Addressing Data Security Challenges in the Cloud Coordinate Security. The Need for Cloud Computing Security A Trend Micro White Paper | July 2010 TREND MICRO VIRTUALIZATION SECURITY 1 White Paper | Trend Micro Virtualization Security I. INTRODUCTION Enterprises increasingly recognize cloud computings compelling economic and operational benefits. Virtualizing and pooling IT resources in the cloud enables organizations to realize significant cost savings and accelerates deployment of new applications. However, those valuable business benefits cannot be unlocked without addressing new data security challenges posed by cloud computing. Deploying confidential information and critical IT resources in the cloud raises concerns about vulnerability to attack, especially because of the anonymous, multi-tenant nature of cloud computing. Applications and storage volumes often reside next to potentially hostile virtual environments, leaving information at risk to theft, unauthorized exposure or malicious manipulation. Moreover, its possible for remnant data to persist when consumers vacate cloud volumes but vendors do not recycle storage devices securely. Governmental regulation of data privacy and location presents the additional concern of significant legal and financial consequences if data confidentiality is breached, or if cloud providers inadvertently move regulated data across national borders. As a global leader in content security, Trend Micro has pioneered SecureCloud a next-generation advancement that enables enterprises and other organizations to operate safely and securely in the cloud. SecureCloud represents a patented security infrastructure specifically engineered to control the security and privacy of data deployed to any cloud computing environment. II. CLOUD COMPUTING DEFINED Cloud computing is the latest extension of an evolution in distributed computing that takes advantage of technology advances. The clouds roots date back to early mainframe processing, when users connected to a shared computing resource through terminals to solve their computing needs. The advent of faster and cheaper microprocessors, RAM and storage brought computing into the client-server model, which grouped sets of users into networks sharing computing power on decentralized commodity servers. As bandwidth became more ubiquitous, speedier, and less costly, these networks interconnected to form the Internet. IT departments typically provisioned their datacenters in house, protected inside a firewall. Eventually, enterprises took advantage of higher throughputs to reexamine the need for monolithic onsite datacenters. Accessing servers virtually through a browser window presented substantial advantages in software and hardware maintenance. Software vendors began capitalizing on the concept that a scaled datacenter could also deliver remote content to customers almost immediately at a reduced cost, giving rise to on-demand Software-as-as-Service. Todays mature virtualization platforms now enable contemporary cloud computing: a new model of rapid, on-demand, low-cost, al-a-carte computing. TREND MICRO VIRTUALIZATION SECURITY 2 White Paper | Trend Micro Virtualization Security Like its predecessors, present-day cloud computing features a multitude of users connected to remote computing resources over the Internet. Cloud computing delivers software and services over networked connections, relying on a steady flow of throughput to and from the virtualized datacenter in order to maintain high service levels. Thanks to scalable virtualization technology, cloud computing gives users access to a set of pooled computing resources that share the following attributes: Multi-tenancy Highly scalable and elastic Self-provisioned Pay-per-use price model In contrast to the significant capital expenditures it takes to purchase and provision the launch of a traditional in-house operational site, as well as the months of lead time that effort involves, cloud computing lets administrators spin up virtual servers at will. They can provision necessary storage and launch an operational site within minutes or hours and for a fraction of historical costs. III. TYPES OF CLOUDS Several different configurations of cloud computing and its deployment models exist to serve the enterprises needs. Each approach offers its own strengths, risks, and level of control it provides the cloud consumer. See figure 1 for a representation of the types and deployments models. Figure 1: Types of Clouds TREND MICRO VIRTUALIZATION SECURITY 3 White Paper | Trend Micro Virtualization Security SOFTWARE AS A SERVICE In an October 2009 publication, Peter Mell and Tim Grance of the U.S. National Institutes of Standards offending companies can be held responsible for the loss of sensitive data and may face heavy fines over data breaches. Business impacts aside,