SECURITY OF THE CLOUDa providers view of security

@marknca

Mark Nunnikhoven Vice President, Cloud & Emerging Technologies Trend Micro @marknca

Modelling security for the cloud

TRADITIONAL ResponsibilitY

Physical Operating SystemInfrastructure ApplicationNetwork DataVirtualization

SHARED ResponsibilitY

Physical Operating SystemInfrastructure ApplicationNetwork DataVirtualization Service Options

SHARED ResponsibilitY

Physical Operating SystemInfrastructure ApplicationNetwork DataVirtualization Service Options

Verify

Physical

Network

Virtualization

Operation System

Application

Data

DIY SaaSIaaS PaaS

*you

Less responsibilities

CONSUMER

More responsibilities

Less responsibilities

CONSUMER

More responsibilities

PROVIDER

Less responsibilities

More responsibilities

PROVIDER

OF the cloud

SHARED ResponsibilitY

PhysicalInfrastructureNetworkVirtualization

Operating SystemApplicationData

SHARED ResponsibilitY

PhysicalInfrastructureNetworkVirtualizationOperating SystemApplicationData

SHARED ResponsibilitY

PhysicalInfrastructureNetworkVirtualizationOperating SystemApplicationData

PhysicalInfrastructureNetworkVirtualization

SaaS

PaaS

IaaS

PHYSICAL

Multiple data centres per region Multiple regions available [ 11 | 17 ] Operation endpoints around the world

AWS: hּמp://aws.amazon.com/about-aws/global-infrastructure/ Azure: hּמp://azure.microsoﬞ.com/en-gb/regions/

INFRASTRUCTURE

Redundant interconnects Hardline connects to customers Redundant power, HVAC

AWS: hּמp://aws.amazon.com/directconnect/ Azure: hּמp://azure.microsoﬞ.com/en-gb/services/expressroute/

NETWORK

Publicly accessible know IPv4 space IPv6 support (*AWS ELB only) Private routing, subnet, ACLs

VIRTUALIZATION

Process isolation [ XEN, HyperV ] Image integrity Resource isolation

Verify

AWS

More details at hּמp://aws.amazon.com/compliance/

PCI DSS Level 1 SOC 1/ISAE 3402 SOC 2 SOC 3 ISO 9001 IRAP (.au) FIPS 140-2

Current certificationsCJIS CSA FERPA HIPAA FedRAMP (SM) DoD CSM 1-2, 3-5 DIACAP

ISO 27001 MTCS 3 ITAR MPAA G-Cloud Section 508/VPAT FISMA

Azure

More details at hּמp://azure.microsoﬞ.com/en-us/support/trust-center/compliance/

PCI DSS Level 1 SOC 1/ISAE 3402 SOC 2 SOC 3 ISO 9001 IRAP (.au) FIPS 140-2 ISO 27002 CCCPPF

Current certificationsCJIS CSA FERPA HIPAA FedRAMP (SM) DoD CSM 1-2, 3-5 DIACAP EU Model Clauses MLPS (.cn)

ISO 27001 MTCS 1 ITAR MPAA G-Cloud Section 508/VPAT FISMA FDA 21 CFR

FOCUS

PCI DSS Level 1 SOC 2/3 SOC 1/ISAE 3402

Certifications

FOCUSCertifications

Security Security Baseline

PCI DSS Level 1 SOC 2SOC 1/

AWS Compliance hּמp://aws.amazon.com/compliance/

Microsoﬞ Azure Trust Center hּמp://azure.microsoﬞ.com/en-us/support/trust-center/

Just because the provider is certified doesn’t mean your deployment will be. You have work to do.

Anonymous AWS employee

Options : Responsibilities

TREND MICRO’s DEEP SECURITYAnti-malware Content filtering Firewall Intrusion Prevention Integrity Monitoring Log Inspection

Learn more at aws.trendmicro.com

@marknca

Thank you.Learn more at aws.trendmicro.com