Trend Micro is a proud National Sponsor of the upcoming FIFA Women’s World Cup 2015 soccer tournament in Canada this summer. “Good for you. But what’s soccer got to do with cyber security?” you might ask. Well, how do you win a soccer match? Yes, by scoring the most goals, but on the flip side, you also need a good defense. That’s why over the coming weeks, we’ll be blogging on ways that you can “Protect Your Net” – your data, apps, and cloud deployments – against threats and vulnerabilities that are trying to score on your organization.
In this series of posts called “Protect Your Net,” we’ll be exploring the opportunities and challenges of the software defined data center and the cloud – and how we can help your organization mount an effective defense against the opposition. I like to think of it like this: regardless of how big your organization is, when it comes to cyber security, just like in soccer, success can only be built on a strong defense. And nowhere is this more true than in cloud and virtualized environments.
It’s getting cloudy out there…
Organizations across the globe are embracing virtual and cloud technologies as a part of their modern IT strategy, with many customers that I talk to saying they have over 60 percent of their data centers virtualized and are using the cloud for specific projects. This paradigm shift in the delivery of IT services can offer the kind of cost savings, IT efficiency and flexibility, and improved business agility that IT managers could only dream of in the past when on-premise was the only approach. Exactly how popular are cloud computing and virtualization? Well, IDC predicts spending on public cloud services, including market-leaders like Amazon Web Services and Microsoft Azure, will reach a staggering $127 billion by 2018. This represents a five-year CAGR of 22.8 percent – six times the rate of growth for the IT market as a whole.
The same analyst firm reported that cloud IT infrastructure, including infrastructure to support deployment of technology from market-leader VMware, accounted for a third of combined worldwide server, disk storage, and Ethernet switch infrastructure spending in Q3 2014. What’s more, data center transformation and consolidation efforts, including virtualization-related projects, featured highly on SearchCIO’s list of top North American IT projects of 2015.
Things are different now
Just as cloud computing and virtualization have transformed modern IT, they have also introduced greater complexity and potential risk for the IT department to manage. Traditional security approaches make it very difficult to consistently secure servers across physical, virtual, and cloud deployments, typically requiring IT security to manually manage across multiple security offerings. As well, security in the cloud is a shared responsibility, meaning that the cloud service provider owns security up to and including the hypervisor layer, and customers own everything they put on the cloud (applications, servers, data). In this new reality, unless an organization has their game plan ready with a solid defense strategy, security gaps can happen, and cyber criminals are only too ready to exploit them.
Some examples of security challenges in the software defined data center and cloud include:
- Inter-VM attacks – which traditional security solutions can’t spot because they are at the perimeter
- Instant-on gaps – which arise when dormant virtual servers are provisioned but haven’t had their security updated accordingly. This becomes an even bigger problem when vulnerabilities like Shellshock (link) and Heartbleed (link) are discovered.
- Unencrypted information – in the cloud your data is not automatically protected, even if there are built-in capabilities to help. The servers the data is on as well as the data itself need to be secured.
- Resource contention – with virtualized deployments, applying traditional security can result in extreme load on systems and so-called “AV storms” which can damage security and severely affect performance
- The perimeter is gone – in most cloud environments the provider is in control up to the hypervisor layer, Perimeter security approaches are challenging in the cloud… with the elastic nature of the environment, having a single choke point just doesn’t make sense.
While there are solutions to addressing these challenges—such as Trend Micro Deep Security—unless your organization has a plan, there can be additional risk added to the game. You don’t have to look very hard to hear about the latest high profile breach, and we all know that high remediation and clean-up costs, along with damaged reputation and brand, customer churn, legal costs and negative impacts to the share price are all very real potential impacts.
So, for the software defined data center and cloud, you need a game plan to Protect your Net. To help with this, we’ll be sharing insights and best practices with you as you formulate your winning IT strategy. In our next post, we’ll provide security best practices for the biggest cloud service provider, Amazon Web Service (AWS). Stay tuned!