skip the security slow lane with vmware cloud on aws
Post on 21-Jan-2018
553 Views
Preview:
TRANSCRIPT
Bryan Webster, Principal Architect, Trend MicroDharmesh Chovatia, Cap Gemini
SAI3316BUS
VMworld #SAI3316BUS
Skip the Security Slow Lane with VMware Cloud on AWS
• This presentation may contain product features that are currently under development.• This overview of new technology represents no commitment from VMware to deliver these
features in any generally available product.• Features are subject to change, and must not be included in contracts, purchase orders, or
sales agreements of any kind.• Technical feasibility and market demand will affect final delivery.• Pricing and packaging for any new technologies or features discussed or presented have not
been determined.
Disclaimer
2#SAI3316BUS CONFIDENTIAL
Who’s driving this train?
Technology budgets shifting from IT to Business Units
4
Need to move code quickly from dev to production
IT seen as reducing business speed
IT
#SAI3316BUS CONFIDENTIAL
Why do we care?
Security teams blinded to environment specific risks
7
Loss of consolidated audit and logging capabilities
Inability to leverage targeted efficiency in teams
#SAI3316BUS CONFIDENTIAL
Challenges bringing hybrid to reality
Visibility
9
Inconsistent tooling Industry and business experience
#SAI3316BUS CONFIDENTIAL
Who is Capgemini
17
As a Leader in the Gartner Magic Quadrantfor SAP Implementation Services, Worldwide. (July 2015)*See disclaimer
In the Leaders category in The Forrester Wave™: Global Infrastructure Outsourcing Wave™, Q1 2015. (Jan 2015)
In the Leaders category in The Forrester Wave™:Salesforce.com Implementation Partners in 2015 (June 2015)
As a Leader in IDC MarketScape: Worldwide Application Modernization Services for Digital Transformation Vendor Assessment (Dec. 2015)
2015 2016As a Leaderin The Forrester Wave ™: Services Providers For Next-Generation SAP Products, Q1 2016
In the Leaders category applicationin The Forrester Wave™: Services Providers for Next-Generation Oracle projects, Q3 2016
As a Major Playerin the IDC MarketScape: Worldwide Business Analytics Consulting and Systems Integration Services 2016 Vendor Assessment (Apr 2016)
As a Major Playerin the IDC MarketScape: Worldwide Big Data Consulting and Systems Integration Services 2016 Vendor Assessment (May 2016)
As a Major Playerin the IDC MarketScape on Digital Strategy Consulting in 2016 for Worldwide, North America, EMEA and Asia Pacific (May 2016)
Diversified and Robust
Financial Performance
Consistently Recognized as
a Market Leader
Revenue by Industry
11%
26%
17%4%
19%
7%
16%Energy, Utilities and Chemicals
Financial Services
Public Sector
Telecom, Media & Entertainment
Consumer Products,Retail, Distribution & Transportation
Manufacturing, Automotive& Life Sciences
Others
2016 Operating Margin
$1.59 billion
2016 Operating Profit
$1.27billion
2016 Revenue
$13.8billion
#SAI3316BUS CONFIDENTIAL
Capgemini Infrastructure, Cloud and Cybersecurity Managed Services
18
End-to-end cloud services portfolio
• Cloud strategy and advisory• Cloud migration and hybrid cloud managed services• Cloud native development and integration• Private cloud hosting and transformation
Industrialized, proven assets to accelerate timeline• Capgemini Application Profiler
• Cloud migration factory (CMF)
• Capgemini Cloud Managed Services (CCMS)
• Infrastructure Monitoring Operations Center (IMOCTM)
Comprehensive cybersecurity approach
Global Presence• State-of-the-art GSOCs for security monitoring & protection
• End-to-end cybersecurity consulting
#SAI3316BUS CONFIDENTIAL
Problem we were trying to Solve
19
• Cloud changes the security monitoring and protection.
• There are no facilities to deploy a Network based IDS/IPS.
• Perimeter security is typically at L4, unless expensive security virtual appliances are deployed
• Non-Standard and non-uniform security configurations between cloud vendors.
• Workloads are scalable and variable.• Cloud vendors have security control as part of
the platform and integration is often via an API.• Cloud vendors protect underneath infrastructure
but virtual resources are customers’ responsibility.
Traditional Security Tiers
#SAI3316BUS CONFIDENTIAL
Cloud Security Model with Trend
Hypervisor
Compute Storage Networking
Bare Metal Infrastructure
Client-side Data Encryption & Data Integrity Authentication
Server-side Encryption (File System and/or Data)
Network Traffic Protection(Encryption/Integrity/Identity)
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer Data
Clo
ud P
rovi
der
Cap
gem
ini
§ DDoS (Distributed Denial of Service): § Standard Mitigation Technique in effect
§ MITM (Man in the Middle)§ API Endpoints protected by SSL
§ IP Spoofing:§ Prohibited at instance level
§ Unauthorized Port Scanning:§ Violation of TOS§ Detected, stopped and blocked§ Inbound ports are blocked by default
§ Packet Sniffing§ Promiscuous Mode is ineffective
Clo
ud V
endo
rBu
ilt-in
Sec
tool
s
Inst
ance
Prot
ectio
nsSe
c to
ols
#SAI3316BUS CONFIDENTIAL
Modules in Deep Security
21
NetworkSecurity
Firewall Vulnerability Scanning
Intrusion Prevention
Stop network attacks, shield vulnerable applications & servers
Anti-Malware
Sandbox Analysis
MalwarePrevention
Stop malware & targeted attacks
Behavioral Analysis & Machine Learning(2H/17)
SystemSecurity
Lock down systems & detect suspicious activity
Application Control
Integrity Monitoring
Log Inspection
#SAI3316BUS CONFIDENTIAL
As your digital transformation continues…
• Look for capabilities and design patterns to give you the greatest uniform visibility across the enterprise
• Enterprise Transformation in cloud is an opportunity to consolidate tooling and reduce the impact of:– Personnel training and context switching– Overhead on compute resources from too many agents– Server platforms, databases, and consoles to maintain
• Build hybrid teams for hybrid infrastructure• Transformation doesn’t have to stop at technologies
– Transform IT from the org perceived as innovation crushing to enabler– Deliver capabilities to platform teams and let them focus on their business– Leverage existing expertise to build your hybrid infrastructure
24#SAI3316BUS CONFIDENTIAL
Always more to learn…
• …. and we can’t wait to learn from all of you.
• Please come tell us about your hybrid journey at Booth #610
• and see what else we’ve learned from you on the web at
• https://www.trendmicro.com/vmware/cloud/
25
top related