SlideShare ist ein Scribd-Unternehmen logo

Rik Ferguson

C
CloudExpoEurope

Addressing the new security challenges posed by virtualisation & cloud computing - Rik Ferguson, Senior Security Advisor, Trend Micro

Technologie
1 von 20
Addressing the new security challenges posed by virtualisation & cloud computing Rik Ferguson • Senior Security Advisor
A working definition of Cloud Computing Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. National Institute of Standards & Technology (NIST), USA 5 Key Cloud Characteristics ,[object Object]
Ubiquitous network access
Location independent resource pooling
Rapid elasticity
Pay per use,[object Object]
Security: the #1 Cloud Challenge
Who Has Control? Servers Virtualization & Private Cloud Public Cloud PaaS Public Cloud IaaS Public Cloud SaaS End-User (Enterprise) Service Provider
Amazon Web Services™Customer Agreement 7.2. Security. We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet. Accordingly, without limitation to Section 4.3 above and Section 11.5 below, you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications. We strongly encourage you, where available and appropriate, to (a) use encryption technology to protect Your Content from unauthorized access, (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications. http://aws.amazon.com/agreement/#7 (3 March 2010) The cloud customer has responsibility for security and needs to plan for protection.
The Evolving Datacentre Stage 1 Consolidation Stage 2 Expansion & Desktop Stage 3 Private > Public Cloud Cost-efficiency  + Quality of Service  + Business Agility  Servers 85% 70% 30% Virtualization Adoption Rate Desktops 15% Datacentres are evolving to drive down costs and increase business flexibility
Security Challenges in the Cloud Stage 1 Consolidation Stage 2 Expansion & Desktop Stage 3 Private > Public Cloud Cost-efficiency  + Quality of Service  + Business Agility  Servers 85% 70% 30% Virtualization Adoption Rate Desktops Inter-VM attacksInstant-ON gapsMixed Trust Level VMsResource ContentionMaintaining ComplianceService Provider (in)SecurityMulti-tenancy 15% Inter-VM attacksInstant-ON gapsMixed Trust Level VMsResource ContentionMaintaining Compliance Inter-VM attacksInstant-ON gaps
The Enterprise Cloud Conundrum:The Cloud is Fantastic, but… How can I maintain control of my data in the cloud? What if I want to change cloud vendors? How can I verify my data is “destroyed” when terminating a service provider? What happens if my service provider goes out of business? How can I comply with security best practices, internal governance and compliance rules in the cloud? How can I guarantee only I have access to my data?
Challenges for Public Cloud Multiple customers on one physical server – potential for attacks via the hypervisor Shared network inside the firewall Internet Shared Storage Shared Firewall Shared firewall – Lowest common denominator – less fine grained control Easily copied machine images – who else has your server? Shared storage – is customer segmentation secure against attack? Virtual Servers
Data Security Challenges in the Cloud Encryption rarely used: - Who can see your information? Storage volumes and servers are mobile: - Where is your data? Has it moved? Rogue servers might access data: - Who is attaching to your storage? Audit and alerting modules lacking: - What happened when you weren’t looking? Encryption keys tied to vendor: - Are you locked into a single security solution? Who has access to your keys? Storage volumes contain residual data: - Are your storage devices recycled securely? Name: John Doe SSN: 425-79-0053 Visa #: 4456-8732… Name: John Doe SSN: 425-79-0053 Visa #: 4456-8732… 11 Classification 2/7/2011
Physical layer Could retool New Shared Storage systems Designed to segment multiple hostile tenants Dynamic firewall policies Different and flexible for every customer Strongly segmented networks Hardened switches that can’t be hacked from the inside
The security arms race Existing infrastructure hits EOL too early Every customer wants to inspect and audit They have to for their compliance Always someone demanding the latest security feature More frequent swap out cycle Lower ROI Need permission from every customer to make a change Your kit has become part of their security audit You end up stuck in an impossible position where you make less money and still can’t keep the customers happy
Logical Layer Customer has responsibility for their data Give them a solution to help them deliver on that Let them segment their data Away from other customers (may be the bad guy) Away from you (don’t inherit a liability) Look for something that runs on top of any hardware You run your own swap out programmes without interference
Challenge of Securing Data Datacenter Public Cloud Perimeter Company 1 Company 2 Company 3 Company 4 Company 5 Company n App 1 App 2 App 3 … App 2 App 1 App 3 App 4 App 5 App n Hypervisor Hypervisor Strong perimeter security No shared CPU No shared network No shared storage Weak perimeter security Shared CPU Shared network Shared storage Traditional “outside-in” approach is inadequate in an “inside-out” cloud world full of strangers
Protection at the OS levelServer & application protection for: PHYSICAL VIRTUAL & PRIVATE CLOUD PUBLIC CLOUD Deep Packet Inspection Firewall Integrity Monitoring Log Inspection Malware Protection IDS / IPS Web App. Protection Application Control
Protection at the Data LevelEncryption designed to secure the cloud Cloud Service Provider Enterprise Datacenter or SaaS Offering VM CorporateApp Hypervisor Enterprise Key SharedStorage Cloud SecurityConsole MyEnterprise Data

Empfohlen

Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud securityDavid De Vos
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)أحلام انصارى
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
Secaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidanceSecaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidancedrewz lin
 
Virtualization security for the cloud computing technology
Virtualization security for the cloud computing technologyVirtualization security for the cloud computing technology
Virtualization security for the cloud computing technologyDeep Ranjan Deb
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - KloudlearnKloudLearn
 

Empfohlen

Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud securityDavid De Vos
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)أحلام انصارى
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
Secaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidanceSecaa s cat_10_network_security_implementation_guidance
Secaa s cat_10_network_security_implementation_guidancedrewz lin
 
Virtualization security for the cloud computing technology
Virtualization security for the cloud computing technologyVirtualization security for the cloud computing technology
Virtualization security for the cloud computing technologyDeep Ranjan Deb
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - KloudlearnKloudLearn
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Can Cloud Solutions Transform Network Security
Can Cloud Solutions Transform Network SecurityCan Cloud Solutions Transform Network Security
Can Cloud Solutions Transform Network SecurityEC-Council
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCarlos Andrés García
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataProcore Technologies
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYMaganathin Veeraragaloo
 
Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2rpark31
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksAkram Qureshi
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelVishal Sharma
 
Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicrodvmug1
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate BrochureQualys
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewAllessandra Negri
 
Qualys Brochure for CISOs
Qualys Brochure for CISOsQualys Brochure for CISOs
Qualys Brochure for CISOsQualys
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceGeorge Fares
 
CCI Brochure
CCI BrochureCCI Brochure
CCI BrochureCCIRealEstate
 
It’s for your health nutrition
It’s for your health nutritionIt’s for your health nutrition
It’s for your health nutritionJodi Dingman
 
CCI Brochure
CCI BrochureCCI Brochure
CCI BrochureCCIRealEstate
 

Weitere ähnliche Inhalte

Was ist angesagt?

Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Can Cloud Solutions Transform Network Security
Can Cloud Solutions Transform Network SecurityCan Cloud Solutions Transform Network Security
Can Cloud Solutions Transform Network SecurityEC-Council
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCarlos Andrés García
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataProcore Technologies
 
Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2rpark31
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksAkram Qureshi
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelVishal Sharma
 
Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicrodvmug1
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate BrochureQualys
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISERobb Boyd
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewAllessandra Negri
 
Qualys Brochure for CISOs
Qualys Brochure for CISOsQualys Brochure for CISOs
Qualys Brochure for CISOsQualys
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceGeorge Fares
 

Was ist angesagt? (19)

Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud Environment
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Can Cloud Solutions Transform Network Security
Can Cloud Solutions Transform Network SecurityCan Cloud Solutions Transform Network Security
Can Cloud Solutions Transform Network Security
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New Reality
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2Security automation in virtual and cloud environments v2
Security automation in virtual and cloud environments v2
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacks
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. Model
 
Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicro
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate Brochure
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISE
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overview
 
Qualys Brochure for CISOs
Qualys Brochure for CISOsQualys Brochure for CISOs
Qualys Brochure for CISOs
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 

Andere mochten auch

It’s for your health nutrition
It’s for your health nutritionIt’s for your health nutrition
It’s for your health nutritionJodi Dingman
 
Presentyxa
PresentyxaPresentyxa
Presentyxababbetic
 
Understanding Brand
Understanding BrandUnderstanding Brand
Understanding Brandmanumaxnanda
 
Learning to Build Distributed Systems the Hard Way
Learning to Build Distributed Systems the Hard WayLearning to Build Distributed Systems the Hard Way
Learning to Build Distributed Systems the Hard WayTheo Hultberg
 
พนักงานราชการ กศน
พนักงานราชการ กศนพนักงานราชการ กศน
พนักงานราชการ กศนPaweena Kumpor
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 

Andere mochten auch (9)

CCI Brochure
CCI BrochureCCI Brochure
CCI Brochure
 
It’s for your health nutrition
It’s for your health nutritionIt’s for your health nutrition
It’s for your health nutrition
 
CCI Brochure
CCI BrochureCCI Brochure
CCI Brochure
 
Mundo In tacto
Mundo In tactoMundo In tacto
Mundo In tacto
 
Presentyxa
PresentyxaPresentyxa
Presentyxa
 
Understanding Brand
Understanding BrandUnderstanding Brand
Understanding Brand
 
Learning to Build Distributed Systems the Hard Way
Learning to Build Distributed Systems the Hard WayLearning to Build Distributed Systems the Hard Way
Learning to Build Distributed Systems the Hard Way
 
พนักงานราชการ กศน
พนักงานราชการ กศนพนักงานราชการ กศน
พนักงานราชการ กศน
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 

Ähnlich wie Rik Ferguson

Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicrodvmug1
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera Technologies
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingAmazon Web Services
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigmfanc1985
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and servicesJas Preet
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Steve Porter : cloud Computing Security
Steve Porter : cloud Computing SecuritySteve Porter : cloud Computing Security
Steve Porter : cloud Computing SecurityGurbir Singh
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfCiente
 
MT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportMT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportDell EMC World
 

Ähnlich wie Rik Ferguson (20)

Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?
 
Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicro
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and services
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Steve Porter : cloud Computing Security
Steve Porter : cloud Computing SecuritySteve Porter : cloud Computing Security
Steve Porter : cloud Computing Security
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the Cloud
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the Cloud
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
MT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportMT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT Support
 

Mehr von CloudExpoEurope

Data storage for the cloud ce11
Data storage for the cloud ce11Data storage for the cloud ce11
Data storage for the cloud ce11CloudExpoEurope
 
Peter judge - Is the Cloud Green?
Peter judge - Is the Cloud Green?Peter judge - Is the Cloud Green?
Peter judge - Is the Cloud Green?CloudExpoEurope
 
J miller cloud expo europe 3 feb 11
J miller cloud expo europe 3 feb 11J miller cloud expo europe 3 feb 11
J miller cloud expo europe 3 feb 11CloudExpoEurope
 
David king logica - cloud expo europe 2011 public
David king logica - cloud expo europe 2011 publicDavid king logica - cloud expo europe 2011 public
David king logica - cloud expo europe 2011 publicCloudExpoEurope
 
Steps to the cloud 080211 claranet
Steps to the cloud 080211 claranetSteps to the cloud 080211 claranet
Steps to the cloud 080211 claranetCloudExpoEurope
 
Constantino vazquez open nebula cloud case studies
Constantino vazquez open nebula cloud case studiesConstantino vazquez open nebula cloud case studies
Constantino vazquez open nebula cloud case studiesCloudExpoEurope
 
U share soft-eurocloud-040211
U share soft-eurocloud-040211U share soft-eurocloud-040211
U share soft-eurocloud-040211CloudExpoEurope
 
Parting the mists of cloud computing 030211 print
Parting the mists of cloud computing 030211 printParting the mists of cloud computing 030211 print
Parting the mists of cloud computing 030211 printCloudExpoEurope
 
Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1CloudExpoEurope
 
Cloud expo John Darlington - Imperial College
Cloud expo John Darlington - Imperial CollegeCloud expo John Darlington - Imperial College
Cloud expo John Darlington - Imperial CollegeCloudExpoEurope
 
Open source engagement – best practices_v0.5
Open source engagement – best practices_v0.5Open source engagement – best practices_v0.5
Open source engagement – best practices_v0.5CloudExpoEurope
 

Mehr von CloudExpoEurope (18)

VMwareAidan Dalgleish
VMwareAidan DalgleishVMwareAidan Dalgleish
VMwareAidan Dalgleish
 
Data storage for the cloud ce11
Data storage for the cloud ce11Data storage for the cloud ce11
Data storage for the cloud ce11
 
Peter judge - Is the Cloud Green?
Peter judge - Is the Cloud Green?Peter judge - Is the Cloud Green?
Peter judge - Is the Cloud Green?
 
J miller cloud expo europe 3 feb 11
J miller cloud expo europe 3 feb 11J miller cloud expo europe 3 feb 11
J miller cloud expo europe 3 feb 11
 
David king logica - cloud expo europe 2011 public
David king logica - cloud expo europe 2011 publicDavid king logica - cloud expo europe 2011 public
David king logica - cloud expo europe 2011 public
 
Cloud expo emer coleman
Cloud expo emer colemanCloud expo emer coleman
Cloud expo emer coleman
 
Steps to the cloud 080211 claranet
Steps to the cloud 080211 claranetSteps to the cloud 080211 claranet
Steps to the cloud 080211 claranet
 
Armangil presentation
Armangil presentationArmangil presentation
Armangil presentation
 
On app Ditlev Bredahl
On app Ditlev BredahlOn app Ditlev Bredahl
On app Ditlev Bredahl
 
On app Carlos Rego
On app Carlos RegoOn app Carlos Rego
On app Carlos Rego
 
Ow2
Ow2Ow2
Ow2
 
Constantino vazquez open nebula cloud case studies
Constantino vazquez open nebula cloud case studiesConstantino vazquez open nebula cloud case studies
Constantino vazquez open nebula cloud case studies
 
U share soft-eurocloud-040211
U share soft-eurocloud-040211U share soft-eurocloud-040211
U share soft-eurocloud-040211
 
Parting the mists of cloud computing 030211 print
Parting the mists of cloud computing 030211 printParting the mists of cloud computing 030211 print
Parting the mists of cloud computing 030211 print
 
Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1Cloud security and cyber security v 3.1
Cloud security and cyber security v 3.1
 
Cloud expo John Darlington - Imperial College
Cloud expo John Darlington - Imperial CollegeCloud expo John Darlington - Imperial College
Cloud expo John Darlington - Imperial College
 
Open source engagement – best practices_v0.5
Open source engagement – best practices_v0.5Open source engagement – best practices_v0.5
Open source engagement – best practices_v0.5
 
Cee holding
Cee holdingCee holding
Cee holding
 

Kürzlich hochgeladen

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 

Kürzlich hochgeladen (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 

Rik Ferguson

  • 1. Addressing the new security challenges posed by virtualisation & cloud computing Rik Ferguson • Senior Security Advisor
  • 2.
  • 6.
  • 7. Security: the #1 Cloud Challenge
  • 8. Who Has Control? Servers Virtualization & Private Cloud Public Cloud PaaS Public Cloud IaaS Public Cloud SaaS End-User (Enterprise) Service Provider
  • 9. Amazon Web Services™Customer Agreement 7.2. Security. We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet. Accordingly, without limitation to Section 4.3 above and Section 11.5 below, you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications. We strongly encourage you, where available and appropriate, to (a) use encryption technology to protect Your Content from unauthorized access, (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications. http://aws.amazon.com/agreement/#7 (3 March 2010) The cloud customer has responsibility for security and needs to plan for protection.
  • 10. The Evolving Datacentre Stage 1 Consolidation Stage 2 Expansion & Desktop Stage 3 Private > Public Cloud Cost-efficiency  + Quality of Service  + Business Agility  Servers 85% 70% 30% Virtualization Adoption Rate Desktops 15% Datacentres are evolving to drive down costs and increase business flexibility
  • 11. Security Challenges in the Cloud Stage 1 Consolidation Stage 2 Expansion & Desktop Stage 3 Private > Public Cloud Cost-efficiency  + Quality of Service  + Business Agility  Servers 85% 70% 30% Virtualization Adoption Rate Desktops Inter-VM attacksInstant-ON gapsMixed Trust Level VMsResource ContentionMaintaining ComplianceService Provider (in)SecurityMulti-tenancy 15% Inter-VM attacksInstant-ON gapsMixed Trust Level VMsResource ContentionMaintaining Compliance Inter-VM attacksInstant-ON gaps
  • 12. The Enterprise Cloud Conundrum:The Cloud is Fantastic, but… How can I maintain control of my data in the cloud? What if I want to change cloud vendors? How can I verify my data is “destroyed” when terminating a service provider? What happens if my service provider goes out of business? How can I comply with security best practices, internal governance and compliance rules in the cloud? How can I guarantee only I have access to my data?
  • 13. Challenges for Public Cloud Multiple customers on one physical server – potential for attacks via the hypervisor Shared network inside the firewall Internet Shared Storage Shared Firewall Shared firewall – Lowest common denominator – less fine grained control Easily copied machine images – who else has your server? Shared storage – is customer segmentation secure against attack? Virtual Servers
  • 14. Data Security Challenges in the Cloud Encryption rarely used: - Who can see your information? Storage volumes and servers are mobile: - Where is your data? Has it moved? Rogue servers might access data: - Who is attaching to your storage? Audit and alerting modules lacking: - What happened when you weren’t looking? Encryption keys tied to vendor: - Are you locked into a single security solution? Who has access to your keys? Storage volumes contain residual data: - Are your storage devices recycled securely? Name: John Doe SSN: 425-79-0053 Visa #: 4456-8732… Name: John Doe SSN: 425-79-0053 Visa #: 4456-8732… 11 Classification 2/7/2011
  • 15. Physical layer Could retool New Shared Storage systems Designed to segment multiple hostile tenants Dynamic firewall policies Different and flexible for every customer Strongly segmented networks Hardened switches that can’t be hacked from the inside
  • 16. The security arms race Existing infrastructure hits EOL too early Every customer wants to inspect and audit They have to for their compliance Always someone demanding the latest security feature More frequent swap out cycle Lower ROI Need permission from every customer to make a change Your kit has become part of their security audit You end up stuck in an impossible position where you make less money and still can’t keep the customers happy
  • 17. Logical Layer Customer has responsibility for their data Give them a solution to help them deliver on that Let them segment their data Away from other customers (may be the bad guy) Away from you (don’t inherit a liability) Look for something that runs on top of any hardware You run your own swap out programmes without interference
  • 18. Challenge of Securing Data Datacenter Public Cloud Perimeter Company 1 Company 2 Company 3 Company 4 Company 5 Company n App 1 App 2 App 3 … App 2 App 1 App 3 App 4 App 5 App n Hypervisor Hypervisor Strong perimeter security No shared CPU No shared network No shared storage Weak perimeter security Shared CPU Shared network Shared storage Traditional “outside-in” approach is inadequate in an “inside-out” cloud world full of strangers
  • 19. Protection at the OS levelServer & application protection for: PHYSICAL VIRTUAL & PRIVATE CLOUD PUBLIC CLOUD Deep Packet Inspection Firewall Integrity Monitoring Log Inspection Malware Protection IDS / IPS Web App. Protection Application Control
  • 20. Protection at the Data LevelEncryption designed to secure the cloud Cloud Service Provider Enterprise Datacenter or SaaS Offering VM CorporateApp Hypervisor Enterprise Key SharedStorage Cloud SecurityConsole MyEnterprise Data
  • 21. Protection Coverage Data at rest Encrypted while stored Data in motion Encrypted on internal network Encrypted while passing through hypervisor Data in use Data must ultimately be decrypted at the point of use SecureCloud ensures that happens in a secure way
  • 22. Challenges for Public Cloud:The Private Security Answer Multiple customers on one physical server – potential for attacks via the hypervisor Shared network inside the firewall Doesn’t matter – the edge of my virtual machine is protected Doesn’t matter – treat the LAN as public Internet Shared Storage Shared Firewall Shared firewall – Lowest common denominator – less fine grained control Shared storage – is customer segmentation secure against attack? Easily copied machine images – who else has your server? Virtual Servers Doesn’t matter – They can start my server but only I can unlock my data Doesn’t matter – My data is encrypted Doesn’t matter – treat the LAN as public

Hinweis der Redaktion

  1. This is a depiction of a customer’s typical virtualization journey put together by Vmware.In stage 1, orgs have begun virtualization all of their low hanging fruit – web servers, file and print servers, some app servers, and begun to realize the hardware consolidation and operational mgmt benefits that result in lower CAPX and OPEX costs.In stage 2, they have begun virtualizing more of their tier 1 apps and mission critical servers now. They are also leveraging some of the more advanced capabilities of virtualization such as automatic live migration, disaster recovery and software fault tolerance. Many stage 2 orgs have also started deploying virtual desktops as well.Benefits in stage 2 are even more cost efficiencies plus also higher QoS from the higher level virtualization capabilities.In stage 3, organizations have started leveraging private and public clouds. The IT dept has transformed itself into acting as a service provider with charge-back type processes where consumers of IT are in effect renting computing space and time from IT. Benefits are further cost efficiencies, QoS and faster business agility.If we now look at security and how it impacts the virtualization journey:As organizations move to stage 1, they typically employ the same technologies and processes as they did in the virtual world. Forrester survey data showed that 88% of N.A. orgs did have a SPECIFIC virtualization security strategy in place. As they move to stage 2, security starts playing more of a dampening role.A CDW study showed that the majority of organizations that considered themselves fully deployed with virtualization had only virtualized a 3rd of their servers. When asked why they stopped virtualizing, security was the primary barrier. (Other barriers were ISV support, performance concerns etc.)As orgs considered their move to stage 3, security was top of mind – IDC survey data shows that it is the #1 issue why orgs will not move to the cloud.