In the emerging world of virtualized and cloud environments, borders are disappearing. And to protect your IT home front, guarding the perimeter isn’t enough anymore.
That was a major theme at an event held in Toronto Tuesday marking Trend Micro Inc.’s third annual Canadian Cloud Security Awareness Week. Speakers from Trend Micro, VMware Inc. and the Cloud Security Alliance discussed a new security paradigm created by virtualized and cloud environments, one that reverses the old notion of “edge security.”
Steve Quane, chief product officer and president of Trend Micro in North America, said his company has undergone a major transformation in recent years, developing a new “inside-out” strategy for securing cloud and virtual infrastructures. ‘
Perimeter defence, which he described as “virtually unaware”—i.e., developed before the advent of virtual environments— is not suited to a new class of computing that combines virtual machines, clouds, and mobile devices, he said.
Borders must now be drawn around each virtual machine and each application stack, said Quane. Trend Micro is focusing on creating products to manage and administer security across virtual and cloud environments at the hypervisor level. Trend Micro’s new security model centres on isolating the application stack, including the operating system, to identify vulnerabilities and protect data.
“We’ve really focused on the data and the application and the workloads first,” said Quane. “We’ve started building security profiles, security protection, around each piece of data and around each workload.
“Why is this important? Well, in the age of mobility, and the age of cloud computing, that data and those workloads are going to be moved, they’re going to be not as visible as you want them to be, and they’re going to be very unmanageable.”
Virtual and cloud environments are more fluid than traditional networks, and today, attacks can be “much more targeted,” he said, using the example of a hacker sifting through data on social media sites to build a profile of a senior executive, then using the information to breach an organization’s security via a spoofed e-mail to employees.
“Edge security is really not the most effective weapon to figure that out,” he said.
By creating security policies at the hypervisor level, not only is each machine better protected, but less compute resources are required for security updates and patches, which can now be done from the top down, Quane added.
He cited the example of Queens University in Kingston, Ont., which wanted a private cloud security regime to address BYOD issues in particular. The university deployed Trend Micro security across its VMware virtual desktop infrastructure, he said, with security profiles “following” each virtual machine.
“If the data itself can’t defend itself no matter where it goes, your security model is going to be insufficient,” he said.
Quane also spoke about Trend Micro’s SecureCloud, security software for VMware vSphere that can be used to encrypt data in multi-tenant clouds. Some organizations use SecureCloud not only to protect data in public clouds, but also to compartmentalize data within their own internal private clouds, he said.
David Tooners, director of systems engineers at VMware [NYSE: VMW], talked about how virtualized environments can provide companies with a stepping stone into cloud environments. He said CIOs should begin to see the various cloud models—private clouds, SaaS applications and public cloud platforms— as one unit. “All of these three components add up to what you should be thinking of as ‘your cloud,’” he said.
Meanwhile, IT needs to understand how to integrate the three services together, he said. “Not only control it, but also to secure it, and understand who, when and how people are accessing those workloads and data.”
Brian Bloom is a staff writer at ComputerWorld Canada. You can find him on Google+. He covers enterprise hardware and software, information architecture and security topics.