Copyright 2011 Trend Micro Inc.

Dave Asprey • VP Cloud Security

Who Owns Security in the Cloud?

Trend Micro Confidential 7/25/2011 1

Copyright 2011 Trend Micro Inc.

Cloud Computing in the 21st Century

Trend Micro Confidential 7/25/2011 2

• Simplified, pay-per-use IT

Outsourced networking,

storage, server, and

operational elements

• Offers greater autonomy than

Software as a Service (SaaS)

for more security controls

Infrastructure as a Service

(IaaS)

• Efficiencies

• Cost savings

• Scalability

Cloud computing accounts

for unparalleled benefits in…

Copyright 2011 Trend Micro Inc.

Cloud Computing Challenges

Trend Micro Confidential 7/25/2011 3

Numerous new compliance issues

Where does security responsibility

and accountability lie?

Invalidates traditional approaches

to security

Potential areas of data security risk

Copyright 2011 Trend Micro Inc.

Why use the Cloud?

Trend Micro Confidential 7/25/2011 4

Public Cloud Benefits

• OPEX (Operating Expense vs. CAPEX

(Capital expense)

• Avoids expenditure on hardware,

software and other infrastructure

services

• Firms dynamically scale according to

their computing needs in real-time

• Improves business agility

Private Cloud Benefits

• Increases flexibility

• Improves responsiveness

to internal customers’ needs

Copyright 2011 Trend Micro Inc.

TWO SCENARIOS TO SECURING THE CLOUD

Perimeter Security Isn’t Dead

Trend Micro Confidential 7/25/2011 5

Copyright 2011 Trend Micro Inc.

Perimeter Security

Trend Micro Confidential 7/25/2011 6

Firewalls, intrusion prevention,standard security functionality

Additional security levels required in the cloud

Extend firms perimeter into the cloud

Extend cloud inside firms perimeter

Traditional perimeter security models

and the cloud

Perimeter security now

becoming part of overall

security architecture

within the cloud

Copyright 2011 Trend Micro Inc.

Extending your Perimeter to the Cloud: Scenario #1

Trend Micro Confidential 7/25/2011 7

• Simplified, pay-per-use IT

Outsourced networking,

storage, server, and

operational elements

• Offers greater autonomy than

Software as a Service (SaaS)

for more security controls

Benefits

• Create an IPSec VPN tunnel

to your public cloud

provider’s servers

• Enterprise-grade security in

the public cloud server

• Security software and

virtual appliances

Approach

Copyright 2011 Trend Micro Inc.

Scenario #1

Trend Micro Confidential 7/25/2011 8

• May introduce risks associated with the

security of the secured cloud to your

architecture

• Creates additional perimeter

to secure

• Cloud servers subjected to

new threats

• Not given cloud provider’s physical

or admin access logs

• Shared storage

• Public cloud providers are not as

strict on security

• Reimbursement for Data breach

Risks Mitigation

• Maintain access logs

• Data encryption should be standard

• Cloud and internal servers should

monitor for suspicious traffic

• Add an extra DMZ and firewall

• Security on cloud servers

• IDS/IPS bi-directional firewall etc.

• With critical data in the cloud

• Look for strict adherence to

security best practices

• Examine your provider’s SLAs and

security policy

• ISO 27001 and SAS70 II

Copyright 2011 Trend Micro Inc.

Extending the Cloud into the Enterprise:Scenario #2

Trend Micro Confidential 7/25/2011 9

• Cloud extends inside your

perimeter

• Involves agreeing to

• an IaaS public cloud provider

• Or cloud-based MSSP installing a

cloud node on site.

Approach

• Increasingly popular among

larger enterprises

• Well understood model

Benefits

Copyright 2011 Trend Micro Inc.

Scenario #2

Trend Micro Confidential 7/25/2011 10

• Lack of visibility into physical

and/or access logs remain

• Liability for negligence

• Reimbursement for cost

of service only

• Providers have access to your

network and application data

• Must be trusted

Risks

Copyright 2011 Trend Micro Inc.

How to Manage the Gaps in your Cloud Security Policies?

Trend Micro Confidential 7/25/2011 11

Secure your cloud servers as you secure

internal servers

– IDS/IPS, DLP tools

– bi-directional firewall

– Encryption

Vital to understand how much network monitoring and

access your provider allows

Encryption of data is important

Accelerated speed in which servers are created in the

private cloud

Must be properly managed by IT

Copyright 2011 Trend Micro Inc.

Securing the Cloud Successfully

Trend Micro Confidential 7/25/2011

network traffic

customers are clear on security features

security policies

Enterprises

Cloud providers

Private cloud

environments

Store encryption keys in a separate location

Deploy all security tool in the cloud

Not accessible to the cloud provider

Be transparent regarding…

Clarify SLAs so…

Create a central authorization process

Be prepared

procedures

Copyright 2011 Trend Micro Inc.

Thank you

Trend Micro Confidential 7/25/2011 13

To read more on Securing Your Journey to the Cloud, visit www.cloudjourney.com