www.cloudsec.com | #CLOUDSEC
The Journey to the Cloud Security
박상현
Trend Micro
CSA Korea Chapter Co-Chair
#CLOUDSEC
2015201420132012
#CLOUDSEC
Cloud Adoption Barrier
Source: CSA/SKYhigh 2016
#CLOUDSEC
Community efforts toward Cloud
Service Provider
Shared Responsibility Model
Standardization Organization
Security Alliance
Government
NIST
CSACSA Korea
클라우드발전법
KISANSR
Cloud User
한국클라우드산업협회
한국클라우드보안협회
ISO
FedRAMP
#CLOUDSEC
Cloud Provider’s min. requirement
#CLOUDSEC
Long journey to the Cloud
“공공클라우드가사내데이터센터보다더안전…..”
#CLOUDSEC
No worry on security “of” the CloudAWS foundation services
compute storage database networking
AWS global infrastructure
regions
Availability Zones
edge locations
AWS takes care
of the security
of the cloud
#CLOUDSEC
Cloud Adoption continues to rise
■ A few organizations now cloud-only
■ Most cloud-first or shifting to a cloud-
first mentality
■ Rate of adoption continues to grow
rapidly across all industries
most organizations have deployed at least one cloud app
Source: CloudSecurityAlliance / Bitglass 2016
#CLOUDSEC
Cloud Adoption is about to take off
Source: SingTel/CloudSec Singapore 2016
#CLOUDSEC
•
•
•
•
•
•
•
•
•
•
•
•
aws.amazon.com/compliance
Cloud providers deliver a
secure infrastructure.
But YOU need to protect
what you put IN the cloud
— your workloads.
Shared responsibility
#CLOUDSEC
Computing Evolution
Source: SingTel/CloudSec Singapore2016
How about Security adaptation?
변화 전(Before)
Firewall IPS Load
Balancer
Web
TierApp
Tier
DB
Tier
On-premises
S3
DynamoDB
RDS
…
변화 후(After)
Firewall IPS
AWS
Web
Tier
on
EC2
App
Tier
on
EC2
Elastic
Load
Balancer
VPC
&
Security
Groups
Load
Balancer
DB
TierWeb
TierApp
Tier
IAM CloudTrail
#CLOUDSEC
Data Volume S3 BucketEBS Snapshot
Web Server
APPServer
DBServer
Security Group
Availability Zone
Web Server
Users or Customers
Cloud Automation Security
Cloud Automation and Security
AWS Integration Azure Integration
Auto Scaling Demo
#CLOUDSEC
#CLOUDSEC
Physical environment
v S p h e r ev S p h e r e
Private and Public Cloud
v S p h e r e
WEB
OS
APP3
OS
Shared Storage
ERP
OS
OS
APP1
OS
APP2
OS
ERP
OS
FILE
ERP
Customer
Fire
wal
l
IDS/
IPS
WA
P
Inte
grit
yM
on
.
Log
Insp
ecti
on
An
tim
alw
are
Customer 1
Customer 2
Customer 3
Multi Tenancy
Multi Tenancy
“하이브리드클라우드가주류.
그렇다면하이브리드클라우드보안은?
”
#CLOUDSEC
Hybrid Cloud reality
SOURCE: RightScale 2015
Copyright 2016 Trend Micro Inc.22
Ready & optimized for the cloud
Proven security for virtualized, converged and hyper-converged environments
+
Copyright 2016 Trend Micro Inc.23
Performance
Security Challenges for the Modern Data Center
Improve Security Automation Security Processes
Infrastructure
Security
APP
Hybrid Environment
• Security Platform• Single Console
Anti-malwareWeb Reputation
Intrusion Prevention
(IPS/IDS)
Host Firewall Integrity
Monitoring
Log Inspection
• Virtual Patching• Multi Tenancy
#CLOUDSEC
Deep SecurityVDIVMware Horizon
XenDesktop
NSXSoftware-Defined
NetworkPublic CloudAWS, Azure e vCHS
vRealize
Private Cloud vCloud
Cloud StackOpen Stack
Complete Hybrid ProtectionNetWeaver
SIEMSplunkQradar
Arcsight
Virtualization Platform
VMwareCitrix
Hyper-V
Copyright 2016 Trend Micro Inc.26
#CLOUDSEC
클라우드보안도입의장애요인
• 도입예산확보의어려움.
• 선입관 / 고정관념
현재의네트웍기반보안장비로도충분.
클라우드라고특별할것있나?
• 보안솔루션이있는지존재를모르겠음
• 아직기술적준비가안되어있음.
• 경험있는협력업체가많지않음.
전용사설네트웍을사용하는데외부해킹의염려없음.
TAKE CONTROLwith the help of the right people
YOU HAVE CONTROL.
Modern Hybrid Cloud Security will Protect you.
Don’t let cybercriminals take it away from you.
박상현지사장
Trend [email protected]