Skip the Security Slow Lane with VMware Cloud on AWS

Bryan Webster, Principal Architect, Trend MicroDharmesh Chovatia, Cap Gemini

SAI3316BUS

VMworld #SAI3316BUS

Skip the Security Slow Lane with VMware Cloud on AWS

• This presentation may contain product features that are currently under development.• This overview of new technology represents no commitment from VMware to deliver these

features in any generally available product.• Features are subject to change, and must not be included in contracts, purchase orders, or

sales agreements of any kind.• Technical feasibility and market demand will affect final delivery.• Pricing and packaging for any new technologies or features discussed or presented have not

been determined.

Disclaimer

2#SAI3316BUS CONFIDENTIAL

Why cloud in the first place?


Who’s driving this train?

Technology budgets shifting from IT to Business Units

4

Need to move code quickly from dev to production

IT seen as reducing business speed

IT

#SAI3316BUS CONFIDENTIAL

Split-Brain IT leads to…

5

Cloud DC


Disruption at its finest

6

PremiseDC


Why do we care?

Security teams blinded to environment specific risks

7

Loss of consolidated audit and logging capabilities

Inability to leverage targeted efficiency in teams


Hybrid Is here to stay


Challenges bringing hybrid to reality

Visibility

9

Inconsistent tooling Industry and business experience


What does visibility really mean?


Too many…

Agents..

11

Consoles.. and tools


Expertise


VMware Cloud on AWS


VMware Cloud on AWS


VMware Cloud on AWS


Learnings from Capgemini


Who is Capgemini

17

As a Leader in the Gartner Magic Quadrantfor SAP Implementation Services, Worldwide. (July 2015)*See disclaimer

In the Leaders category in The Forrester Wave™: Global Infrastructure Outsourcing Wave™, Q1 2015. (Jan 2015)

In the Leaders category in The Forrester Wave™:Salesforce.com Implementation Partners in 2015 (June 2015)

As a Leader in IDC MarketScape: Worldwide Application Modernization Services for Digital Transformation Vendor Assessment (Dec. 2015)

2015 2016As a Leaderin The Forrester Wave ™: Services Providers For Next-Generation SAP Products, Q1 2016

In the Leaders category applicationin The Forrester Wave™: Services Providers for Next-Generation Oracle projects, Q3 2016

As a Major Playerin the IDC MarketScape: Worldwide Business Analytics Consulting and Systems Integration Services 2016 Vendor Assessment (Apr 2016)

As a Major Playerin the IDC MarketScape: Worldwide Big Data Consulting and Systems Integration Services 2016 Vendor Assessment (May 2016)

As a Major Playerin the IDC MarketScape on Digital Strategy Consulting in 2016 for Worldwide, North America, EMEA and Asia Pacific (May 2016)

Diversified and Robust

Financial Performance

Consistently Recognized as

a Market Leader

Revenue by Industry

11%

26%

17%4%

19%

7%

16%Energy, Utilities and Chemicals

Financial Services

Public Sector

Telecom, Media & Entertainment

Consumer Products,Retail, Distribution & Transportation

Manufacturing, Automotive& Life Sciences

Others

2016 Operating Margin

$1.59 billion

2016 Operating Profit

$1.27billion

2016 Revenue

$13.8billion


Capgemini Infrastructure, Cloud and Cybersecurity Managed Services

18

End-to-end cloud services portfolio

• Cloud strategy and advisory• Cloud migration and hybrid cloud managed services• Cloud native development and integration• Private cloud hosting and transformation

Industrialized, proven assets to accelerate timeline• Capgemini Application Profiler

• Cloud migration factory (CMF)

• Capgemini Cloud Managed Services (CCMS)

• Infrastructure Monitoring Operations Center (IMOCTM)

Comprehensive cybersecurity approach

Global Presence• State-of-the-art GSOCs for security monitoring & protection

• End-to-end cybersecurity consulting


Problem we were trying to Solve

19

• Cloud changes the security monitoring and protection.

• There are no facilities to deploy a Network based IDS/IPS.

• Perimeter security is typically at L4, unless expensive security virtual appliances are deployed

• Non-Standard and non-uniform security configurations between cloud vendors.

• Workloads are scalable and variable.• Cloud vendors have security control as part of

the platform and integration is often via an API.• Cloud vendors protect underneath infrastructure

but virtual resources are customers’ responsibility.

Traditional Security Tiers


Cloud Security Model with Trend

Hypervisor

Compute Storage Networking

Bare Metal Infrastructure

Client-side Data Encryption & Data Integrity Authentication

Server-side Encryption (File System and/or Data)

Network Traffic Protection(Encryption/Integrity/Identity)

Platform, Applications, Identity & Access Management

Operating System, Network & Firewall Configuration

Customer Data

Clo

ud P

rovi

der

Cap

gem

ini

§ DDoS (Distributed Denial of Service): § Standard Mitigation Technique in effect

§ MITM (Man in the Middle)§ API Endpoints protected by SSL

§ IP Spoofing:§ Prohibited at instance level

§ Unauthorized Port Scanning:§ Violation of TOS§ Detected, stopped and blocked§ Inbound ports are blocked by default

§ Packet Sniffing§ Promiscuous Mode is ineffective

Clo

ud V

endo

rBu

ilt-in

Sec

tool

s

Inst

ance

Prot

ectio

nsSe

c to

ols


Modules in Deep Security

21

NetworkSecurity

Firewall Vulnerability Scanning

Intrusion Prevention

Stop network attacks, shield vulnerable applications & servers

Anti-Malware

Sandbox Analysis

MalwarePrevention

Stop malware & targeted attacks

Behavioral Analysis & Machine Learning(2H/17)

SystemSecurity

Lock down systems & detect suspicious activity

Application Control

Integrity Monitoring

Log Inspection


Agent based Architecture and Deployment

22

Deep Security


Parting thoughts


As your digital transformation continues…

• Look for capabilities and design patterns to give you the greatest uniform visibility across the enterprise

• Enterprise Transformation in cloud is an opportunity to consolidate tooling and reduce the impact of:– Personnel training and context switching– Overhead on compute resources from too many agents– Server platforms, databases, and consoles to maintain

• Build hybrid teams for hybrid infrastructure• Transformation doesn’t have to stop at technologies

– Transform IT from the org perceived as innovation crushing to enabler– Deliver capabilities to platform teams and let them focus on their business– Leverage existing expertise to build your hybrid infrastructure


Always more to learn…

• …. and we can’t wait to learn from all of you.

• Please come tell us about your hybrid journey at Booth #610

• and see what else we’ve learned from you on the web at

• https://www.trendmicro.com/vmware/cloud/

25

Date post:	21-Jan-2018
Category:	Technology
Upload:	trend-micro
View:	547 times
Download:	0 times