Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Cloud Security is a Shared Responsibility
Allan MacPhee, Trend Micro
November 28, 2012
Agenda
• Security and the cloud
• Who is responsible for cloud security?
• How is security in the cloud different?
• Trend...
Cloud customer adoption survey …
Source: Ponemon – Security of cloud computing providers
10 / 11 concerns raised
were rela...
What customers tell us …
• Data sovereignty
– Concerns over ownership of data
• Who owns the data? customer, provider, gov...
What customers tell us …
• Multi-tenancy Concerns
– Risk of configuration errors leading to data exposure
– How can I prot...
Who is responsible for cloud security?
Source: Ponemon – Security of cloud computing providers
So what is your CSP responsible for?
• CSP responsibilities
1. Physical security
2. Personnel security
3. Infrastructure s...
Why AWS is a good choice …
Certifications
 Publishes a Service Organization Controls 1 (SOC1), Type 2
report
 Registered...
As a customer, what are my responsibilities?
• Protect instances from being compromised
– Security principles don’t change...
Instance Location
Challenge:
• Understanding where servers are running
• How to verify that it is a server you own and tru...
Scale & Automation
Challenge:
• Cloud applications dynamically scale up & down as
capacity requirements change
Security re...
Cloud Compatibility
Challenge:
• Supporting large scale, distributed and even distinct
cloud environments or vendors
Secur...
Trend Micro Global 500 Penetration
Trend Micro protects
100%of the top 10
automotivecompanies.
Trend Micro protects
96%of ...
Securing the cloud with Trend Micro
12/6/2012 14Confidential | Copyright 2012 Trend Micro Inc.
Optimized for AWS
• AWS Inv...
Deep Security Demo
Best Practices & Recommendations
Be proactive & create a cloud plan
• Interview LOB’s to understand their needs and
expectations
• Identify services / appl...
Thank You
Questions?
Upcoming SlideShare
Loading in …5
×

SPR203 : Cloud Security is a Shared Responsibility

1,004 views

Published on

Presented at the first re:Invent conference in 2012. This slide deck was written by Allan MacPhee and presented by Dave Asprey & Mark Nunnikhoven (me).

This was the first time we--the Trend Micro team--had worked with AWS to ensure that all AWS users were aware of the shared responsibility model and what is required for strong security in the cloud.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

SPR203 : Cloud Security is a Shared Responsibility

  1. 1. Cloud Security is a Shared Responsibility Allan MacPhee, Trend Micro November 28, 2012
  2. 2. Agenda • Security and the cloud • Who is responsible for cloud security? • How is security in the cloud different? • Trend Micro securing your journey to the cloud • Best practices & recommendations
  3. 3. Cloud customer adoption survey … Source: Ponemon – Security of cloud computing providers 10 / 11 concerns raised were related to security Data protection was the #1 concern
  4. 4. What customers tell us … • Data sovereignty – Concerns over ownership of data • Who owns the data? customer, provider, government? • Data privacy concerns > other tenants, attacks against my data … – Will my data leave the country? – If I terminate a cloud server, do copies of my data still exist in the cloud? – US Patriot Act • Could USA law enforcement gain access to my systems and data?
  5. 5. What customers tell us … • Multi-tenancy Concerns – Risk of configuration errors leading to data exposure – How can I protect my cloud servers from attack? – Will I even know my cloud servers are being attacked? • Compliance – How can I use the cloud and still meet internal and external compliance requirements? – Who is responsible for cloud security?
  6. 6. Who is responsible for cloud security? Source: Ponemon – Security of cloud computing providers
  7. 7. So what is your CSP responsible for? • CSP responsibilities 1. Physical security 2. Personnel security 3. Infrastructure security 4. Operational security • Certification of the service offering x SAS 70/SSAE 16 Type 1 SOC 1 SSAE 16 Type 2 SOC 1 PCI DSS Service Provider certification
  8. 8. Why AWS is a good choice … Certifications  Publishes a Service Organization Controls 1 (SOC1), Type 2 report  Registered with CSA Security, Trust & Assurance Registry (STAR)  Level 1 validated service provider under the PCI DSS Service – EC2,VPC, dedicated instances and GovCloud offerings – Advanced authentication services: MFA, IAM roles, roles for EC2 – Allows penetration tests per PCI DSS v2.0 requirements
  9. 9. As a customer, what are my responsibilities? • Protect instances from being compromised – Security principles don’t change Cloud Servers require protection Data confidentiality The Need Preferred Security Control Block OS & App vulnerability exploits Patching & vulnerability shielding Block malicious software Anti-malware Control server communication Firewall & Web Reputation Services Detect suspicious network traffic IDS/IPS Deep Packet Inspection Detect unauthorized system changes Integrity Monitoring Encryption • How security works in the cloud is drastically different!
  10. 10. Instance Location Challenge: • Understanding where servers are running • How to verify that it is a server you own and trust is attempting to access sensitive data Security requirement: • Awareness that servers are running in the cloud for starters! • Confirm the identity & location of servers running in the cloud • Detect and block access from rogue servers • Apply the appropriate security controls based upon location
  11. 11. Scale & Automation Challenge: • Cloud applications dynamically scale up & down as capacity requirements change Security requirement: • Automate protection of new instances w/o requiring administrative actions • Gracefully deal with instances that have been terminated, avoid “orphaned servers” • Integrate and support cloud management tools such as RightScale, Chef, Puppet, et.
  12. 12. Cloud Compatibility Challenge: • Supporting large scale, distributed and even distinct cloud environments or vendors Security requirement: • Security that is intelligent and flexible to deal with – Multiple environments & AWS regions /AZ’s – Non-persistent IP addresses & host names – Firewall routing, VPCs, private/public IP’s, ELBs, etc. – Storage options: ephemeral, EBS, AWS storage gateways, S3, RDS
  13. 13. Trend Micro Global 500 Penetration Trend Micro protects 100%of the top 10 automotivecompanies. Trend Micro protects 96%of the top 50 global corporations. Trend Micro protects 100%of the top 10 telecom companies. Trend Micro protects 80%of the top 10 banks. Trend Micro protects 90%of the top 10 oil companies. In calculating the above data, the percentage useof Trend Micro products include usage by parent companies and/or usage by any of their subsidiaries of any Trend Micro product or service. Source: http://money.cnn.com/magazines/fortune/global500/2011/index.html • 48 of the top 50 Global Corporations • 10 of the top 10 Automotive companies • 10 of the top 10 Telecom companies • 8 of the top 10 Banks • 9 of the top 10 Oil companies Trust Trend Micro security solutions* 12/6/2012 13
  14. 14. Securing the cloud with Trend Micro 12/6/2012 14Confidential | Copyright 2012 Trend Micro Inc. Optimized for AWS • AWS Inventory synchronization • Multi-tenant support • AWS cloud encryption • RightScale, Chef, Puppet automation scripts • Location awareness • Support compliance requirements (PCI, HIPAA)
  15. 15. Deep Security Demo
  16. 16. Best Practices & Recommendations
  17. 17. Be proactive & create a cloud plan • Interview LOB’s to understand their needs and expectations • Identify services / application cloud candidates • Plan for the worst case • Think of security as an enabler • Don’t say No, say how?
  18. 18. Thank You Questions?

×