Proactively Secure Your Cloud Computing Platform Dr. Krutartha Patel Security Engineer 2010 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals
Agenda 1 Cloud Security - IMPERATIVE 2 Positives and Challenges 3 Physical and Virtual Gateways 4 Leveraging Investment 2010 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals 2
Strong Drivers for Move to the Cloud Compute Power Reduced Costs Business Continuity Scalable, elastic infrastructure Pay only for what you use Resilience and disaster recovery 3
Cloud Delivery Models Model Vendors Target IaaS Infrastructureas-a-Service PaaS Platform-as-a- Service SaaS Software-asa-Service Rent Hardware Software Networks Rent Hardware and Software Rent Applications Such as Email IT Developers End Users 4
IT Infrastructure Deployment Models Physical Virtual Private Cloud (On-Premise) Public Cloud (Off-Premise) Appl OS HW Appl OS HW Appl OS HW A p pl A p pl OS OS VMWARE. A p pl OS HARDWARE Traditional enterprise Virtualization, better utilization Owned and operated by organization Resources on demand and pay-per-use 5
Agenda 1 Cloud Security - IMPERATIVE 2 Positives and Challenges 3 Physical and Virtual Gateways 4 Leveraging Investment 6
Cloud Security Positives Scalable Security Expert Security Global Intelligence Multi-Layer Security Cost Effectiveness 2011 Check Point Software Technologies Ltd. [Restricted] ONLY for for designated groups and individuals 7
Cloud Security Challenges Network Attacks Multi Tenancy Access Control Data Security Compliancy and Regulations 2011 Check Point Software Technologies Ltd. [Restricted] ONLY for for designated groups and individuals 8
Agenda 1 Cloud Security - IMPERATIVE 2 Positives and Challenges 3 Physical and Virtual Gateways 4 Leveraging Investment 10
Case Study - Amazon Web Services Virtual Gateways for Amazon Public Cloud Public Cloud Secure Your Infrastructure in AWS Public Cloud 2011 Check Point Software Technologies Ltd. [Restricted] ONLY for for designated groups and individuals 11
Amazon VPC Topology Internet 5 5 Direct connectivity to Internet or over VPN 3 4 4 Amazon VPC Amazon VPC internet gateway 3 Amazon VPC router 2 2 Check Point Virtual Appliance for VPC 1 1 1 AWS EC2 instances in private subnets 12
Central Management and Enforcement 13
Virtualization Security Challenges Security Challenges in Virtual Environments Protection from external threats Inspect traffic between Virtual Machines (VMs) Secure new Virtual Machines automatically 14
Virtualization Security Challenges Security Challenges in Virtual Environments VM VM VM Hypervisor 15
Virtualization Security Challenges Security Challenges in Virtual Environments (Data Center/Cloud) Ensure Security in dynamic environments Maintain zero-downtime during Virtual Machines live migration 16
Secure the Virtual Infrastructure Inter-VM Traffic Inspection Protects Virtual Machines Seamless security within the Hypervisor VE VM VM IMPORTANT to Integrate using VM Vendor APIs Hypervisor Hypervisor Connector Central Management, Granular Policy design 17
Public or Private Clouds Multiple Virtual Systems in ONE Physical.. Partner Sales VS Policy 2 Internet Policy 1 Datacenter Web email Finance HR Legal VS Policy 3 VS Policy 4 VPN Customer Marketing Engineering Policy 1 VS Policy 5 VS Policy 6 Virtualized Gateways Simplify Cloud Security 18
Public or Private Clouds Multiple Virtual Systems in ONE Physical.. Customer A Customer B Customer C Internet Customer D Multi-Domain Management Orchestration Virtualized Gateways Simplify Cloud Security 19
Cloud Security Challenges Network Attacks Firewall, IPS Multi Tenancy Gateways in Virtual Infrastructure Access Control Firewall, VPN Data Security Data Loss Prevention Compliancy Security Management 20
Agenda 1 Cloud Security - IMPERATIVE 2 Positives and Challenges 3 Physical and Virtual Gateways 4 Leveraging Investment 21
Leveraging Investment One-click Activation of functionality From the central management console Application Control Identify and control usage of thousands of applications based on user and machine identity. 22
Thank You 2011 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals