At the beginning of February Trend Micro tightened its relationship with Wipro, one of the world’s top providers of IT services. I feel very strongly about this announcement because it is being driven by the needs of some of the world’s largest datacenters which are Wipro customers.
Last week, I had the chance to sit down with Prasenjit Saha, vice president and global head of enterprise security solutions at Wipro. As I mentioned in my last post, I promised to bring you industry experts to contrast and compare challenges across physical, virtual and cloud environments. As the founder of Wipro’s Enterprise Security Solutions Division, over the last 10 years Prasenjit has created the world’s third largest security service provider practices. His global customers have been defining the next-generation datacenter environment which is spanning virtualization and cloud computing, not to mention influencing the product direction of security vendors around the globe. Check out our conversation.
WAEL: In the last 10 years, can you describe the transformational impact virtualization has had on your customers’ datacenters?
PRASENJIT: The primary impact of virtualization on our customer is easily the reduced operational costs and TCO which have been brought about by less hardware utilization, efficient power consumption and ease of administration. This has been further boosted by advances in the technology that improve the scalability, availability and mobility thereby reducing the risk and impact of failure. Also, the opportunity to further expand capacity with ease and the easy recovery capabilities have allowed customers to be ready for any change in their infrastructure – be it a ramp-up or a disaster. These advantages have further strengthened the overall return of investment.
WAEL: So that is all the good news, what has been the downside?
PRASENJIT: The downside to virtualization from a security perspective has been the challenges with actually maintaining the same security posture. Poor virtualization strategies can result in poor network security between multiple VMs on the same Virtualization Server with inter-VM attacks becoming easier. Moreover, improper tenancy can lead to potential data leakage from a high security to a low security zone. Also, the ease of virtual server administration has made it imperative to have tight Virtualization procedures and controls to prevent the sprawl of obsolete and rogue VMs that lead to resource hogging and potentially vulnerable entry points to the network.
WAEL: As MSSP, you have two, somewhat divergent objectives: to keep your customers protected and keep your costs down. What is your greatest challenge in meeting both of these objectives?
PRASENJIT: One of the biggest challenges we face is definitely the cost of actually deploying solutions to customers for which we are dependant on the product vendor to provide us the options to make deployment options much more flexible hence allowing us to concentrate on innovations around security operations as opposed to working around product limitations. Customers have started moving into the virtual environment, especially with cloud-based services on the rise, and it is imperative that we be able to provide cost-effective services around these technologies as well to maintain the ROI for the customer. A lot of products have been deployed at customer sites and it is always to a challenge to not only keep up with the pace of technology but also develop in-house expertise and services at the same pace.
The biggest challenge for an MSSP would be to develop a multi-tenanted infrastructure to minimize the cost of technology deployment using shared infrastructure and services and yet provide data segregation and privacy across different customers. With virtualization technology, effective workarounds can be found where products don’t support multi-tenancy and thus provide an efficient infrastructure with reduced operational costs.
WAEL: What about cloud? Are your services evolving to a more cloud-based approach? Do you run secure clouds for your customers? What is the unique security challenge in cloud environments, even more than virtualization?
PRASENJIT: The cloud impact on our services can be classified as either Cloud Security or Security In-The-Cloud. The greatest challenges about it lie around Data Segregation and Privacy, Access Control and Cloud-based administration. Clouds take multi-tenancy to the next level and that introduces concerns with how well protected data is from unauthorized access leakage. Also, geo-political regulatory issues could arise with the physical location of the data. There are also concerns around regulatory compliance as various customers have different requirements and providers are expected to adhere to all of them. More importantly, security controls implemented in the cloud are typically shared between multiple customers that will have to be customized for each requirement.
WAEL: We are now working together to offer virtualized datacenter security solutions to meet the growing demand that your customers are driving for server consolidation. Tell me why you chose to add Trend Micro to your current services. Maybe start with what your current services are.
PRASENJIT: Wipro ESS engages with its customers to assist in defining the security needs, evaluation, and implementation and management services for robust security solutions including information security, application security, data security, user and endpoint security, network & infrastructure security etc. Datacenter security solutions encompasses a large part of our portfolio incorporating multiple components of our services
Wipro’s verticalized businesses are also actively involved in helping customers identify potentially IT services that can be consolidated and migrated to private and public cloud infrastructures. Such initiatives need to be underpinned by an effective risk management strategy for Cloud security which we are helping to address.
TrendMicro’ s products will fit in very well with our services as we can now provide high-value services targeted at unified endpoint protection especially in a virtual environment with the Deep Security VM-aware technology. We will now be able to provide consulting expertise on endpoint protection in the virtual environment and also be able to architect, implement and manage a VM-specific host security solution for customers.
WAEL: One last question. How much is compliance playing in the security spending that you are seeing?
PRASENJIT: It is widely accepted by the security community that being compliant does not mean being secure, but the requirements of compliance imply that you need to be secure to be compliant. Wipro implements security best-practices for its customers that have been developed bearing in mind multiple compliance requirements across different business verticals.
With the advent of virtualization and cloud computing, the compliance strategy is going to change a little bit because of the underlying data segregation and access control issues. Virtualization and Cloud Security will require the development of security solutions that can be mapped to multiple compliance requirements and at the same time protect customer resources. Regulations may also need to incorporate changes to accommodate virtualization and its security aspects. RSA 2010 iPod touch sweepstakes clue #2: OfficeScan 10.5 with VDI