Extending the Enterprise into the Cloud - Hybrid Infrastructure & Security

Management Seoul, Korea COEX Convention Centre 24th October 2013

Hybrid Cloud & the

Enterprise

Anthony Russell

Technology Partner Manager – Amazon Web

Services (APAC)

Migrate existing apps &

data to the cloud

Build new apps, sites,

services & lines of

businesses

Augment On-Premises

resources with cloud

capacity

How customers are using hybrid infrastructure

Shell uses AWS to Develop Software Faster and Cheaper

Remote Team

Core Development Team

Extra Development Resources

Contractor Team

S&P Capital IQ Uses AWS for Big Data Processing

Provides data to

4200+ top global

investment firms

Launched Hadoop

faster, Learned

Hadoop faster

S3 Hadoop Cluster

Shaw Media uses AWS for Disaster Recovery

Saved $1.8

Million in

second site

costs

Snapshots for

granular

rollbacks

Primary site

Before

After

Primary site

Disaster Recovery Site

Lionsgate uses AWS To host SharePoint & SAP

Amazon VPC

Avoided data

center build

out

Saved $1M

over

3 years

50% lower

cost than

hosting options

How AWS enables the hybrid environment

Application Services

Compute Storage Database

Networking

AWS Global Infrastructure

Deployment & Administration

Active Directory

VMware Images

Your networks

Your Data

Your Apps

Users & Access Rules

VM Import/Export

Virtual Private Network

Cloud Storage

Your Cloud Apps

How you can extend your own on-premise environments

into the AWS Cloud?

Your Data Centers

VPC

Extending the power of existing applications with AWS

Your Data Centers

App 1

App 2

App 3

App N Storage and

archives

Hadoop

clusters

Data

Warehouses

Analytics

Backup

Compute

Enterprise management & security objectives

1. Secure and robust infrastructure

2. Control access and authorisation

3. Keep track of assets and configuration

4. Governance across everything

AWS supports your enterprise Cloud based security objectives

Amazon VPC AWS DirectConnect

Private, isolated

section of the AWS

Cloud with VPN

connectivity

Private connectivity

between AWS and your

datacenter

AWS IAM (Identity

& Access Mgmt)

Manage users,

groups &

permissions

AWS CloudFormation

Web App

Enterprise

App

Database

Templates to deploy

& manage

Enterprise management & security objectives

1. Secure and robust infrastructure

2. Control access and authorisation

3. Keep track of assets and configuration

4. Governance across everything

US-WEST (N. California) EU-WEST (Ireland)

ASIA PAC (Tokyo)

ASIA PAC (Singapore)

US-WEST (Oregon)

SOUTH AMERICA (Sao Paulo)

US-EAST (Virginia)

GOV CLOUD

ASIA PAC (Sydney)

AWS offers global reach and high-availability

Foundation Services

Compute Storage Database Networking

AWS Global Infrastructure

Regions

Availability Zones

Edge Locations

• SOC 1 (SSAE 16 & ISAE 3204) Type II Audit (was SAS70)

• SOC 2 Type 1 Audit

• ISO 27001 Certification

• Payment Card Industry Data Security Standard (PCI DSS) Level 1 Service Provider

• FedRAMP (FISMA), ITAR, FIPS 140-2

• Cloud Security Alliance Questionnaire

• MPAA (best practices for storage, processing, delivery)

The AWS platform has strong security foundations

Security is a shared responsibility with AWS

Facilities

Physical security

Compute infrastructure

Storage infrastructure

Network infrastructure

Virtualization layer (EC2)

Hardened service endpoints

Rich IAM capabilities

Network configuration

Security groups

OS firewalls

Operating systems

Applications

Proper service configuration

AuthN & acct management

Authorization policies

+ =

Customer

Security scope for customers is reduced

Take advantage of high levels of uniformity and automation to

enhance security posture when moving into the cloud

AWS Partners help customers deploy & enhance their

own controls

Facilities

Physical security

Compute infrastructure

Storage infrastructure

Network infrastructure

Virtualization layer (EC2)

Hardened service endpoints

Rich IAM capabilities

+ =

AWS Partner Solutions

AWS Partners Build on AWS strong foundations to complete the

enterprise security solution

Managed, secure

hybrid customer

solutions

Building secure, reliable connectivity to the hybrid

environment

Connect over the pubic Internet

Data center AWS Cloud

www

Connect over industry-standard IPSEC VPN

Data center AWS Cloud

www

router router

IPSec tunnel via

statically-routed or

dynamically-

routed (BGP) VPN

Connect in private with AWS Direct Connect

AWS Cloud Data center

AWS Direct

Connect

Location

Amazon Partner

Network suppliers

can hook up the

last leg

New York

Los Angeles

Washington DC

San Jose

Singapore

Tokyo

London Docklands

Sao Paulo

Sydney

Building a secure hybrid environment with the AWS Virtual

Private Cloud

The AWS Virtual Private Cloud

• VPC spans an AWS region

– Customer chooses what

geography their content resides

• Customer chooses their own

private IP address range

• Split the VPC into multiple

internal public and private

network segments

• Retain full control over routing

Region

Subnet 10.0.1.0/24

Subnet 10.0.2.0/24

VPC A - 10.0.0.0/16

Availability Zone

Availability Zone

Router

Security Groups and Network Access Control Lists

Region

Subnet 10.0.1.0/24

Subnet 10.0.2.0/24

VPC A - 10.0.0.0/16

Availability Zone

Availability Zone

Router

• AWS Security Groups

– Stateful ingress and egress firewall

rules

– Granular – firewalls for every host

in the VPC

• Network Access Control Lists

– Stateless network filter controls

– Offer defence in depth over

security groups

• Duties can be controlled and

segregated

External VPC connectivity can be private or public

Region

Internet Gateway

Subnet 10.0.1.0/24

Subnet 10.0.2.0/24

VPC A - 10.0.0.0/16

Availability Zone

Availability Zone

Router

Internet

• Customers are in full control of

VPC external connectivity

• Internet connectivity is optional

and disabled by default

• Connect privately to on-premise

systems over VPN or direct

connect

Customer Gateway

On-premise Data centres

Partners build on top of the strong AWS baseline

Region

Subnet 10.0.1.0/24

Subnet 10.0.2.0/24

VPC A - 10.0.0.0/16

Availability Zone

Availability Zone

Router

• Customers remain in control to

implement their own security

controls on top of the AWS

environment

• Trend Deep Security is a leading

partner solution for host protection

on the AWS environment in

addition to intrusion detection &

protection services

• BMC integrate on-premise and

cloud management and monitoring

to provide a single pane of control

for your hybrid IT solutions

Enterprise management & security objectives

1. Secure and robust infrastructure

2. Control access and authorisation

3. Keep track of assets and configuration

4. Governance across everything

Get fine-grained control of the cloud environment

AWS IAM enables you to securely control access to AWS services

and resources

• Fine grained control of user permissions, resources and actions

• Configure users, groups, roles

• Several multi factor authentication options

• Hardware token or smartphone apps

• Create a private AWS console URL

(http://aws.yourcompany.com)

Enterprise management & security objectives

1. Secure and robust infrastructure

2. Control access and authorisation

3. Keep track of assets and configuration

4. Governance across everything

Template CloudFormation Stack

Configuration files

Data centre configurations can be treated as version controlled

configurations

Configured AWS services

Comprehensive service support

Service event aware

Customisable

Framework

Stack creation

Stack updates

Error detection and rollback

Using CloudFormation to deploy AWS configurations

Enterprise management & security objectives

1. Secure and robust infrastructure

2. Control access and authorisation

3. Keep track of assets and configuration

4. Governance across everything

Your compute

Your configurations

Your network

Your storage

Your On-Premises Apps

AWS compute

AWS configurations

AWS network

AWS Storage

Your Cloud Apps

Direct Connect VPC

AWS governance augments existing processes …

Your Data Centers } }

Existing governance processes AWS governance enablers

Governance processes

Your Data Centers

… to give our customers governance over everything

Visibility across the complete hybrid environment

Roles and responsibilities

Configuration management

Financial controls

Monitoring and reporting

Secure processing, storage and transmission

Network security

Access control

Identity and authorisation

Trusted Advisor offers further governance review

• Online service from AWS Support

– Analyzes account for various kinds of

issues and possible concerns

– Soon available as an API for integration

with your tools or 3rd party solutions

• Four categories:

– Cost savings

– Security

– Fault tolerance

– Performance

AWS Partners Complete the Picture

Facilities

Physical security

Compute infrastructure

Storage infrastructure

Network infrastructure

Virtualization layer (EC2)

Hardened service endpoints

Rich IAM capabilities

+ =

AWS Partner Solutions

AWS Partners Build on AWS strong foundations to complete the

enterprise security solution

Secure hybrid

environments

Next Stop, Hybrid……

David Carless

Cloud Computing Specialist –

BMC Software (APAC)

Two revolutions in IT

right now

REVOLUTION ONE

The front end How services are consumed Its Mobile Its Social Expectations of IT have changed

The Consumerization of IT

IaaS PaaS SaaS

Physical Virtual

•REVOLUTION TWO

The back end How services are delivered Pay as you use

Scale up Scale down Always on Immediately available Making IT fast, flexible and personal

45

Cloud is transforming the way we deliver IT

The rise of the IT BROKER

SaaS PaaS

Private Cloud

IaaS

Legacy Apps Public Cloud

IT / Cloud Management Platform

The Business

46

Enterprise Hybrid Cloud is the Future Reality

Public Clouds

Dedicated Infrastructure

Virtual Private Clouds

Internal Private Clouds

47

Why Enterprises are Embracing Cloud Computing

Accelerate business

Accelerate IT velocity

Improve IT efficiency and effectiveness

Enable innovation

Enable alternative sourcing models based on economic, service level and compliance requirements

Response to demand for“consumerisation”

Cloud Spending Is On The Rise In 2013-2014

Public Cloud Spending 2013-2014 (Gartner/IDC): • 60% of Fortune 1000’s will increase current public cloud spend • Spend on public cloud services will grow 18% in 2013-2014 • $131B in 2013 - $180B expected by 2015!

The cloud-enabled enterprise will be an agile, fierce

competitor

Future • ‘Pay by the Drink’

• Responsive

• Capital Light

• 40%+ Lower Maintenance and Run Costs

• Managed Security

• Business Leading

• New Technologies

…Cloud is the “on-ramp” to the Agile Enterprise

Current

The Agile Enterprise

• Fixed Costs

• Cumbersome

• Capital Intensive

• High Maintenance and Run Costs

• Security Issues

• Business Lagging

• Outdated

49

The Goals of a Hybrid IT Environment

• A seamless end-user experience regardless of how a service is provisioned

• Present users with a single unified request portal

• Instantly Deploy complete multi-tier applications

• Seamlessly incorporate Public Cloud providers into IT architecture

• Integrate with change and configuration management

• Maintain Security and Compliance across all available resource sets

• Optimize CapEx and OpEx to meet business goals

• While automation is key, the governance, people and process change is most significant

Single Pane of Glass

Misconception, Hybrid is not only “Cloudbursting”

Hybrid IT Vision:

Implementing IT Operations and Policies in a Software based

Management Platform

How do I make this work ?

? How do you empower users with self-service, implement cost effective sourcing strategies

while maintaining Control and Governance….

What is the impact implementing a Hybrid environment with no

change management ?

What is the impact of implementing manual process to control my

cloud ?

How do I make this work ?

Impact of Control & Governance for Cloud

No Control & Governance

Manual Control & Governance

Automated Cloud Management Platform

X

X

X

Speed

Cost

Control

Service Quality

? ?

55

BMC & AWS Alliance ?

BMC and Amazon Web Services join forces to deliver

Managed Hybrid computing environments

On Premise Resources

Unified Management of the Hybrid Cloud • Self Service Management • Service Management

• Seamless provisioning • Integrated Service Catalogue

• Service Governance and control • Ongoing performance optimization • Monitoring and Analytics

• Amazon EC2 • Amazon Elastic Block Storage • Amazon Virtual Private Cloud

Cloud Management with BMC Software

BMC Cloud Lifecycle Management CLM 3.0 End-to-end Cloud Management Platform

Service Catalog

Cloud Service Delivery

Resource Management

Totally Heterogenous Avoid and “vendor lock in”

Policy based Placement and Governance

Compliance and Change Configuration Mgmt

Single self-service portal Dynamic Provisioning of

Multi-tier Services

BMC Cloud Lifecycle Management End-to-end Cloud Management Platform

Single, Unified User Request BMC Cloud Lifecycle Management

Provide AWS Service Options

61

Automated provisioning of cloud services Provision complete cloud services with Post Deployment actions

“No one wants an empty Ipad” From hardware… …To fully configured services

Infrastructure Platforms Applications

• Physical machines

• Virtual machines

• Physical or virtual networks

• Operating Systems

• LAMP/WAMP

• IBM Websphere

• Microsoft SQL & .NET

• Oracle Databases

• Tibco

• Exchange

• Sharepoint

• COTS

• Custom Web App’s

• SAP /Oracle / etc

Deliver a broad range of complete cloud services (With PDA)

Monitoring , compliance, configuration management

NX

T G

EN

OS/MW/RTE Content available V

irtu

al

W2K8R2 W2K12

RH 5.8 RH 6.2

DB

Ti

er SQL 2K8R2

SQL 2K12 Oracle 11g Oracle 11g RAC

MYSQL SE/EE MYSQL CCE

Mid

Ti

er

Web

&

En

terp

rise

Port

al

Microsoft IIS 7.x Microsoft IIS 8.x

Apache http 2.4

5.6

JBoss AS 7.1 WildFly 8

Liferay Portal 6.x

GWS

Type of Content Aug 2013 Nov 2013 Feb 2014

EAS • Cisco HCS (Deliver to Cisco) • Citrix VDI • SAP Landscape Management PoC

• Cisco HCS for Stryker • SAP Systems Landscape

Management • Microsoft SharePoint

• SAP Systems Landscape Management

• Microsoft Exchange

OS/MW/RTE OS- RHEL 5.x/6.x, Windows 2K12, Windows 2008 R2 with roles (DNS), Windows 2008 R2 w/Domain Controller System Package, Oracle Enterprise Linux – 5.x/6.x SUSE 10.x/11.x DB - Windows 2008 R2 w/ SQL Server 2008 R2, Windows 2012 w/ SQL Server 2012 OEL 4.x/RHEL 5.x/6.x with Oracle 11g R2, RHEL 5.x/6.x with MYSQL, DB slice of a Oracle RAC Couchbase ( multiple nodes) Stack - LAMP, WAMP App Server – Apache Tomcat 7.x, JBOSS AS 6.x/7.x, Weblogic 10.x Web Server – Apache http 2.4 Windows+IIS 6.x/7.x, Apps - OpenStack , MediaWiki, Subversion, Bitnami VM

OS- Ubuntu 11.x/12.x DB - Linux/Windows MongoDB, Hadoop Cassandra 1.0.7 Stack - Ruby, JRuby, Django, DevPack App Server –Glassfish, WebSphere Application Server 8.x, WebLogic Application Server 10G WebServer - mod_security Apps - nagios, SugarCRM, Mantis, XOOPS, Review Board, Drupal, Joomla, Redmine OpenERP, JasperReports, razor, rabbitmq, Gitlab, Trac, Altanssian,

OS- Debian 5.x/6.x DB - Hadoop HBase elasticsearch_cluster , zookeeper_cluster Stack - WAPP, LAPP App Server – VMWare vFabric tc Server Web Server – Liferay, GWS Apps - SAP HANA, Hadoop Amabari, Jenkins, LimeSurvey, , Tiki, ownCloud,.NET, TIBCO

Resource Providers • None • OpenStack update

Integration • NetApp FlexPod

Content Management Toolkits

• eZDeploy for blueprints

• Best Practices Guide for Blueprint Authoring

• Contentpacks.bmc.com

• eZDeploy for service offering

Aug 2013 Nov 2013 Feb 2014

WAS 7.x WAS 8.x

HANA

Gitlab

Gitorious WAPP LAPP

ZOOKEEPER APACHE

vFabric tc Server

Alfresco

CMS

ownCloud

BMC Cloud Lifecycle Management End-to-end Cloud Management Platform

Service Governance & Compliance

Place cloud services with policies & capacity data Across private, public, and hybrid clouds

Closed loop Compliance & Configuration Automation

Unified architecture for configuration automation and compliance

Same solution for continuous compliance • Automated, periodic auditing • Automatic remediation generation • Reduced staff utilization • Consistent high levels of compliance • On-demand compliance reporting

One platform for automation • Software packaging • Deployment • Patching • Policy management • Virtualization management

BMC Cloud Lifecycle Management End-to-end Cloud Management Platform

Integrated and Automated Change Control

Change Management

2. Agile, automated change management

(e.g. pre-approved change request to increase

capacity)

3. “Embedded” change, patch, and incident

processes

(e.g. drift mgmt, audit logging)

1. Simple integration to IT release processes

(e.g. standard change request to deploy a new

cloud service)

4. Enterprise Governance and Compliance

(e.g. IT change policy adherence through automation)

BMC Cloud Lifecycle Management End-to-end Cloud Management Platform

BMC Software - AWS Resource Management capability

Amazon Web Services

•Fully Automated provisioning to AWS and support for provision, decommission, extend, start, stop, modify CPU/RAM

•Full support for AWS VPC

•Support for multiple regions and AZs

•Multiple account management for AWS

•Layered software deployments on top of AMIs

•OOTB Content to create unique & “safe” MI’s

•Clone AMIs associated with EBS

•Specify AWS security groups

•Support for Elastic IPs

BMC Cloud Lifecycle Management End-to-end Cloud Management Platform

Visibility of current and forecasted cloud capacity BMC Cloud Operations Management

Prepare for cloud capacity demands and optimize investment decisions

Monitor capacity utilization across data centers, private

and public cloud infrastructures. Alert on

upcoming saturation

Perform what-if analysis for:

• Expected growth rates

• Unanticipated usage spikes

• Changes to existing services

Provide foundation for continued investment with

utilization data by cloud service and users

Real-time insight on health with cloud panorama BMC Cloud Operations Management

Prioritize and resolve issues based on service levels and business priorities

• Identify performance issues

• Determine impacted users and organizations

• Isolate root cause

• Trigger automated repair

BMC Capacity Optimization • measures usage • reads service contract • calculates costs • produces reports by

tenant and service level

BMC Cloud Lifecycle Management records pricing

in customer contract

Automated chargeback reporting for the business

Accurately measure and charge for cloud resource consumption

The Power of BMC - Pearson

The Power of BMC - Pearson

50% Reduction in Global Time to Provision

With both BMC Software and AWS, IT can deliver the

benefits of Cloud

Across both on-premise and AWS cloud services:

• Reduce up-front capital expenditures while managing existing IT

– Reduce operational expenditure by Automating repeatable tasks.

– Centralise cost reporting of Hybrid IT environment.

• Provision (IAAS, SAAS, PAAS), configured applications stacks automatically

• Ensure reliable cloud service performance for all users and services

• Deliver role-based access through a business-friendly self-service portal in BMC Cloud Lifecycle Management

• Ensure appropriate automated or manual change approval

• Maintain configurations and compliance rules

• Unify operations management for hybrid IT

Unified Management of Hybrid Environments

SAFE CHOICE: A Mainstream Business for BMC BMC Cloud Lifecycle Management Customers

Service Provider

Clouds

Telco Clouds

Private Clouds

Thank you

Advanced Cloud Security

for AWS

Anthony Kim

Sr. Engineer of Cloud Security Business -

TrendMicro (Korea)

Copyright 2013 Trend Micro Inc.

The Global Growth of Cloud Computing

80 80

Copyright 2013 Trend Micro Inc.

Source: Cloud Readiness Index 2012, Asia Cloud Computing Association

Copyright 2013 Trend Micro Inc.

• Security & compliance are top priorities for enterprise-wide adoption of the

cloud

• Are cloud security needs that different than on-premise?

– Cloud introduces the concept of shared responsibility for securing their

services and applications running in the cloud

• Security is not the only inhibitor …

– Many organizations are reluctant to change status quo

• Fear of the unknown

• Cloud concepts & terminology intimidating

• IT job loss concerns

• Dramatic change from a process & operations perspective …

• Not sure how/where to get started …

82

Enterprises and the Cloud …

Cloud Security is a Shared

Responsibility

Consumer of Cloud Services Responsibilities

• Consumers of cloud services are responsible

for – Security of the VMs/Instances (OS & Applications)

– Ensuring SLA’s are maintained

– Ultimately it boils down to protecting your instances from compromise, the

integrity of the applications and privacy of data in the cloud…

• How do you protect AWS instances? – Traditional network appliances are not feasible

• On-premise control rely on physical network access

– Agent based host security controls required

The AWS Shared Responsibility Model

Facilities Physical Security Physical Infrastructure Virtualized Infrastructure

Enterprise Applications

Enterprise Operating Systems

Partner Eco-System

Cu

sto

mer

Do

mai

n

AW

S D

om

ain

OS Security Application Security OS Firewalls Anti-Virus Integrity Monitoring Storage Encryption

Need to Secure the Complete Journey to the Cloud

Security Considerations in the

Cloud

Security Considerations in the Cloud

Instance Awareness

• Knowing that the instance is

IN THE CLOUD

• Understanding where the

instance ‘lives’ and what its

identity is

• What security policies need to

be applied?

Security Considerations in the Cloud

Scale & Automation

• Next generation applications will be elastic by nature

• Security also needs to be elastic

• All components, including security, need to work in concert to be effective

Security Considerations in the Cloud

Complexity

• Supporting large scale, distributed

and even distinct cloud

environments

• Provides mitigation to ever-increasing

vulnerabilities for applications & operating

systems

• Security to ensure confidentiality &

integrity of data stored in cloud

environment

Copyright 2013 Trend Micro Inc.

10010011

01101100

Security Considerations in the Cloud

Data Access & Governance

• How do I ensure my data

confidentiality & integrity?

• Adopt necessary technology

control to meet data privacy

Security Considerations in the Cloud

Security principles don’t change

Security policy don’t change

Implementation & management change

Extend your current security policy to the Cloud

Practical Guidance for Security

in the Cloud

Cloud Security: Shared Responsibility

What type of instance security controls are required?

The Need Preferred Security Control

Data confidentiality Encryption

Block malicious software Anti-Malware

Detect & track vulnerabilities Vulnerability scanning services

Control server communications Host-firewalls

Detect suspicious activity Intrusion Prevention

Detect unauthorized changes File Integrity Monitoring

Block OS & App vulnerabilities Patch & Virtual Patching

Data monitoring & compliance Data Leakage Prevention

Trend Micro Deep Security for AWS

Hybrid Datacenter

Physical Virtual Private Cloud Public Cloud

Firewall Reduces attack surface. Prevents DoS & detects reconnaissance scans

Virtual Patching (IDS/IPS)

Web Application Protection

Application Control

Deep Packet Inspection

Defend against SQL injections attacks, cross-site scripting attacks & other web application vulnerabilities

Provide vulnerability shielding to known & zero-day vulnerabilities

Increased visibility into, or control over, applications accessing the network

Anti-Virus Leading Anti-Malware for Virtualization & Cloud

Integrity Monitoring

Monitors critical operating system and application files for unexpected changes

Log Inspection

Optimizes the identification of important security events buried in log entries

Next Generation Security for Hybrid Datacenter

Gartner Server Security Strategy

From Gartner paper in decreasing order of

importance) Trend Micro Deep Security

capabilities

Security configuration mgmt. Yes

Patch mgmt. Yes (with Virtual Patching)

Application control Yes

File Integrity Monitoring (FIM) Yes

Antimalware (file servers) Yes

Deep Packet Inspection based HIPS Yes

Antimalware (Windows) Yes

Behavioural HIPS Yes

Application firewalling Yes

Traditional host based firewall Yes

Device control -

Full drive encryption Yes, with Trend Micro SecureCloud

Removable device encryption -

DS as a Service Manager DS as a Service

Manager DS as a Service Manager DS as a Service

Manager

Protection for AWS Instances

*Available in North America now, APAC in 2014.

Trend Micro Deep Security as a Service*

Which Deep Security version is for you?

Buy Deep Security Software

• Datacenter security requirements

• Hybrid cloud environments

• Prefer to run Deep Security Managers themselves

• Require a solution now

Buy Deep Security as a Service • AWS only security requirement • Prefer utility charging model • Want the convenience of a SaaS • Available in North America now,

APAC in 2014

• Unreadable for unauthorized users

• Control of when and where data is accessed

• Server validation

• Custody of keys

Patient Medical Records Credit Card Payment

Information Sensitive Research Results Social Security Numbers

Encryption with Policy-based Key Management

Trend Micro SecureCloud for AWS

99 10/28/2013 Copyright 2012 Trend Micro Inc.

Encrypt throughout your cloud journey — data protection for physical, virtual & cloud environments

Securing and Controlling Sensitive Data in the Cloud

Trend Micro SecureCloud for AWS

Protection for data in the cloud

Automated encryption and key management

Solution that helps you protect the privacy of data in AWS, making sure

that only authorized servers can access encryption keys.

Trend Micro’s highly automated data protection approach safely

delivers encryption keys to valid devices without the need for you to

deploy an entire file system and management infrastructure

Key benefits:

Policy-Based Key Management

Enterprise-Controlled Encryption and

Key Management

Standard Protocols and Advanced

Encryption

Authentication

Logging, Reporting, and Auditing

Separation of duties

Amazon Advanced Technology Partner

Deep Security is Common Criteria EAL 4+

#1 in Server Security (2012 IDC–Worldwide Endpoint Security Revenue Share by

Vendor, 2011)

#1 in Virtualization Security (2011 Technavio – Global Virtualization Security

Management Solutions)

#1 in Cloud Security (2012 Technavio – Global Security World Market)

1st & only security that extends from enterprise datacenter to cloud

Optimized for AWS

Why Trend Micro for AWS?

Thank you