clone AMIs associated with EBS •Specify AWS security groups •Support for Elastic IPs
  65. 65. BMC Cloud Lifecycle Management End-to-end Cloud Management Platform
  66. 66. Visibility of current and forecasted cloud capacity BMC Cloud Operations Management Monitor capacity utilization across data centers, private and public cloud infrastructures. Alert on upcoming saturation Perform what-if analysis for: • Expected growth rates • Unanticipated usage spikes • Changes to existing services Provide foundation for continued investment with utilization data by cloud service and users Prepare for cloud capacity demands and optimize investment decisions
  67. 67. Real-time insight on health with cloud panorama BMC Cloud Operations Management • Identify performance issues • Determine impacted users and organizations • Isolate root cause • Trigger automated repair Prioritize and resolve issues based on service levels and business priorities
  68. 68. Automated chargeback reporting for the business BMC Cloud Lifecycle Management records pricing in customer contract BMC Capacity Optimization • measures usage • reads service contract • calculates costs • produces reports by tenant and service level Accurately measure and charge for cloud resource consumption
  69. 69. The Power of BMC - Pearson
  70. 70. The Power of BMC - Pearson 50% Reduction in Global Time to Provision
  71. 71. With both BMC Software and AWS, IT can deliver the benefits of Cloud Across both on-premise and AWS cloud services: • Reduce up-front capital expenditures while managing existing IT – Reduce operational expenditure by Automating repeatable tasks. – Centralise cost reporting of Hybrid IT environment. • • • • • • Provision (IAAS, SAAS, PAAS), configured applications stacks automatically Ensure reliable cloud service performance for all users and services Deliver role-based access through a business-friendly self-service portal in BMC Cloud Lifecycle Management Ensure appropriate automated or manual change approval Maintain configurations and compliance rules Unify operations management for hybrid IT Unified Management of Hybrid Environments
  72. 72. SAFE CHOICE: A Mainstream Business for BMC BMC Cloud Lifecycle Management Customers Telco Clouds Service Provider Clouds Private Clouds
  73. 73. Thank you
  74. 74. Advanced Cloud Security for AWS Anthony Kim Sr. Engineer of Cloud Security Business TrendMicro (Korea)
  75. 75. The Global Growth of Cloud Computing Copyright 2013 Trend Micro Inc. 80 80
  76. 76. Source: Cloud Readiness Index 2012, Asia Cloud Computing Association Copyright 2013 Trend Micro Inc.
  77. 77. Enterprises and the Cloud … • • Security & compliance are top priorities for enterprise-wide adoption of the cloud Are cloud security needs that different than on-premise? – Cloud introduces the concept of shared responsibility for securing their services and applications running in the cloud • Security is not the only inhibitor … – Many organizations are reluctant to change status quo • Fear of the unknown • Cloud concepts & terminology intimidating • IT job loss concerns • Dramatic change from a process & operations perspective … • Not sure how/where to get started … Copyright 2013 Trend Micro Inc. 8
  78. 78. Cloud Security is a Shared Responsibility
  79. 79. Consumer of Cloud Services Responsibilities • Consumers of cloud services are responsible for – Security of the VMs/Instances (OS & Applications) – Ensuring SLA’s are maintained – Ultimately it boils down to protecting your instances from compromise, the integrity of the applications and privacy of data in the cloud… • How do you protect AWS instances? – Traditional network appliances are not feasible • On-premise control rely on physical network access – Agent based host security controls required
  80. 80. Need to Secure the Complete Journey to the Cloud The AWS Shared Responsibility Model OS Security  Application Security  OS Firewalls  Anti-Virus Integrity Monitoring  Storage Encryption Customer Domain Partner Eco-System Enterprise Applications  Facilities  Physical Security  Physical Infrastructure  Virtualized Infrastructure AWS Domain Enterprise Operating Systems
  81. 81. Security Considerations in the Cloud
  82. 82. Security Considerations in the Cloud Instance Awareness • Knowing that the instance is IN THE CLOUD • Understanding where the instance ‘lives’ and what its identity is • What security policies need to be applied?
  83. 83. Security Considerations in the Cloud Scale & Automation • Next generation applications will be elastic by nature • Security also needs to be elastic • All components, including security, need to work in concert to be effective
  84. 84. Security Considerations in the Cloud Complexity • Supporting large scale, distributed and even distinct cloud environments • Provides mitigation to ever-increasing vulnerabilities for applications & operating systems • Security to ensure confidentiality & integrity of data stored in cloud environment
  85. 85. Security Considerations in the Cloud Data Access & Governance • How do I ensure my data confidentiality & integrity? • Adopt necessary technology control to meet data privacy Copyright 2013 Trend Micro Inc. 10010011 01101100
  86. 86. Security Considerations in the Cloud  Security principles don’t change  Security policy don’t change  Implementation & management change  Extend your current security policy to the Cloud
  87. 87. Practical Guidance for Security in the Cloud
  88. 88. Cloud Security: Shared Responsibility What type of instance security controls are required? The Need Preferred Security Control Data confidentiality Encryption Block malicious software Anti-Malware Detect & track vulnerabilities Vulnerability scanning services Control server communications Host-firewalls Detect suspicious activity Intrusion Prevention Detect unauthorized changes File Integrity Monitoring Block OS & App vulnerabilities Patch & Virtual Patching Data monitoring & compliance Data Leakage Prevention
  89. 89. Trend Micro Deep Security for AWS Next Generation Security for Hybrid Datacenter Deep Packet Inspection Defend against SQL injections attacks, cross-site scripting attacks & other web application vulnerabilities Virtual Patching (IDS/IPS) Web Application Protection Application Control Leading Anti-Malware for Virtualization & Cloud Anti-Virus Firewall Optimizes the identification of important security events buried in log entries Log Inspection Integrity Monitoring Provide vulnerability shielding to known & zero-day vulnerabilities Increased visibility into, or control over, applications accessing the network Reduces attack surface. Prevents DoS & detects reconnaissance scans Monitors critical operating system and application files for unexpected changes Hybrid Datacenter Physical Virtual Private Cloud Public Cloud
  90. 90. Gartner Server Security Strategy From Gartner paper in decreasing order of importance) Trend Micro Deep Security capabilities Security configuration mgmt. Yes Patch mgmt. Yes (with Virtual Patching) Application control Yes File Integrity Monitoring (FIM) Yes Antimalware (file servers) Yes Deep Packet Inspection based HIPS Yes Antimalware (Windows) Yes Behavioural HIPS Yes Application firewalling Yes Traditional host based firewall Yes Device control - Full drive encryption Yes, with Trend Micro SecureCloud Removable device encryption -
  91. 91. Trend Micro Deep Security as a Service* DS as a Service Manager Service DS as a Manager Service DS as a Manager Service DS as a Manager Protection for AWS Instances *Available in North America now, APAC in 2014.
  92. 92. Which Deep Security version is for you? Buy Deep Security Software • Datacenter security requirements • Hybrid cloud environments • Prefer to run Deep Security Managers themselves • Require a solution now Buy Deep Security as a Service • • • • AWS only security requirement Prefer utility charging model Want the convenience of a SaaS Available in North America now, APAC in 2014
  93. 93. Trend Micro SecureCloud for AWS Securing and Controlling Sensitive Data in the Cloud Encryption Credit Card Payment PatientSecurity Numbers Sensitive Research Results Social Medical Records with Policy-based Information Key Management • Unreadable for unauthorized users • Control of when and where data is accessed • Server validation • Custody of keys Encrypt throughout your cloud journey — data protection for physical, virtual & cloud environments Copyright 2012 Trend Micro Inc. 10/28/2013 99
  94. 94. Trend Micro SecureCloud for AWS  Protection for data in the cloud  Automated encryption and key management  Solution that helps you protect the privacy of data in AWS, making sure that only authorized servers can access encryption keys.  Trend Micro’s highly automated data protection approach safely delivers encryption keys to valid devices without the need for you to deploy an entire file system and management infrastructure  Key benefits:  Policy-Based Key Management  Enterprise-Controlled Encryption and Key Management  Standard Protocols and Advanced Encryption  Authentication  Logging, Reporting, and Auditing  Separation of duties
  95. 95. Why Trend Micro for AWS?  Amazon Advanced Technology Partner  Deep Security is Common Criteria EAL 4+  #1 in Server Security (2012 IDC–Worldwide Endpoint Security Revenue Share by Vendor, 2011)  #1 in Virtualization Security (2011 Technavio – Global Virtualization Security Management Solutions)  #1 in Cloud Security (2012 Technavio – Global Security World Market)  1st & only security that extends from enterprise datacenter to cloud  Optimized for AWS
  96. 96. Thank you
  1. Gostou de algum slide específico?

    Recortar slides é uma maneira fácil de colecionar informações para acessar mais tarde.

×