Hvorfor kun sikre din cloud halvt – tænk det hele ind fra starten med Symantec
”Cloud” er mange ting, og beskyttelse af data og systemer i skyen, privat eller public, kræver strategi og omtanke. Kom og hør Symantecs anbefalinger omkring, hvad man skal tænke ind i sin beskyttelse og governance af cloud. Vi har et omfattende sæt af løsninger, som vi vil berøre i denne session, som dækker sikkerhed, backup, storage management og risk governance, hvad enten det drejer sig om private eller public clouds.
1. Version2, Datacenter 2014 1
Hvorfor kun sikre Cloud’en halvt
- tænk sikkerhed fra starten…
Peter Schjøtt
Pr. Security Presales Engineer
2. Why Cloud
• Cloud characteristics – whether private or public
– Broad network access
– Rapid elasticity
– On-demand self-service
– Shared pool of resources
– Measured service
• Cost reduction through efficiency
• Comparable better security through standardisation
• Business focus on core, abstract from the rest
Version2, Datacenter 2014 3
5. Data Center Risks
Increased automation and the virtual layer increases the attack surface, convergence of
infrastructure creates big risk around privileged users.
Traditional Data Centers Private Cloud
Many servers, network and storage systems
in separate data centers with separate
admins; slow provisioning
Many servers, network and storage systems in
fewer consolidated data centers with high
automation and fewer admins; faster
provisioning
Large attack surface,
concentration of risk
Version2, Datacenter 2014 6
6. shifting gears the SDDC
7
Drivers
Cost
Speed
Flexibility
Inhibitors
Security Tax
Complexity
Compliance
The data center of the future is software-defined. It is dynamic and application-centric.
Our mission is to support our customers as they evolve to the SDDC.
DataCenterSecurity
Compute and Storage Virtualization
Network Virtualization
Software Defined Services
On-Prem/Private/Public Cloud Resources
Software-DefinedDataCenter
Applications and Policies
AutomationandManagementVersion2, Datacenter 2014
7. DataCenterSecurity
Compute and Storage Virtualization
Network Virtualization
Software Defined Services
On-Prem/Private/Public Cloud Resources
Software-DefinedDataCenter
Applications and Policies
AutomationandManagement
The Bets
Version2, Datacenter 2014
the
Cloud Betthe
virtualization Bet
78%
31%
25%
Securing private clouds is a good early
bet as private clouds will continue to be
strongly preferred over public and
hybrid clouds
HybridPublicPrivate
Source: IDC CloudTrack Survey, 2012
Security represents a large
opportunity as it is the key
obstacle for the
virtualization of mission
critical workloads
the
SDN Bet
Aligning with e.g. VMware
and Cisco to secure SDNs is
key as customers will
definitely adopt pure or
mixed SDNs at a rapid pace
the
SDDC Bet
DC Automation and
orchestration are key to
SDDCs and will mandate a
parallel need for security
orchestration.
67%
47%
57% 52%
41%
35% 40%
0%
20%
40%
60%
80%
Source: VMware Conference 2012
the
Data Center Bet
As Data Center
consolidation in combination
with virtualization increases
the concentration of risk, we
will see a corresponding
demand for security.
Data center consolidation is
projected to account for
27% of IT spend (2010-2016)
Gartner, 2011
8
8. DataCenterSecurity
Compute/Storage
Virtualization
Network
Virtualization
Software Defined
Services
On-Prem/Private/Public
Cloud Resources
Software-DefinedDataCenter Applications
and Policies
AutomationandManagement
Support for key
standards for private
clouds e.g. Openstack
and partner with
vendors delivering those
standards e.g.
Amazon, VMware, Ope
nstack
Security for leading
hypervisors
Security for hybrid
networks
Integrated security
orchestration
Dynamic, context-
based, policy-
centric security
Software Defined Security
“By 2015, 40% of
security controls
used in Enterprise
data centers will
be virtualized, up
from less than 5%
in 2010”
– Neil MacDonald
A dynamic, application-centric data center needs
dynamic, application-centric security.
SDN and SDDC platforms
will be enablers of security
consolidation offering a
platform for security
orchestration
the
Security Bet
Version2, Datacenter 2014 9
10. Cloud Computing Top Threats
• Data Breaches
• Data Loss
• Account or Service hijacking
• Insecure Interfaces and APIs
• Denial of Service
• Malicious Insiders
• Abuse of Cloud Services
• Insufficient Due Dilligence
• Shared Technology Vulnerablities
Version2, Datacenter 2014 11
11. What are my risks using Cloud
Identify the asset
Evaluate the asset
Map asset to Cloud
depl. models
Evaluate Cloud
service models and
providers
Map data flow
Conclusion
Version2, Datacenter 2014 12
HowdoyougetoutofaCloudagreement?
•Cloudvendorlock-in
•Datalock-in
Based on interviews with customers as part of the VMware 2013 Journey to IT-as-a-Service Survey, 26% of respondents were in Stage I, 54% in Stage II and 21% in Stage III of this Journey.
The way we have secured assets in the data center has changed over the last 10-15 years which was labour intensive as well as physically intensive. With the opportunities for customers that Virtualization and Private Clouds bring, the same security issues remain.
Our product bets are being made to support customers are virtualizing everything they can to make it faster, more secure and easier to deliver new assets.We are building new products that deliver similar protection for the physical or virtual asset to assist them to secure the DCCS and SDN’s to help them properly realize the benefits of securing their critical data center infrastructure with the top vendors such as VMware, cisco
As we focus on delivering our new Data Center Security products we are delivering highly flexible products to meet the challenges you have in an DNS supporting your businesses dynamic changes.