Upload
amazon-web-services-korea
View
573
Download
16
Embed Size (px)
Citation preview
Extending the Enterprise into the Cloud - Hybrid Infrastructure & Security
Management Seoul, Korea COEX Convention Centre 24th October 2013
Hybrid Cloud & the
Enterprise
Anthony Russell
Technology Partner Manager – Amazon Web
Services (APAC)
Migrate existing apps &
data to the cloud
Build new apps, sites,
services & lines of
businesses
Augment On-Premises
resources with cloud
capacity
How customers are using hybrid infrastructure
Shell uses AWS to Develop Software Faster and Cheaper
Remote Team
Core Development Team
Extra Development Resources
Contractor Team
S&P Capital IQ Uses AWS for Big Data Processing
Provides data to
4200+ top global
investment firms
Launched Hadoop
faster, Learned
Hadoop faster
S3 Hadoop Cluster
Shaw Media uses AWS for Disaster Recovery
Saved $1.8
Million in
second site
costs
Snapshots for
granular
rollbacks
Primary site
Before
After
Primary site
Disaster Recovery Site
Lionsgate uses AWS To host SharePoint & SAP
Amazon VPC
Avoided data
center build
out
Saved $1M
over
3 years
50% lower
cost than
hosting options
How AWS enables the hybrid environment
Application Services
Compute Storage Database
Networking
AWS Global Infrastructure
Deployment & Administration
Active Directory
VMware Images
Your networks
Your Data
Your Apps
Users & Access Rules
VM Import/Export
Virtual Private Network
Cloud Storage
Your Cloud Apps
How you can extend your own on-premise environments
into the AWS Cloud?
Your Data Centers
VPC
Extending the power of existing applications with AWS
Your Data Centers
App 1
App 2
App 3
App N Storage and
archives
Hadoop
clusters
Data
Warehouses
Analytics
Backup
Compute
Enterprise management & security objectives
1. Secure and robust infrastructure
2. Control access and authorisation
3. Keep track of assets and configuration
4. Governance across everything
AWS supports your enterprise Cloud based security objectives
Amazon VPC AWS DirectConnect
Private, isolated
section of the AWS
Cloud with VPN
connectivity
Private connectivity
between AWS and your
datacenter
AWS IAM (Identity
& Access Mgmt)
Manage users,
groups &
permissions
AWS CloudFormation
Web App
Enterprise
App
Database
Templates to deploy
& manage
Enterprise management & security objectives
1. Secure and robust infrastructure
2. Control access and authorisation
3. Keep track of assets and configuration
4. Governance across everything
US-WEST (N. California) EU-WEST (Ireland)
ASIA PAC (Tokyo)
ASIA PAC (Singapore)
US-WEST (Oregon)
SOUTH AMERICA (Sao Paulo)
US-EAST (Virginia)
GOV CLOUD
ASIA PAC (Sydney)
AWS offers global reach and high-availability
Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
• SOC 1 (SSAE 16 & ISAE 3204) Type II Audit (was SAS70)
• SOC 2 Type 1 Audit
• ISO 27001 Certification
• Payment Card Industry Data Security Standard (PCI DSS) Level 1 Service Provider
• FedRAMP (FISMA), ITAR, FIPS 140-2
• Cloud Security Alliance Questionnaire
• MPAA (best practices for storage, processing, delivery)
The AWS platform has strong security foundations
Security is a shared responsibility with AWS
Facilities
Physical security
Compute infrastructure
Storage infrastructure
Network infrastructure
Virtualization layer (EC2)
Hardened service endpoints
Rich IAM capabilities
Network configuration
Security groups
OS firewalls
Operating systems
Applications
Proper service configuration
AuthN & acct management
Authorization policies
+ =
Customer
Security scope for customers is reduced
Take advantage of high levels of uniformity and automation to
enhance security posture when moving into the cloud
AWS Partners help customers deploy & enhance their
own controls
Facilities
Physical security
Compute infrastructure
Storage infrastructure
Network infrastructure
Virtualization layer (EC2)
Hardened service endpoints
Rich IAM capabilities
+ =
AWS Partner Solutions
AWS Partners Build on AWS strong foundations to complete the
enterprise security solution
Managed, secure
hybrid customer
solutions
Building secure, reliable connectivity to the hybrid
environment
Connect over the pubic Internet
Data center AWS Cloud
www
Connect over industry-standard IPSEC VPN
Data center AWS Cloud
www
router router
IPSec tunnel via
statically-routed or
dynamically-
routed (BGP) VPN
Connect in private with AWS Direct Connect
AWS Cloud Data center
AWS Direct
Connect
Location
Amazon Partner
Network suppliers
can hook up the
last leg
New York
Los Angeles
Washington DC
San Jose
Singapore
Tokyo
London Docklands
Sao Paulo
Sydney
Building a secure hybrid environment with the AWS Virtual
Private Cloud
The AWS Virtual Private Cloud
• VPC spans an AWS region
– Customer chooses what
geography their content resides
• Customer chooses their own
private IP address range
• Split the VPC into multiple
internal public and private
network segments
• Retain full control over routing
Region
Subnet 10.0.1.0/24
Subnet 10.0.2.0/24
VPC A - 10.0.0.0/16
Availability Zone
Availability Zone
Router
Security Groups and Network Access Control Lists
Region
Subnet 10.0.1.0/24
Subnet 10.0.2.0/24
VPC A - 10.0.0.0/16
Availability Zone
Availability Zone
Router
• AWS Security Groups
– Stateful ingress and egress firewall
rules
– Granular – firewalls for every host
in the VPC
• Network Access Control Lists
– Stateless network filter controls
– Offer defence in depth over
security groups
• Duties can be controlled and
segregated
External VPC connectivity can be private or public
Region
Internet Gateway
Subnet 10.0.1.0/24
Subnet 10.0.2.0/24
VPC A - 10.0.0.0/16
Availability Zone
Availability Zone
Router
Internet
• Customers are in full control of
VPC external connectivity
• Internet connectivity is optional
and disabled by default
• Connect privately to on-premise
systems over VPN or direct
connect
Customer Gateway
On-premise Data centres
Partners build on top of the strong AWS baseline
Region
Subnet 10.0.1.0/24
Subnet 10.0.2.0/24
VPC A - 10.0.0.0/16
Availability Zone
Availability Zone
Router
• Customers remain in control to
implement their own security
controls on top of the AWS
environment
• Trend Deep Security is a leading
partner solution for host protection
on the AWS environment in
addition to intrusion detection &
protection services
• BMC integrate on-premise and
cloud management and monitoring
to provide a single pane of control
for your hybrid IT solutions
Enterprise management & security objectives
1. Secure and robust infrastructure
2. Control access and authorisation
3. Keep track of assets and configuration
4. Governance across everything
Get fine-grained control of the cloud environment
AWS IAM enables you to securely control access to AWS services
and resources
• Fine grained control of user permissions, resources and actions
• Configure users, groups, roles
• Several multi factor authentication options
• Hardware token or smartphone apps
• Create a private AWS console URL
(http://aws.yourcompany.com)
Enterprise management & security objectives
1. Secure and robust infrastructure
2. Control access and authorisation
3. Keep track of assets and configuration
4. Governance across everything
Template CloudFormation Stack
Configuration files
Data centre configurations can be treated as version controlled
configurations
Configured AWS services
Comprehensive service support
Service event aware
Customisable
Framework
Stack creation
Stack updates
Error detection and rollback
Using CloudFormation to deploy AWS configurations
Enterprise management & security objectives
1. Secure and robust infrastructure
2. Control access and authorisation
3. Keep track of assets and configuration
4. Governance across everything
Your compute
Your configurations
Your network
Your storage
Your On-Premises Apps
AWS compute
AWS configurations
AWS network
AWS Storage
Your Cloud Apps
Direct Connect VPC
AWS governance augments existing processes …
Your Data Centers } }
Existing governance processes AWS governance enablers
Governance processes
Your Data Centers
… to give our customers governance over everything
Visibility across the complete hybrid environment
Roles and responsibilities
Configuration management
Financial controls
Monitoring and reporting
Secure processing, storage and transmission
Network security
Access control
Identity and authorisation
Trusted Advisor offers further governance review
• Online service from AWS Support
– Analyzes account for various kinds of
issues and possible concerns
– Soon available as an API for integration
with your tools or 3rd party solutions
• Four categories:
– Cost savings
– Security
– Fault tolerance
– Performance
AWS Partners Complete the Picture
Facilities
Physical security
Compute infrastructure
Storage infrastructure
Network infrastructure
Virtualization layer (EC2)
Hardened service endpoints
Rich IAM capabilities
+ =
AWS Partner Solutions
AWS Partners Build on AWS strong foundations to complete the
enterprise security solution
Secure hybrid
environments
Next Stop, Hybrid……
David Carless
Cloud Computing Specialist –
BMC Software (APAC)
Two revolutions in IT
right now
REVOLUTION ONE
The front end How services are consumed Its Mobile Its Social Expectations of IT have changed
The Consumerization of IT
IaaS PaaS SaaS
Physical Virtual
•REVOLUTION TWO
The back end How services are delivered Pay as you use
Scale up Scale down Always on Immediately available Making IT fast, flexible and personal
45
Cloud is transforming the way we deliver IT
The rise of the IT BROKER
SaaS PaaS
Private Cloud
IaaS
Legacy Apps Public Cloud
IT / Cloud Management Platform
The Business
46
Enterprise Hybrid Cloud is the Future Reality
Public Clouds
Dedicated Infrastructure
Virtual Private Clouds
Internal Private Clouds
47
Why Enterprises are Embracing Cloud Computing
Accelerate business
Accelerate IT velocity
Improve IT efficiency and effectiveness
Enable innovation
Enable alternative sourcing models based on economic, service level and compliance requirements
Response to demand for“consumerisation”
Cloud Spending Is On The Rise In 2013-2014
Public Cloud Spending 2013-2014 (Gartner/IDC): • 60% of Fortune 1000’s will increase current public cloud spend • Spend on public cloud services will grow 18% in 2013-2014 • $131B in 2013 - $180B expected by 2015!
The cloud-enabled enterprise will be an agile, fierce
competitor
Future • ‘Pay by the Drink’
• Responsive
• Capital Light
• 40%+ Lower Maintenance and Run Costs
• Managed Security
• Business Leading
• New Technologies
…Cloud is the “on-ramp” to the Agile Enterprise
Current
The Agile Enterprise
• Fixed Costs
• Cumbersome
• Capital Intensive
• High Maintenance and Run Costs
• Security Issues
• Business Lagging
• Outdated
49
The Goals of a Hybrid IT Environment
• A seamless end-user experience regardless of how a service is provisioned
• Present users with a single unified request portal
• Instantly Deploy complete multi-tier applications
• Seamlessly incorporate Public Cloud providers into IT architecture
• Integrate with change and configuration management
• Maintain Security and Compliance across all available resource sets
• Optimize CapEx and OpEx to meet business goals
• While automation is key, the governance, people and process change is most significant
Single Pane of Glass
Misconception, Hybrid is not only “Cloudbursting”
Hybrid IT Vision:
Implementing IT Operations and Policies in a Software based
Management Platform
How do I make this work ?
? How do you empower users with self-service, implement cost effective sourcing strategies
while maintaining Control and Governance….
What is the impact implementing a Hybrid environment with no
change management ?
What is the impact of implementing manual process to control my
cloud ?
How do I make this work ?
Impact of Control & Governance for Cloud
No Control & Governance
Manual Control & Governance
Automated Cloud Management Platform
X
X
X
Speed
Cost
Control
Service Quality
? ?
55
BMC & AWS Alliance ?
BMC and Amazon Web Services join forces to deliver
Managed Hybrid computing environments
On Premise Resources
Unified Management of the Hybrid Cloud • Self Service Management • Service Management
• Seamless provisioning • Integrated Service Catalogue
• Service Governance and control • Ongoing performance optimization • Monitoring and Analytics
• Amazon EC2 • Amazon Elastic Block Storage • Amazon Virtual Private Cloud
Cloud Management with BMC Software
BMC Cloud Lifecycle Management CLM 3.0 End-to-end Cloud Management Platform
Service Catalog
Cloud Service Delivery
Resource Management
Totally Heterogenous Avoid and “vendor lock in”
Policy based Placement and Governance
Compliance and Change Configuration Mgmt
Single self-service portal Dynamic Provisioning of
Multi-tier Services
BMC Cloud Lifecycle Management End-to-end Cloud Management Platform
Single, Unified User Request BMC Cloud Lifecycle Management
Provide AWS Service Options
61
Automated provisioning of cloud services Provision complete cloud services with Post Deployment actions
“No one wants an empty Ipad” From hardware… …To fully configured services
Infrastructure Platforms Applications
• Physical machines
• Virtual machines
• Physical or virtual networks
• Operating Systems
• LAMP/WAMP
• IBM Websphere
• Microsoft SQL & .NET
• Oracle Databases
• Tibco
• Exchange
• Sharepoint
• COTS
• Custom Web App’s
• SAP /Oracle / etc
Deliver a broad range of complete cloud services (With PDA)
Monitoring , compliance, configuration management
NX
T G
EN
OS/MW/RTE Content available V
irtu
al
W2K8R2 W2K12
RH 5.8 RH 6.2
DB
Ti
er SQL 2K8R2
SQL 2K12 Oracle 11g Oracle 11g RAC
MYSQL SE/EE MYSQL CCE
Mid
Ti
er
Web
&
En
terp
rise
Port
al
Microsoft IIS 7.x Microsoft IIS 8.x
Apache http 2.4
5.6
JBoss AS 7.1 WildFly 8
Liferay Portal 6.x
GWS
Type of Content Aug 2013 Nov 2013 Feb 2014
EAS • Cisco HCS (Deliver to Cisco) • Citrix VDI • SAP Landscape Management PoC
• Cisco HCS for Stryker • SAP Systems Landscape
Management • Microsoft SharePoint
• SAP Systems Landscape Management
• Microsoft Exchange
OS/MW/RTE OS- RHEL 5.x/6.x, Windows 2K12, Windows 2008 R2 with roles (DNS), Windows 2008 R2 w/Domain Controller System Package, Oracle Enterprise Linux – 5.x/6.x SUSE 10.x/11.x DB - Windows 2008 R2 w/ SQL Server 2008 R2, Windows 2012 w/ SQL Server 2012 OEL 4.x/RHEL 5.x/6.x with Oracle 11g R2, RHEL 5.x/6.x with MYSQL, DB slice of a Oracle RAC Couchbase ( multiple nodes) Stack - LAMP, WAMP App Server – Apache Tomcat 7.x, JBOSS AS 6.x/7.x, Weblogic 10.x Web Server – Apache http 2.4 Windows+IIS 6.x/7.x, Apps - OpenStack , MediaWiki, Subversion, Bitnami VM
OS- Ubuntu 11.x/12.x DB - Linux/Windows MongoDB, Hadoop Cassandra 1.0.7 Stack - Ruby, JRuby, Django, DevPack App Server –Glassfish, WebSphere Application Server 8.x, WebLogic Application Server 10G WebServer - mod_security Apps - nagios, SugarCRM, Mantis, XOOPS, Review Board, Drupal, Joomla, Redmine OpenERP, JasperReports, razor, rabbitmq, Gitlab, Trac, Altanssian,
OS- Debian 5.x/6.x DB - Hadoop HBase elasticsearch_cluster , zookeeper_cluster Stack - WAPP, LAPP App Server – VMWare vFabric tc Server Web Server – Liferay, GWS Apps - SAP HANA, Hadoop Amabari, Jenkins, LimeSurvey, , Tiki, ownCloud,.NET, TIBCO
Resource Providers • None • OpenStack update
Integration • NetApp FlexPod
Content Management Toolkits
• eZDeploy for blueprints
• Best Practices Guide for Blueprint Authoring
• Contentpacks.bmc.com
• eZDeploy for service offering
Aug 2013 Nov 2013 Feb 2014
WAS 7.x WAS 8.x
HANA
Gitlab
Gitorious WAPP LAPP
ZOOKEEPER APACHE
vFabric tc Server
Alfresco
CMS
ownCloud
BMC Cloud Lifecycle Management End-to-end Cloud Management Platform
Service Governance & Compliance
Place cloud services with policies & capacity data Across private, public, and hybrid clouds
Closed loop Compliance & Configuration Automation
Unified architecture for configuration automation and compliance
Same solution for continuous compliance • Automated, periodic auditing • Automatic remediation generation • Reduced staff utilization • Consistent high levels of compliance • On-demand compliance reporting
One platform for automation • Software packaging • Deployment • Patching • Policy management • Virtualization management
BMC Cloud Lifecycle Management End-to-end Cloud Management Platform
Integrated and Automated Change Control
Change Management
2. Agile, automated change management
(e.g. pre-approved change request to increase
capacity)
3. “Embedded” change, patch, and incident
processes
(e.g. drift mgmt, audit logging)
1. Simple integration to IT release processes
(e.g. standard change request to deploy a new
cloud service)
4. Enterprise Governance and Compliance
(e.g. IT change policy adherence through automation)
BMC Cloud Lifecycle Management End-to-end Cloud Management Platform
BMC Software - AWS Resource Management capability
Amazon Web Services
•Fully Automated provisioning to AWS and support for provision, decommission, extend, start, stop, modify CPU/RAM
•Full support for AWS VPC
•Support for multiple regions and AZs
•Multiple account management for AWS
•Layered software deployments on top of AMIs
•OOTB Content to create unique & “safe” MI’s
•Clone AMIs associated with EBS
•Specify AWS security groups
•Support for Elastic IPs
BMC Cloud Lifecycle Management End-to-end Cloud Management Platform
Visibility of current and forecasted cloud capacity BMC Cloud Operations Management
Prepare for cloud capacity demands and optimize investment decisions
Monitor capacity utilization across data centers, private
and public cloud infrastructures. Alert on
upcoming saturation
Perform what-if analysis for:
• Expected growth rates
• Unanticipated usage spikes
• Changes to existing services
Provide foundation for continued investment with
utilization data by cloud service and users
Real-time insight on health with cloud panorama BMC Cloud Operations Management
Prioritize and resolve issues based on service levels and business priorities
• Identify performance issues
• Determine impacted users and organizations
• Isolate root cause
• Trigger automated repair
BMC Capacity Optimization • measures usage • reads service contract • calculates costs • produces reports by
tenant and service level
BMC Cloud Lifecycle Management records pricing
in customer contract
Automated chargeback reporting for the business
Accurately measure and charge for cloud resource consumption
The Power of BMC - Pearson
The Power of BMC - Pearson
50% Reduction in Global Time to Provision
With both BMC Software and AWS, IT can deliver the
benefits of Cloud
Across both on-premise and AWS cloud services:
• Reduce up-front capital expenditures while managing existing IT
– Reduce operational expenditure by Automating repeatable tasks.
– Centralise cost reporting of Hybrid IT environment.
• Provision (IAAS, SAAS, PAAS), configured applications stacks automatically
• Ensure reliable cloud service performance for all users and services
• Deliver role-based access through a business-friendly self-service portal in BMC Cloud Lifecycle Management
• Ensure appropriate automated or manual change approval
• Maintain configurations and compliance rules
• Unify operations management for hybrid IT
Unified Management of Hybrid Environments
SAFE CHOICE: A Mainstream Business for BMC BMC Cloud Lifecycle Management Customers
Service Provider
Clouds
Telco Clouds
Private Clouds
Thank you
Advanced Cloud Security
for AWS
Anthony Kim
Sr. Engineer of Cloud Security Business -
TrendMicro (Korea)
Copyright 2013 Trend Micro Inc.
The Global Growth of Cloud Computing
80 80
Copyright 2013 Trend Micro Inc.
Source: Cloud Readiness Index 2012, Asia Cloud Computing Association
Copyright 2013 Trend Micro Inc.
• Security & compliance are top priorities for enterprise-wide adoption of the
cloud
• Are cloud security needs that different than on-premise?
– Cloud introduces the concept of shared responsibility for securing their
services and applications running in the cloud
• Security is not the only inhibitor …
– Many organizations are reluctant to change status quo
• Fear of the unknown
• Cloud concepts & terminology intimidating
• IT job loss concerns
• Dramatic change from a process & operations perspective …
• Not sure how/where to get started …
82
Enterprises and the Cloud …
Cloud Security is a Shared
Responsibility
Consumer of Cloud Services Responsibilities
• Consumers of cloud services are responsible
for – Security of the VMs/Instances (OS & Applications)
– Ensuring SLA’s are maintained
– Ultimately it boils down to protecting your instances from compromise, the
integrity of the applications and privacy of data in the cloud…
• How do you protect AWS instances? – Traditional network appliances are not feasible
• On-premise control rely on physical network access
– Agent based host security controls required
The AWS Shared Responsibility Model
Facilities Physical Security Physical Infrastructure Virtualized Infrastructure
Enterprise Applications
Enterprise Operating Systems
Partner Eco-System
Cu
sto
mer
Do
mai
n
AW
S D
om
ain
OS Security Application Security OS Firewalls Anti-Virus Integrity Monitoring Storage Encryption
Need to Secure the Complete Journey to the Cloud
Security Considerations in the
Cloud
Security Considerations in the Cloud
Instance Awareness
• Knowing that the instance is
IN THE CLOUD
• Understanding where the
instance ‘lives’ and what its
identity is
• What security policies need to
be applied?
Security Considerations in the Cloud
Scale & Automation
• Next generation applications will be elastic by nature
• Security also needs to be elastic
• All components, including security, need to work in concert to be effective
Security Considerations in the Cloud
Complexity
• Supporting large scale, distributed
and even distinct cloud
environments
• Provides mitigation to ever-increasing
vulnerabilities for applications & operating
systems
• Security to ensure confidentiality &
integrity of data stored in cloud
environment
Copyright 2013 Trend Micro Inc.
10010011
01101100
Security Considerations in the Cloud
Data Access & Governance
• How do I ensure my data
confidentiality & integrity?
• Adopt necessary technology
control to meet data privacy
Security Considerations in the Cloud
Security principles don’t change
Security policy don’t change
Implementation & management change
Extend your current security policy to the Cloud
Practical Guidance for Security
in the Cloud
Cloud Security: Shared Responsibility
What type of instance security controls are required?
The Need Preferred Security Control
Data confidentiality Encryption
Block malicious software Anti-Malware
Detect & track vulnerabilities Vulnerability scanning services
Control server communications Host-firewalls
Detect suspicious activity Intrusion Prevention
Detect unauthorized changes File Integrity Monitoring
Block OS & App vulnerabilities Patch & Virtual Patching
Data monitoring & compliance Data Leakage Prevention
Trend Micro Deep Security for AWS
Hybrid Datacenter
Physical Virtual Private Cloud Public Cloud
Firewall Reduces attack surface. Prevents DoS & detects reconnaissance scans
Virtual Patching (IDS/IPS)
Web Application Protection
Application Control
Deep Packet Inspection
Defend against SQL injections attacks, cross-site scripting attacks & other web application vulnerabilities
Provide vulnerability shielding to known & zero-day vulnerabilities
Increased visibility into, or control over, applications accessing the network
Anti-Virus Leading Anti-Malware for Virtualization & Cloud
Integrity Monitoring
Monitors critical operating system and application files for unexpected changes
Log Inspection
Optimizes the identification of important security events buried in log entries
Next Generation Security for Hybrid Datacenter
Gartner Server Security Strategy
From Gartner paper in decreasing order of
importance) Trend Micro Deep Security
capabilities
Security configuration mgmt. Yes
Patch mgmt. Yes (with Virtual Patching)
Application control Yes
File Integrity Monitoring (FIM) Yes
Antimalware (file servers) Yes
Deep Packet Inspection based HIPS Yes
Antimalware (Windows) Yes
Behavioural HIPS Yes
Application firewalling Yes
Traditional host based firewall Yes
Device control -
Full drive encryption Yes, with Trend Micro SecureCloud
Removable device encryption -
DS as a Service Manager DS as a Service
Manager DS as a Service Manager DS as a Service
Manager
Protection for AWS Instances
*Available in North America now, APAC in 2014.
Trend Micro Deep Security as a Service*
Which Deep Security version is for you?
Buy Deep Security Software
• Datacenter security requirements
• Hybrid cloud environments
• Prefer to run Deep Security Managers themselves
• Require a solution now
Buy Deep Security as a Service • AWS only security requirement • Prefer utility charging model • Want the convenience of a SaaS • Available in North America now,
APAC in 2014
• Unreadable for unauthorized users
• Control of when and where data is accessed
• Server validation
• Custody of keys
Patient Medical Records Credit Card Payment
Information Sensitive Research Results Social Security Numbers
Encryption with Policy-based Key Management
Trend Micro SecureCloud for AWS
99 10/28/2013 Copyright 2012 Trend Micro Inc.
Encrypt throughout your cloud journey — data protection for physical, virtual & cloud environments
Securing and Controlling Sensitive Data in the Cloud
Trend Micro SecureCloud for AWS
Protection for data in the cloud
Automated encryption and key management
Solution that helps you protect the privacy of data in AWS, making sure
that only authorized servers can access encryption keys.
Trend Micro’s highly automated data protection approach safely
delivers encryption keys to valid devices without the need for you to
deploy an entire file system and management infrastructure
Key benefits:
Policy-Based Key Management
Enterprise-Controlled Encryption and
Key Management
Standard Protocols and Advanced
Encryption
Authentication
Logging, Reporting, and Auditing
Separation of duties
Amazon Advanced Technology Partner
Deep Security is Common Criteria EAL 4+
#1 in Server Security (2012 IDC–Worldwide Endpoint Security Revenue Share by
Vendor, 2011)
#1 in Virtualization Security (2011 Technavio – Global Virtualization Security
Management Solutions)
#1 in Cloud Security (2012 Technavio – Global Security World Market)
1st & only security that extends from enterprise datacenter to cloud
Optimized for AWS
Why Trend Micro for AWS?
Thank you