spr203 : cloud security is a shared responsibility
TRANSCRIPT
![Page 1: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/1.jpg)
Cloud Security is a Shared Responsibility
Allan MacPhee, Trend Micro
November 28, 2012
![Page 2: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/2.jpg)
Agenda
• Security and the cloud
• Who is responsible for cloud security?
• How is security in the cloud different?
• Trend Micro securing your journey to the cloud
• Best practices & recommendations
![Page 3: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/3.jpg)
Cloud customer adoption survey …
Source: Ponemon – Security of cloud computing providers
10 / 11 concerns raised were related to security
Data protection was the
#1 concern
![Page 4: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/4.jpg)
What customers tell us …
• Data sovereignty – Concerns over ownership of data
• Who owns the data? customer, provider, government?
• Data privacy concerns > other tenants, attacks against my data …
– Will my data leave the country?
– If I terminate a cloud server, do copies of my data still exist in the cloud?
– US Patriot Act
• Could USA law enforcement gain access to my systems and data?
![Page 5: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/5.jpg)
What customers tell us …
• Multi-tenancy Concerns – Risk of configuration errors leading to data exposure
– How can I protect my cloud servers from attack?
– Will I even know my cloud servers are being attacked?
• Compliance – How can I use the cloud and still meet internal and external compliance
requirements?
– Who is responsible for cloud security?
![Page 6: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/6.jpg)
Who is responsible for cloud security?
Source: Ponemon – Security of cloud computing providers
![Page 7: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/7.jpg)
So what is your CSP responsible for?
• CSP responsibilities 1. Physical security
2. Personnel security
3. Infrastructure security
4. Operational security
• Certification of the service offering x SAS 70/SSAE 16 Type 1 SOC 1
SSAE 16 Type 2 SOC 1
PCI DSS Service Provider certification
![Page 8: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/8.jpg)
Why AWS is a good choice …
Certifications Publishes a Service Organization Controls 1 (SOC1), Type 2
report
Registered with CSA Security, Trust & Assurance Registry (STAR)
Level 1 validated service provider under the PCI DSS
Service – EC2,VPC, dedicated instances and GovCloud offerings
– Advanced authentication services: MFA, IAM roles, roles for EC2
– Allows penetration tests per PCI DSS v2.0 requirements
![Page 9: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/9.jpg)
As a customer, what are my responsibilities?
• Protect instances from being compromised
– Security principles don’t change
Cloud Servers require protection
Data confidentiality
The Need Preferred Security Control
Block OS & App vulnerability exploits Patching & vulnerability shielding
Block malicious software Anti-malware
Control server communication Firewall & Web Reputation Services
Detect suspicious network traffic IDS/IPS Deep Packet Inspection
Detect unauthorized system changes Integrity Monitoring
Encryption
• How security works in the cloud is drastically different!
![Page 10: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/10.jpg)
Instance Location
Challenge:
• Understanding where servers are running
• How to verify that it is a server you own and trust is
attempting to access sensitive data
Security requirement:
• Awareness that servers are running in the cloud for starters!
• Confirm the identity & location of servers running in the cloud
• Detect and block access from rogue servers
• Apply the appropriate security controls based upon location
![Page 11: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/11.jpg)
Scale & Automation
Challenge:
• Cloud applications dynamically scale up & down as
capacity requirements change
Security requirement:
• Automate protection of new instances w/o requiring
administrative actions
• Gracefully deal with instances that have been terminated,
avoid “orphaned servers”
• Integrate and support cloud management tools such as
RightScale, Chef, Puppet, et.
![Page 12: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/12.jpg)
Cloud Compatibility
Challenge:
• Supporting large scale, distributed and even distinct
cloud environments or vendors
Security requirement:
• Security that is intelligent and flexible to deal with
– Multiple environments & AWS regions /AZ’s
– Non-persistent IP addresses & host names
– Firewall routing, VPCs, private/public IP’s, ELBs, etc.
– Storage options: ephemeral, EBS, AWS storage
gateways, S3, RDS
![Page 13: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/13.jpg)
Trend Micro Global 500 Penetration
Trend Micro protects
100% of the top 10
automotive companies.
Trend Micro protects
96% of the top 50
global corporations.
Trend Micro protects
100% of the top 10
telecom companies.
Trend Micro protects
80% of the top
10 banks.
Trend Micro protects
90% of the top
10 oil companies.
In calculating the above data, the percentage use of Trend Micro products include usage by parent
companies and/or usage by any of their subsidiaries of any Trend Micro product or service.
Source: http://money.cnn.com/magazines/fortune/global500/2011/index.html
• 48 of the top 50 Global Corporations
• 10 of the top 10 Automotive companies
• 10 of the top 10 Telecom companies
• 8 of the top 10 Banks
• 9 of the top 10 Oil companies
Trust Trend Micro security solutions*
12/6/2012 13
![Page 14: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/14.jpg)
Securing the cloud with Trend Micro
12/6/2012 14 Confidential | Copyright 2012 Trend Micro Inc.
Optimized for AWS
• AWS Inventory
synchronization
• Multi-tenant support
• AWS cloud encryption
• RightScale, Chef, Puppet
automation scripts
• Location awareness
• Support compliance
requirements (PCI, HIPAA)
![Page 15: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/15.jpg)
Deep Security Demo
![Page 16: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/16.jpg)
Best Practices & Recommendations
![Page 17: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/17.jpg)
Be proactive & create a cloud plan
• Interview LOB’s to understand their needs and
expectations
• Identify services / application cloud candidates
• Plan for the worst case
• Think of security as an enabler
• Don’t say No, say how?
![Page 18: SPR203 : Cloud Security is a Shared Responsibility](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7858f1a28ab96188b4582/html5/thumbnails/18.jpg)
Thank You
Questions?