Who Owns Security in the Cloud?Dave Asprey • VP Cloud Security                   Trend Micro Confidential 7/25/2011   Copy...
Cloud Computing in the 21st Century    Cloud computing accounts                                                           ...
Cloud Computing Challenges Numerous new compliance issues Potential areas of data security risk Invalidates traditional ap...
Why use the Cloud?     Public Cloud Benefits                                                               Private Cloud B...
Perimeter Security Isn’t DeadTWO SCENARIOS TOSECURING THE CLOUD                    Trend Micro Confidential 7/25/2011   Co...
Perimeter Security                                                                                                    Fire...
Extending your Perimeter to the Cloud:Scenario #1      Approach                                                           ...
Scenario #1        Risks                                                                                       Mitigation•...
Extending the Cloud into the Enterprise:Scenario #2                                                                       ...
Scenario #2         Risks  • Lack of visibility into physical    and/or access logs remain  • Liability for negligence    ...
How to Manage the Gaps in yourCloud Security Policies?                    Secure your cloud servers as you secure         ...
Securing the Cloud Successfully                                           Store encryption keys in a separate location    ...
Thank youTo read more on Securing Your Journey to the Cloud, visitwww.cloudjourney.com                     Trend Micro Con...
Upcoming SlideShare
Loading in...5
×

Who owns security in the cloud

2,089
-1

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,089
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
22
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Who owns security in the cloud

  1. 1. Who Owns Security in the Cloud?Dave Asprey • VP Cloud Security Trend Micro Confidential 7/25/2011 Copyright 2011 Trend Micro Inc. 1
  2. 2. Cloud Computing in the 21st Century Cloud computing accounts Infrastructure as a Service for unparalleled benefits in… (IaaS) • Simplified, pay-per-use IT • Efficiencies Outsourced networking, storage, server, and • Cost savings operational elements • Scalability • Offers greater autonomy than Software as a Service (SaaS) for more security controls Trend Micro Confidential 7/25/2011 Copyright 2011 Trend Micro Inc. 2
  3. 3. Cloud Computing Challenges Numerous new compliance issues Potential areas of data security risk Invalidates traditional approaches to security Where does security responsibility and accountability lie? Trend Micro Confidential 7/25/2011 Copyright 2011 Trend Micro Inc. 3
  4. 4. Why use the Cloud? Public Cloud Benefits Private Cloud Benefits• OPEX (Operating Expense vs. CAPEX (Capital expense)• Avoids expenditure on hardware, • Increases flexibility software and other infrastructure services • Improves responsiveness• Firms dynamically scale according to to internal customers’ needs their computing needs in real-time• Improves business agility Trend Micro Confidential 7/25/2011 Copyright 2011 Trend Micro Inc. 4
  5. 5. Perimeter Security Isn’t DeadTWO SCENARIOS TOSECURING THE CLOUD Trend Micro Confidential 7/25/2011 Copyright 2011 Trend Micro Inc. 5
  6. 6. Perimeter Security Firewalls, intrusion prevention, Traditional perimeter standard security functionality security models and the cloud Additional security levels required in the cloud Perimeter security now Extend firms perimeter into the cloud becoming part of overall security architecture within the cloud Extend cloud inside firms perimeter Trend Micro Confidential 7/25/2011 Copyright 2011 Trend Micro Inc. 6
  7. 7. Extending your Perimeter to the Cloud:Scenario #1 Approach Benefits • Create an IPSec VPN tunnel • Simplified, pay-per-use IT to your public cloud Outsourced networking, provider’s servers storage, server, and • Enterprise-grade security in operational elements the public cloud server • Offers greater autonomy than • Security software and Software as a Service (SaaS) virtual appliances for more security controls Trend Micro Confidential 7/25/2011 Copyright 2011 Trend Micro Inc. 7
  8. 8. Scenario #1 Risks Mitigation• May introduce risks associated with the • Maintain access logs security of the secured cloud to your • Data encryption should be standard architecture • Cloud and internal servers should• Creates additional perimeter monitor for suspicious traffic to secure • Add an extra DMZ and firewall• Cloud servers subjected to new threats • Security on cloud servers • Not given cloud provider’s physical • IDS/IPS bi-directional firewall etc. or admin access logs • With critical data in the cloud • Shared storage • Look for strict adherence to • Public cloud providers are not as security best practices strict on security • Examine your provider’s SLAs and • Reimbursement for Data breach security policy • ISO 27001 and SAS70 II Trend Micro Confidential 7/25/2011 Copyright 2011 Trend Micro Inc. 8
  9. 9. Extending the Cloud into the Enterprise:Scenario #2 Approach • Cloud extends inside your perimeter • Involves agreeing to • an IaaS public cloud provider • Or cloud-based MSSP installing a cloud node on site. Benefits • Increasingly popular among larger enterprises • Well understood model Trend Micro Confidential 7/25/2011 Copyright 2011 Trend Micro Inc. 9
  10. 10. Scenario #2 Risks • Lack of visibility into physical and/or access logs remain • Liability for negligence • Reimbursement for cost of service only • Providers have access to your network and application data • Must be trusted Trend Micro Confidential 7/25/2011 Copyright 2011 Trend Micro Inc. 10
  11. 11. How to Manage the Gaps in yourCloud Security Policies? Secure your cloud servers as you secure internal servers – IDS/IPS, DLP tools – bi-directional firewall – Encryption Vital to understand how much network monitoring and access your provider allows Encryption of data is important Accelerated speed in which servers are created in the private cloud Must be properly managed by IT Trend Micro Confidential 7/25/2011 Copyright 2011 Trend Micro Inc. 11
  12. 12. Securing the Cloud Successfully Store encryption keys in a separate location Enterprises Not accessible to the cloud provider Deploy all security tool in the cloud Be transparent regarding… security policies Cloud providers procedures network traffic Clarify SLAs so… customers are clear on security features Private cloud Create a central authorization process environments Be prepared Trend Micro Confidential 7/25/2011 Copyright 2011 Trend Micro Inc.
  13. 13. Thank youTo read more on Securing Your Journey to the Cloud, visitwww.cloudjourney.com Trend Micro Confidential 7/25/2011 Copyright 2011 Trend Micro Inc. 13
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×