Copyright 2009 Trend Micro Inc.Classification 11/3/10 1

Andy Dancer

CTO – Trend Micro, EMEA

Virtualisation and Cloud:New security for a new era

Copyright 2009 Trend Micro Inc.

The Evolving DatacenterLowering Costs, Increasing Flexibility

Classification 11/3/10 18

Physical

Servers virtualized in scalable, shared, automated & elastic environment

Private Cloud

Public Cloud

Select enterprise applications in public cloud

Virtual

Servers virtualized with minimal changes to datacenter processes

Traditional datacenter

Security Challenges

Copyright 2009 Trend Micro Inc.

Resource contention

Typical AV Console

3:00am Scan

Security Inhibitors to Virtualization

1

Copyright 2009 Trend Micro Inc.

Active

Dormant

Reactivated without-of-date security

Instant-on gaps2

New VMs

Security Inhibitors to Virtualization

Copyright 2009 Trend Micro Inc.

Patch agents

Rollout patterns

Provisioning new VMs

Complexity of Management3

Reconfiguring agents

Security Inhibitors to Virtualization

Copyright 2009 Trend Micro Inc.

DeepSecurity – A coordinated approach

Hypervisor

Securit

y VM

Deep Packet Inspection

Firewall

Anti Virus

Log Inspection

Integrity Monitoring

Also works

for VDI

Copyright 2009 Trend Micro Inc.

Control vs Responsibility?

Servers Virtualization & Private Cloud

Public CloudPaaS

Public CloudIaaS

Public CloudSaaS

21

%

En

terp

rise

Responsibility

Control Gap

Copyright 2009 Trend Micro Inc.

Amazon Web Services™ Customer Agreement

35

7.2. Security. We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet. Accordingly, without limitation to Section 4.3 above and Section 11.5 below, you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications. We strongly encourage you, where available and appropriate, to (a) use encryption technology to protect Your Content from unauthorized access, (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications.

http://aws.amazon.com/agreement/#7 (3 March 2010)

The cloud customer has responsibility for security and needs to plan for protection.

SharedStorage

SecureCloud: Enterprise Controlled Data Protection for the Cloud

Enterprise Datacenter or SaaS Offering

Patent pending Trend Micro technology enables enterprises to retain control of data in the cloud

Enterprise Key

Hypervisor

VM

Cloud Service Provider

MyEnterprise

Data

Trend MicroCloud

SecurityConsole

1 DeepSecurity creates a secure shell within which it is safe to process sensitive data

2. All data is encrypted before it leaves the secure shell

3. The encryption keys are controlled by the data owner, not the cloud service provider

Copyright 2009 Trend Micro Inc.

A New Model for Security – Securing the Computing Chain

All environments should be considered un-trusted

Users access

app

Image ensures data is always encrypted and

managed

Host defends itself from attack

Encrypted Data

Encryption keys controlled by data owner

When this whole chain is secure:

• Components can move• Shared ROI goes up• Location doesn’t matter• Virtual “neighbours” don’t matter