Virtualize More While Improving Your Risk Posture: The 4 Must Haves of VirtualizaJon Security

Similar documents
Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

The Road to a Secure, Compliant Cloud

Enterprise & Cloud Security

DELIVERING TRUSTED CLOUDS How Intel and Red Hat integrated solutions for secure cloud computing

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

Virtual Machine Encryption Security & Compliance in the Cloud

Cloud Under Control. HyTrust Two-Man Rule Solution Brief

On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved

Business Context: Key for Successful Risk Management

Securing the Data Center against

Enhanced Privacy ID (EPID), 156

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

Symantec Reference Architecture for Business Critical Virtualization

Security Models for Cloud

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Increasing Security and Compliance in the Cloud

Microsoft Security Management

Comprehensive Database Security

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

10 FOCUS AREAS FOR BREACH PREVENTION

the SWIFT Customer Security

COURSE BROCHURE CISA TRAINING

The threat landscape is constantly

Transforming Data Protection with HPE: A Unified Backup and Recovery June 16, Copyright 2016 Vivit Worldwide

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Are You Flirting with Risk?

5 Mistakes Auditing Virtual Environments (You don t Want to Make)

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com

Automating the Top 20 CIS Critical Security Controls

Certified Information Security Manager (CISM) Course Overview

VMware vsphere Clusters in Security Zones

IT infrastructure layers requiring Privileged Identity Management

Datacenter Security: Protection Beyond OS LifeCycle

Next Generation Policy & Compliance

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

vsan Security Zone Deployment First Published On: Last Updated On:

Everything visible. Everything secure.

Implementing Your BYOD Mobility Strategy An IT Checklist and Guide

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC)

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

SYMANTEC DATA CENTER SECURITY

CISA Training.

Defense in Depth Security in the Enterprise

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Five Essential Capabilities for Airtight Cloud Security

2018 Cisco and/or its affiliates. All rights reserved.

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

TSC Business Continuity & Disaster Recovery Session

Building a Resilient Security Posture for Effective Breach Prevention

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

Gujarat Forensic Sciences University

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

Google Identity Services for work

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

The Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA

Strong Security Elements for IoT Manufacturing

Container Deployment and Security Best Practices

VMware Join the Virtual Revolution! Brian McNeil VMware National Partner Business Manager

Effective Strategies for Managing Cybersecurity Risks

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Managing SaaS risks for cloud customers

Security Fundamentals for your Privileged Account Security Deployment

Copyright 2016 EMC Corporation. All rights reserved.

Are You Flirting with Risk?

Les joies et les peines de la transformation numérique

Securing the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA

Choosing a Secure Cloud Service Provider

Private Clouds: Opportunity to Improve Data Security and Lower Costs. InfoTRAMS Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt t W Pracy

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

Cybersecurity with Automated Certificate and Password Management for Surveillance

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

CipherCloud CASB+ Connector for ServiceNow

Qualys Cloud Platform

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

How to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model

2013 InterWorks, Page 1

Security: The Key to Affordable Unmanned Aircraft Systems

BRING EXPERT TRAINING TO YOUR WORKPLACE.

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Defensible Security DefSec 101

CLOUD SECURITY CRASH COURSE

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

AKAMAI CLOUD SECURITY SOLUTIONS

De kracht van IBM cloud: hoe je bestaande workloads verhuist naar de cloud

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Symantec and VMWare why 1+1 makes 3

Healthcare HIPAA and Cybersecurity Update

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

Transcription:

Virtualize More While Improving Your Risk Posture: The 4 Must Haves of VirtualizaJon Security Hemma Prafullchandra, CTO & SVP Products, HyTrust Mike Foley, Sr Technical Manager, PlaPorm Security, VMware Evelyn de Souza, Sr Data Center Security Strategists, Cisco Steve Orrin, Chief Security Architect, Intel Governance, Risk & Compliance G11 CRISC CGEIT CISM CISA

Agenda Virtual Infrastructure Security & Compliance Challenges The 4 Must Haves & SoluJons Key Take- aways Resources 2

Security and Compliance challenges Shionogi & Co: $3.2B pharmaceutical company laid off IT admin who then: Logged in remotely to vsphere from local McDonald s WIFI Deleted 88 virtual production servers Took down email, order entry, payroll, BlackBerry, & other services Caused $800K damage CIO security concerns for cloud Top CIO challenges to implementing a cloud computing strategy: 1. Security 2. Access to information 3. Information Governance 4. Ability to meet enterprise standards Source: 2010 IDG Enterprise Cloudbased Computing Research, November 2010 Compliance standards Virtualization/Cloud Increases impact of any compromise Creates a more complex environment additional layers require new controls Creates a new attack surface that must be hardened Impacts roles and responsibilities Access control and management 87% of companies have experienced a data breach IT Compliance Institute <10% Companies with Controls to Govern Unauthorized Access SANS Critical Security Controls Survey, 2013 >50% Security breaches due to stolen credentials Verizon report, 2013 3

How VirtualizaJon Security is Impacted by Cloud? Gartner predicts 17.9% CAGR in cloud services usage through 2016 ShiM: Verify then Trust versus Trust then Verify 4

Where is My Workload? The USG Example Where workloads run really matters. In many cases you must: Assure that the platform has integrity capable to protect my data Make multitenancy safe keep my workloads separate from others of different profiles Allow me to constrain workloads to specific geographical areas Provide audit capabilities to meet compliance mandates NIST IR 7904 solution allows these capabilities for workload control, with critical steps including: 1 Identify Establish 2 3 Workloads Boundaries Enforce Policies VM Policy: sensitive FISMA VM requires trusted host, requires US host IT manager IT manager VM IT manager Evaluate workloads and data they contain. Use tool to label workloads security needs, create policy requirements Example: Label sensitive workloads: Establish policies to control migration or bursting based on required protections and placement/location conditions Hardware based mechanism to verify platform integrity (trust) status and store/ report other asset descriptor such as location Example: Attest to know which platforms have proven integrity, which have not. Get assurances regarding where cloud-based systems are physically located. 2013 Both Fall provide Conference boundaries Sail for to Success controlling September workloads. 30 October 2, 2013 Security management tools can assure workloads are managed and placed within policy, enable reporting and audit of controls Example: security and virtualization management platform can verify that platforms capabilities and enforce workload control policies, generating auditable log of events 5

VirtualizaJon PlaPorm and Security Abstraction and Consolidation Capital and Operational Cost Savings New infrastructure layer to be secured and subject to compliance Greater impact of attack or misconfiguration Collapse of Switches and Servers into One Device Flexibility Cost- savings Lack of visibility and control for virtual network and storage No separavon of church and state (network, security, storage administravon) Faster Deployment in Shared Environment IT responsiveness Inconsistencies in configuravon Physical change processes ineffecvve Inadequate tenant segmentavon 6

VirtualizaJon Containers and Security Fuzzy Time Boundaries Great availability / recovery mechanism Security and audit events can be lost if not configured Changes in time are not visible from inside the virtual server VM Encapsulation VM Mobility Improved Service Levels Identity divorced from physical location Policies may not follow virtual machine Ease DR Hardware Independence Outdated offline systems Unauthorized copy Reconfiguring virtual hardware and console access are over in network operations 7

The Real Risks of VirtualizaJon VM/VM or Hypervisor Breakout Compromised Admin Account 8

4 Must Haves - SoluJons Virtual Infrastructure CObIT ObjecVves Intel TXT PO2: Define the InformaJon Architecture PO4: Define the IT Processes, OrganizaJon and RelaJonships PO9: Assess and Manage IT Risks AI2: Acquire and Maintain ApplicaJon Soaware AI3: Acquire and Maintain Technology Infrastructure AI4: Enable OperaJon and Use DS5: Ensure Systems Security DS9: Manage Service Desk and Incidents 9

Ubiquitous Security Value from Intel Xeonbased Data Center Systems Trusted Platforms Minimize vulnerabilities in Hardware and Software Robust malware prevention and detection Enhanced recovery Data Protection Flexible, high-performance encryption (storage, network) Platform trust at all layers of the stack, and through time Cloud Security Enable security appliances in the virtual environment Deliver trusted mechanisms to expose platform security posture Many already have a large estate of these systems! Ubiquity & granularity to address changing scope and threats 10

Cisco: End user and Network Focus on what matters most! Dynamic Context Business Policy User and Devices DesVnaVon Source VD HR Users VPN HR User HR Database Prod CRM Storage Resources and Demands IT Ops Test Server Test- ACL 11

VMWare SoluJons 12

vsphere 5.x Hardening Guide

HyTrust Appliance CapabiliJes Virtual Infrastructure 1. Two-Factor AuthN Virtualization Management Clients 4. Logging & Real-time Alerting 2. Role-Based Access Control, Secondary Approval (2 Man Rule) Tenant A Tenant A VM Tenant B # # Tenant A Tenant B VM Tenant B 3. Infrastructure Segmentation Smart Tagging ESXi Hosts, UCS Mgr, NxOS, 5. Hypervisor Hardening / Platform Integrity/ Root PW Vaulting Tenant A Nexus 1000v Tenant B Nexus 1000v 14

Key Takeaways Understand security and compliance implicajons of virtualizing your Data Center or moving to the cloud Review and update exisjng processes and technologies An ecosystem of technologies will be required to address even the minimum MUST HAVES Look to vendors that are working together and have developed technologies that are virtualizajon- aware Verify, then Trust, then Verify Again Validate that controls are configured correctly and generajng the necessary evidence (logs, reports, ) ConJnuously validate the ability to reproduce/trouble- shoot if an incident does occur 15

Resources ISACA VirtualizaJon Checklist - hop://www.isaca.org/knowledge- Center/Research/Documents/ VirtualizaJon- Security- Checklist- 26Oct2010- Research.pdf hop://www.isaca.org/knowledge- Center/Research/ ResearchDeliverables/Pages/VirtualizaJon- Benefits- and- Challenges.aspx NIST: 800-53, 7904, 144, 145, 146 HyTrust: hop://www.hytrust.com/resources/main Cisco: www.cisco.com/en/us/netsol/ns340/ns394/ns224/ns376/index.html VMWare: hops://www.vmware.com/solujons/datacenter/cloud- security- compliance/protect- crijcal- applicajons.html Intel: hop://www.intel.com/content/www/us/en/enterprise- security/mulj- level- enterprise- security.html 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback