• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Virtualization   »   Cloud Security Insights from Gartner Data Center Conference

Cloud Security Insights from Gartner Data Center Conference

  • Posted on:December 22, 2009
  • Posted in:Virtualization
  • Posted by:
    Dave Asprey
0

I attended the Gartner Data Center Conference in Las Vegas in December to gain some insights about how enterprise IT professionals are viewing virtualization and cloud computing.   While I dislike Las Vegas in general, I was able to visit the Pinball Hall of Fame (a must-see if you’re a pinball aficionado).  From a security perspective, I had a couple of “aha” moments listening to the Gartner analysts and attendees about how they are approaching cloud computing.

Virtualization is Running Rampant: The VMware session overflowed the room, and most sessions dealing with virtualization and storage fabrics were packed with attendees.  The session on virtualization security highlighted that there is some disconnect between the IT folks dealing with applications & storage and those dealing with security.  The virtualization train is running full steam ahead, but the security teams are running to catch up and come to grips with the security implications of virtualization.  The old perimeter security model is being stressed as applications VMotion around the VMware environment (watch out for that sensitive app accidentally landing in the DMZ).  The security implication: you better architect your virtual data center carefully and think about VLAN’s with Distributed Virtual Switches.

Private Cloud Computing is the Enterprise Short-term Response: CIOs are getting asked by CEO’s to “get some of this cloud stuff to lower costs”, and the CIOs are responding with, “Yes, we’re doing that today, and it is called a private cloud”.  Much of the focus of the Gartner event from vendors and Gartner analysts was around private cloud computing.  Everyone seemed to have their own definition of what constituted a private cloud with marketers and enterprise IT exploiting the sexy concept de jour that is cloud computing.  Some cloud purists might be uncomfortable with this, but enterprise IT and vendors are jumping on the cloud bandwagon with the “private cloud” concept.  Much of what I saw at the Gartner Data Center Conference was an aggressively virtualizing data center, but you can get more organizational mileage by saying “I got myself a private cloud.”

Public Cloud for Storage: One cool application of SaaS/PaaS/IaaS was provided by Matthew Merchant (CTO) from General Electric in his session “Cloud Storage @ GE”.  GE created an inhouse application take care of backup that used the public cloud storage vendors such as Amazon AWS.  They were able to slice 40% to 60% out of the cost of backup using the public cloud – very cool stuff.  The security implication: encrypt the data to meet your compliance obligations.

Public Cloud for Resiliency & Disaster Recovery:  John Morency from Garter had a very cool session titled “Building Resiliency via Colocation and the Cloud” that touched on the use of the public cloud as a “warm spare” or “cold spare”  failover site for Disaster Recovery (known affectionately to the cognoscenti as “DR”).  One excerpt from Mr. Morency’s pitch that I found enlightening was “By 2014, 15% of large enterprises will use a combination of private infrastructure and public cloud services in order to improve recovery and continuity readiness.”  DR is a sweet application of public cloud computing to lower costs and increase flexibility.  The security implication: enterprises need to consider securing the cloud instances with solutions like Trend Micro Deep Security 7.0 for servers (a shameless promotion for a sweet product).

Cloud for Test & Development: Something I heard from Gartner analysts in the past is that the public cloud is a great place for test and dev for applications, but those test and dev environments are using real data that needs to be secured.  When I speak to Trend Micro’s IT security customers about the cloud, they frequently say “We’re not using it.”  But when you ask if some app developers might be going directly to Amazon EC2, the security folks grudgingly nod their heads.  The security implication: test and dev environments in the public cloud may need securing when real data is being used.

IT Security in the Cloud World: One comment from Cameron Haight and Milind Govekar’s pitch titled “Cloud Computing Management — Making Sure Mountains Aren’t Hiding in the Mist” resonated with me from a security perspective.  “Cloud computing is not the death knell for IT; in fact, it’s an opportunity to reinvigorate IT’s service delivery role, provided appropriate updates are made with respect to processes, tools and organizational structure.” This is especially relevant in world of IT security;  no one else will look out for the corporate crown jewels.

Related posts:

  1. Newly Released Gartner 2011 Hype Cycle for Cloud Computing – Does Cloud Security Belong?
  2. SecureCloud Is beta! Encryption, Data Security & Governance in the Cloud.
  3. Security FOR the Cloud
  4. What Are the True Dangers of the Cloud?

Security Intelligence Blog

  • Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
  • Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
  • Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Answering IoT Security Questions for CISOs
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • How To Be An Informed Skeptic About Security Predictions
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Trend Micro Selected as Launch Partner for AWS Ingress Routing Service and Stalkerware on the Rise
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • The Shared Responsibility Model
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • What Worries CISOs Most In 2019

Follow Us

Trend Micro In The News

  • Trend Micro Takes On Palo Alto Networks With Cloud Conformity Buy
  • Trend Micro Partners with Snyk to Fix Vulnerabilities for DevOps
  • Trend Micro Partners With Snyk To Advance DevSecOps
  • Hackers to stress-test Facebook Portal at hacking contest
  • NEW TECH: Trend Micro inserts 'X' factor into 'EDR' - endpoint detection response
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.