The Journey to the Cloud Security · AWS foundation services compute storage database networking...

www.cloudsec.com | #CLOUDSEC

The Journey to the Cloud Security

박상현

Trend Micro

CSA Korea Chapter Co-Chair

#CLOUDSEC

2015201420132012

#CLOUDSEC

Cloud Adoption Barrier

Source: CSA/SKYhigh 2016

#CLOUDSEC

Community efforts toward Cloud

Service Provider

Shared Responsibility Model

Standardization Organization

Security Alliance

Government

NIST

CSACSA Korea

클라우드발전법

KISANSR

Cloud User

한국클라우드산업협회

한국클라우드보안협회

ISO

FedRAMP

#CLOUDSEC

Cloud Provider’s min. requirement

#CLOUDSEC

Long journey to the Cloud

“공공클라우드가사내데이터센터보다더안전…..”

#CLOUDSEC

No worry on security “of” the CloudAWS foundation services

compute storage database networking

AWS global infrastructure

regions

Availability Zones

edge locations

AWS takes care

of the security

of the cloud

#CLOUDSEC

Cloud Adoption continues to rise

■ A few organizations now cloud-only

■ Most cloud-first or shifting to a cloud-

first mentality

■ Rate of adoption continues to grow

rapidly across all industries

most organizations have deployed at least one cloud app

Source: CloudSecurityAlliance / Bitglass 2016

#CLOUDSEC

Cloud Adoption is about to take off

Source: SingTel/CloudSec Singapore 2016

#CLOUDSEC

•

•

•

•

•

•

•

•

•

•

•

•

aws.amazon.com/compliance

Cloud providers deliver a

secure infrastructure.

But YOU need to protect

what you put IN the cloud

— your workloads.

Shared responsibility

#CLOUDSEC

Computing Evolution

Source: SingTel/CloudSec Singapore2016

How about Security adaptation?

변화 전(Before)

Firewall IPS Load

Balancer

Web

TierApp

Tier

DB

Tier

On-premises

S3

DynamoDB

RDS

…

변화 후(After)

Firewall IPS

AWS

Web

Tier

on

EC2

App

Tier

on

EC2

Elastic

Load

Balancer

VPC

&

Security

Groups

Load

Balancer

DB

TierWeb

TierApp

Tier

IAM CloudTrail

#CLOUDSEC

Data Volume S3 BucketEBS Snapshot

Web Server

APPServer

DBServer

Security Group

Availability Zone

Web Server

Users or Customers

Cloud Automation Security

Cloud Automation and Security

AWS Integration Azure Integration

Auto Scaling Demo

#CLOUDSEC

#CLOUDSEC

Physical environment

v S p h e r ev S p h e r e

Private and Public Cloud

v S p h e r e

WEB

OS

APP3

OS

Shared Storage

ERP

OS

MAIL

OS

APP1

OS

APP2

OS

ERP

OS

FILE

ERP

Customer

Fire

wal

l

IDS/

IPS

WA

P

Inte

grit

yM

on

.

Log

Insp

ecti

on

An

tim

alw

are

Customer 1

Customer 2

Customer 3

Multi Tenancy

MAIL

Multi Tenancy

“하이브리드클라우드가주류.

그렇다면하이브리드클라우드보안은?

”

#CLOUDSEC

Hybrid Cloud reality

SOURCE: RightScale 2015

Copyright 2016 Trend Micro Inc.22

Ready & optimized for the cloud

Proven security for virtualized, converged and hyper-converged environments

+

Copyright 2016 Trend Micro Inc.23

Performance

Security Challenges for the Modern Data Center

Improve Security Automation Security Processes

Infrastructure

Security

APP

Hybrid Environment

• Security Platform• Single Console

Anti-malwareWeb Reputation

Intrusion Prevention

(IPS/IDS)

Host Firewall Integrity

Monitoring

Log Inspection

• Virtual Patching• Multi Tenancy

#CLOUDSEC

Deep SecurityVDIVMware Horizon

XenDesktop

NSXSoftware-Defined

NetworkPublic CloudAWS, Azure e vCHS

vRealize

Private Cloud vCloud

Cloud StackOpen Stack

Complete Hybrid ProtectionNetWeaver

SIEMSplunkQradar

Arcsight

Virtualization Platform

VMwareCitrix

Hyper-V

Copyright 2016 Trend Micro Inc.26

#CLOUDSEC

클라우드보안도입의장애요인

• 도입예산확보의어려움.

• 선입관 / 고정관념

현재의네트웍기반보안장비로도충분.

클라우드라고특별할것있나?

• 보안솔루션이있는지존재를모르겠음

• 아직기술적준비가안되어있음.

• 경험있는협력업체가많지않음.

전용사설네트웍을사용하는데외부해킹의염려없음.

TAKE CONTROLwith the help of the right people

YOU HAVE CONTROL.

Modern Hybrid Cloud Security will Protect you.

Don’t let cybercriminals take it away from you.

박상현지사장

Trend MicroThomas_park@trendmicro.com