As we started building out the Trend Micro Smart Protection Network four or five years ago, we realized that the shift to the cloud was going to be a major platform shift for the datacenter. We wondered if other datacenter operators were encountering the same types of issues that we were encountering. So we went out to various enterprises and asked them about the security issues around private and public clouds.
The datacenter operators told us they had no security issues and were completely secure. However, the CSOs told a different story. They said they didn’t know whether there were security problems in their datacenters. After further investigation, we found that indeed there are a lot of security issues in the data center. As we dug deeper, we kept hearing about the operational issues related to the platform shift to virtualization and the cloud, but we didn’t hear much about malware concerns. Traditional server security is perimeter-based. We hear a lot about the potential for rogue VM attacks, and while we haven’t seen such an attack, it’s completely possible that they could occur.
The companies to whom we talked had a range of security solutions deployed, from traditional AV deployed on every VM (which hammered performance) to absolutely no security deployed on thousands of VMs. There are two problems facing the datacenter today with regard to security:
- Problem #1: The existing network-based security model can’t keep up with the pace at which virtualized servers are being brought online and clearly won’t work for companies wanting to use a public cloud.
- Problem #2: Data protection is the most strategic concern, but how do you protect data that is mobile and distributed?
The second problem is extremely relevant to the public cloud. Even if a vendor can guarantee that only the vendor will touch a customer’s data, the customer doesn’t know who at the vendor will be touching that data. There’s no guarantee that customer data is safe from compromise or copying.
What’s required for cloud security is a shift in thinking. Instead of preventing the data from moving – which is completely unrealistic in today’s dynamic world– we have to have protection surround and move with the data. At Trend we see two solutions:
- A host security model where the host protects itself. (Trend Micro Deep Security)
- An encryption model enabling enterprises to maintain better control of their data in private and public clouds. It won’t matter whether the environment where the data sits is untrusted because the data will be secured. If a customer wants to move the data to another cloud vendor, they can do it while having the security surround their data and not rely on an individual cloud provider. This encryption model can help further the move to the public cloud. (New Trend solution coming soon)