The presentation discusses the importance of adapting to cloud technology for businesses, emphasizing the transition of budgets and resources from IT to business units. It highlights challenges such as visibility and security in hybrid environments and suggests that organizations should consolidate their tools and leverage existing expertise to enhance their hybrid infrastructure. Capgemini's significant market presence and comprehensive cloud and cybersecurity services are also outlined as key components in navigating these changes.

1. Bryan Webster, Principal Architect, Trend Micro
Dharmesh Chovatia, Cap Gemini
SAI3316BUS
VMworld #SAI3316BUS
Skip the Security Slow
Lane with VMware Cloud
on AWS

2. • This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these
features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or
sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not
been determined.
Disclaimer
2#SAI3316BUS CONFIDENTIAL

3. Why cloud in the first place?
3#SAI3316BUS CONFIDENTIAL

4. Who’s driving this train?
Technology budgets
shifting from IT to
Business Units
4
Need to move code
quickly from dev to
production
IT seen as reducing
business speed
IT
#SAI3316BUS CONFIDENTIAL

5. Split-Brain IT leads to…
5
Cloud DC
#SAI3316BUS CONFIDENTIAL

6. Disruption at its finest
6
Premise DC
#SAI3316BUS CONFIDENTIAL

7. Why do we care?
Security teams blinded to
environment specific risks
7
Loss of consolidated audit
and logging capabilities
Inability to leverage
targeted efficiency in
teams
#SAI3316BUS CONFIDENTIAL

8. Hybrid Is here to stay
8#SAI3316BUS CONFIDENTIAL

9. Challenges bringing hybrid to reality
Visibility
9
Inconsistent tooling Industry and business
experience
#SAI3316BUS CONFIDENTIAL

10. What does visibility really mean?
10#SAI3316BUS CONFIDENTIAL

11. Too many…
Agents..
11
Consoles.. and tools
#SAI3316BUS CONFIDENTIAL

12. Expertise
12#SAI3316BUS CONFIDENTIAL

13. VMware Cloud on AWS
13#SAI3316BUS CONFIDENTIAL

14. VMware Cloud on AWS
14#SAI3316BUS CONFIDENTIAL

15. VMware Cloud on AWS
15#SAI3316BUS CONFIDENTIAL

16. Learnings from Capgemini
#SAI3316BUS CONFIDENTIAL

17. Who is Capgemini
17
As a Leader
in the Gartner
Magic Quadrant
for SAP Implementation
Services, Worldwide.
(July 2015)
*See disclaimer
In the Leaders category
in The Forrester Wave™:
Global Infrastructure
Outsourcing
Wave™, Q1
2015. (Jan 2015)
In the Leaders
category
in The Forrester
Wave™:
Salesforce.com
Implementation Partners
in 2015 (June 2015)
As a Leader
in IDC MarketScape: Worldwide
Application Modernization
Services for Digital
Transformation
Vendor Assessment (Dec. 2015)
2015 2016
As a Leader
in The Forrester Wave
™: Services Providers
For Next-Generation
SAP Products, Q1 2016
In the Leaders category
application
in The Forrester Wave™:
Services Providers for
Next-Generation Oracle
projects, Q3 2016
As a Major Player
in the IDC MarketScape:
Worldwide Business Analytics
Consulting and Systems
Integration
Services 2016 Vendor
Assessment
(Apr 2016)
As a Major Player
in the IDC MarketScape:
Worldwide Big Data
Consulting and Systems
Integration Services 2016
Vendor Assessment
(May 2016)
As a Major Player
in the IDC MarketScape
on Digital Strategy
Consulting in 2016 for
Worldwide, North America,
EMEA and Asia Pacific
(May 2016)
Diversified and
Robust
Financial
Performance
Consistently
Recognized as
a Market
Leader
Revenue by
Industry
11%
26%
17%4%
19%
7%
16%
Energy, Utilities and
Chemicals
Financial
Services
Public Sector
Telecom,
Media &
Entertainment
Consumer Products,
Retail, Distribution
& Transportation
Manufacturing,
Automotive
& Life Sciences
Others
2016 Operating Margin
$1.59
billion
2016 Operating Profit
$1.27
billion
2016 Revenue
$13.8
billion
#SAI3316BUS CONFIDENTIAL

18. Capgemini Infrastructure, Cloud and Cybersecurity Managed
Services
18
End-to-end cloud services portfolio
• Cloud strategy and advisory
• Cloud migration and hybrid cloud managed services
• Cloud native development and integration
• Private cloud hosting and transformation
Industrialized, proven assets to accelerate timeline
• Capgemini Application Profiler
• Cloud migration factory (CMF)
• Capgemini Cloud Managed Services (CCMS)
• Infrastructure Monitoring Operations Center (IMOCTM)
Comprehensive cybersecurity approach
Global Presence• State-of-the-art GSOCs for security monitoring & protection
• End-to-end cybersecurity consulting
#SAI3316BUS CONFIDENTIAL

19. Problem we were trying to Solve
19
• Cloud changes the security monitoring and
protection.
• There are no facilities to deploy a Network
based IDS/IPS.
• Perimeter security is typically at L4, unless
expensive security virtual appliances are
deployed
• Non-Standard and non-uniform security
configurations between cloud vendors.
• Workloads are scalable and variable.
• Cloud vendors have security control as part of
the platform and integration is often via an API.
• Cloud vendors protect underneath infrastructure
but virtual resources are customers’
responsibility.
Traditional Security Tiers
#SAI3316BUS CONFIDENTIAL

20. Cloud Security Model with Trend
Hypervisor
Compute Storage Networking
Bare Metal
Infrastructure
Client-side Data Encryption & Data
Integrity Authentication
Server-side Encryption
(File System and/or Data)
Network Traffic Protection
(Encryption/Integrity/Identity)
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer Data
CloudProviderCapgemini
§ DDoS (Distributed Denial of Service):
§ Standard Mitigation Technique in effect
§ MITM (Man in the Middle)
§ API Endpoints protected by SSL
§ IP Spoofing:
§ Prohibited at instance level
§ Unauthorized Port Scanning:
§ Violation of TOS
§ Detected, stopped and blocked
§ Inbound ports are blocked by default
§ Packet Sniffing
§ Promiscuous Mode is ineffective
CloudVendor
Built-in
Sectools
Instance
Protections
Sectools
#SAI3316BUS CONFIDENTIAL

21. Modules in Deep Security
21
Network Security
Firewall
Vulnerability
Scanning
Intrusion
Prevention
Stop network attacks,
shield vulnerable
applications & servers
Anti-
Malware
Sandbox
Analysis
Malware Prevention
Stop malware &
targeted attacks
Behavioral
Analysis &
Machine
Learning
(2H/17)
System Security
Lock down systems &
detect suspicious activity
Application
Control
Integrity
Monitoring
Log
Inspection
#SAI3316BUS CONFIDENTIAL

22. Agent based Architecture and Deployment
22
Deep Security
#SAI3316BUS CONFIDENTIAL

23. Parting thoughts
#SAI3316BUS CONFIDENTIAL

24. As your digital transformation continues…
• Look for capabilities and design patterns to give you the greatest uniform visibility across the
enterprise
• Enterprise Transformation in cloud is an opportunity to consolidate tooling and reduce the
impact of:
– Personnel training and context switching
– Overhead on compute resources from too many agents
– Server platforms, databases, and consoles to maintain
• Build hybrid teams for hybrid infrastructure
• Transformation doesn’t have to stop at technologies
– Transform IT from the org perceived as innovation crushing to enabler
– Deliver capabilities to platform teams and let them focus on their business
– Leverage existing expertise to build your hybrid infrastructure
24#SAI3316BUS CONFIDENTIAL

25. Always more to learn…
• …. and we can’t wait to learn from all of you.
• Please come tell us about your hybrid journey at Booth #610
• and see what else we’ve learned from you on the web at
• https://www.trendmicro.com/vmware/cloud/
25