Closing the cloud and virtualization gap

Transcription

1 Closing the cloud and virtualization gap Use cases for workload security White Paper

2 Table of Contents 3 Introduction Encouraging cross-functional collaboration Prepare for the worst 4 Operational risk prevention through stronger controls Use case 1 - Capturing compliance controls to improve monitoring and prevent costly mistakes Use case 2 - Preventing costly system outages caused by configuration mistakes Use case 3 - Providing better visibility into the root cause of unexpected downtime 6 Safeguard data, enforce security policies Use case 1 - Encrypt virtual systems and safeguard data without taking applications offline Use case 2 - Enforce geographic or organizational boundaries for data security Use case 3 - Establish clear lines of control in virtual environments 8 Supporting compliance requirements with greater control and visibility Use case 1 - Tag workloads subject to regulatory compliance and assign policies Use case 2 - Create and enforce access control and management policies for VMs with compliance sensitive workloads Use case 3 - Encrypting VMs and demonstrating compliance 10 Conclusion 2

3 Closing the virtualization gap Use cases for bringing the cloud under control Introduction The drivers behind enterprise virtualization and cloud implementation projects almost always include cost savings, greater flexibility, and increased operational efficiency. From cloud migrations to software-defined data centers (SDDCs), IT infrastructure professionals and their peers have high expectations for virtualization to pay off. But many companies struggle with the realities of moving to a virtualized infrastructure. They may experience challenges such as introducing security gaps, adding complexity to their audit response processes, or increasing the chance that operational errors will create far-reaching negative effects. The challenges that accompany virtualization initiatives can bring even the best-planned projects to a hard stop. What s so different about virtualization? Gartner sums it up: Virtualization detaches workloads and data from the functional side of service provision and/or physical infrastructure. 1 In short, detaching workloads from their physical hosts and managing them through a virtualization layer often causes operational disruptions while simultaneously introducing security and compliance risk. Infrastructure, operations, security and IT risk and compliance teams have years of experience planning, building, and managing IT environments with workloads and networks running on physical systems. The practice of implementing and managing virtual environments is comparatively new. But the rapid growth of virtualization capabilities in the past few years means these teams have had little time to live through and work together to address the pitfalls commonly associated with virtualization. Encouraging cross-functional collaboration When these cross-functional teams plan together to address potential risks, there s a much greater probability that they can be avoided. Each team plays a role in implementing controls within the virtualized environment: The infrastructure team must plan the infrastructure on which the company runs, aiming at all times to optimize for speed and agility. Integrating anticipated needs makes the job easier for ongoing operations. 1 virtualization-key-initiative-overview 3

4 Operations handles ongoing maintenance of the infrastructure as well as supporting IT compliance and audit requirements. They are the front line for identifying and addressing the source of such issues. The security team, meanwhile, should know if there are security implications in virtualization services that can make it difficult to implement proper controls. The IT risk and compliance team must monitor whether compliance policies are consistently applied throughout the organization on both physical and virtual systems. When these teams don t collaborate on major virtualization efforts, they may actually increase security risks and the potential for outages, jeopardizing the chances of a successful project and compounding the risk of failing compliance audits. Prepare for the worst We all know even the best laid plans can go awry. When things come to a screeching halt, until a fix can be applied, teams need expertise in quickly implementing changes that don t just put a band-aid on things, but actually help put new processes in place that will stand the test of time. HyTrust is uniquely positioned to help cross-functional teams with their virtualization initiatives either by helping organizations think through the implications of the strategic move or helping reverse-engineer a break-down in the virtual infrastructure and work with the team to fix it. HyTrust provides the essential foundation for virtualization control, visibility, management, data security, and compliance. Deploy HyTrust as a transparent proxy between administrative management clients and hypervisor control systems such as VMware vsphere to strengthen security, authentication, policy control, and more. Encrypt stored data in any IaaS environment or private cloud so you not the cloud service provider maintain control over encryption keys. Meet data sovereignty and security requirements and define where virtual machines (VMs) are and are not allowed to run. HyTrust can help your organization get and keep your virtualization projects on track and close the loopholes inherent in moving to the cloud. With HyTrust, you can take all of the controls you have in place for your physical infrastructure and apply them to your virtual infrastructure. In the pages that follow, we ll explore some use cases informed by real-life examples of how teams have worked in partnership with HyTrust to achieve the business and technology benefits of virtualization while avoiding the pitfalls. Operational risk prevention through stronger controls Operations teams need to implement strong controls in the virtualized environment to reduce the risk of operational errors that can cause costly outages in production systems, missed SLAs, and spikes in service requests. To do this, the operations team needs the right tools to do the job of controlling and monitoring the virtual environment so they can support the systems designed by the infrastructure team. 4

5 Ask yourself: How can I maximize my investment in virtualization by helping operations enforce compliance controls? Can I minimize the risk that actions taken on critical virtual systems will cause disruptive and costly outages? Can I empower the ops team to help maintain the integrity of the virtual infrastructure and protect against human error? Does operations have enough visibility into what s happening in the virtual environment to quickly pinpoint the root cause of errors? Do you have a solution that integrates with your log management system to ease the process? Infrastructure and operations teams can use HyTrust to implement controls in the virtualization layer. This allows them to maintain the availability of the infrastructure as designed and prevent disruptive human errors that cause outages and performance issues that may harm the business. Both IT infrastructure and operations teams play critical roles in designing and implementing virtualization initiatives. Implementing HyTrust can help you and your team get out in front of the things that may go off track by: 1. Capturing compliance controls to improve monitoring and prevent costly mistakes 2. Preventing costly system outages caused by configuration mistakes 3. Providing better visibility into the root cause of unexpected downtime Use case 1 - Capturing compliance controls to improve monitoring and prevent costly mistakes Tagging compliance sensitive workloads in a virtualized environment helps not only to enforce compliance policies, but gives Operations the visibility it needs to monitor when administrative actions run foul of those policies. With HyTrust CloudControl, you can: Design tag-based access controls (TBACs) for different IT administrative teams based on admin role, activity function, and target asset. Create tags for each administrative team for example, server, network, VM and apply them to VMs, hosts, and networks. Create access control policies to permit each team administrative access rights to the tagged virtual elements for which they are responsible. HyTrust worked with a large credit management company that sought to achieve cost savings of over $65 million over two years by using virtualization solutions to simplify the delivery of technology services and make service delivery faster, less expensive, and more reliable. With HyTrust, they used the policy engine of CloudControl to create tag-based policies that helped operations monitor PCI compliance and avoid data from different banks running in the same environment. Use case 2 - Preventing costly system outages caused by configuration mistakes The pressure to produce results quickly in today s IT environment can lead to unintended yet significant errors. Outages caused by mistakes by virtual administrators working on production systems can cost organizations dearly. With HyTrust, companies can implement ironclad policies requiring secondary approval for select operations. For example, if a vadmin with proper permissions attempts to perform a restricted VMware vsphere operation, HyTrust CloudControl initiates a workflow to send an to the approval group. Once the transaction is approved, HyTrust then notifies the vadmin of the approval and executes the action in vsphere. HyTrust partnered with a large credit card transaction processing company that had experienced costly outages involving a large number of VMs due to administrative configuration and scripting errors. After deploying CloudControl, they can now block these actions because CloudControl can enforce a secondary level of approval 5

6 before an action can take place. No one can prevent a vadmin from writing a flawed script. But HyTrust can provide the necessary controls to prevent a flawed script from causing damage. This preventive measure promises to save the company millions of dollars in lost transaction fees due to outages. Use case 3 - Providing better visibility into the root cause of unexpected downtime It is human to make mistakes. And while unintentional, simple mistakes that cost businesses lots of money and/or damage their reputation are nothing to shrug off. When things go wrong, it falls to the operations team to resolve the issue and figure out what happened. Having all the details helps pinpoint the root cause to better prepare them to avoid similar scenarios in future. It may be a matter of logging denial events in a log management system to monitor sensitive or critical virtual environments. HyTrust CloudControl provides additional granularity regarding the actions of vadmins, more than what s available through vsphere to help you understand what actions were taken and when. HyTrust provides native integration with many log management solutions including HP ArcSight, Splunk, RSA EnVision, and McAfee epolicy Orchestrator. HyTrust worked with a large communications company that implemented a major virtual infrastructure supporting millions of subscribers to lower costs and gain operational efficiencies. When a vadmin inadvertently shut down VMs using a flawed script, it caused an outage during a broadcast. Determining who did what and when proved challenging. Using HyTrust CloudControl they ve implemented secondary approvals to reduce the potential for disruptive actions and can use the log data to get to the root cause of errors, faster. Safeguard data, enforce security policies The growth in virtualized systems has stressed the threat detection and incident response capabilities of IT teams primarily in response to advanced persistent threats (APTs) and data breaches both at the perimeter and in the data center. It s critical that the security team has the ability to maintain clear lines of control across systems so they can more effectively enforce security policies and maintain control over systems and data. The security team can use HyTrust to implement controls within the data center in the server and network virtualization layer to mitigate risks with improved defenses against APTs, consistent enforcement of company policies and standards, and clear lines of control across functions. Your organization can use HyTrust to help ensure that sensitive and mission-critical systems operate with in company designated boundaries. Data from HyTrust solutions can be used in threat detection and incident response systems, improve breach detection capabilities, and accelerate forensics analysis. HyTrust offers secondary authentication capabilities (the two man rule ) to reduce the risk that an APT can leverage a single set of compromised credentials to traverse the network and access sensitive data. The following use cases highlight how HyTrust can be used to: 1. Encrypt virtual systems and safeguard data with out taking applications offline. 6

7 Ask yourself: Have I achieved the cost savings I expected from virtualizing Active Directory Domain Controllers? Can I ensure the security of critical user-credential data on virtualized Microsoft Active Directory domain controllers? Can I prevent VMs from running in unauthorized locations or countries? Can I meet data sovereignty requirements and prevent VMs from running in unauthorized locations or countries? What is the cost of updating my technology stack to respond to changing laws and policies? Can I support the ability of the security team to maintain clear lines of administrative control between functional silos of IT teams when working in a virtualized environment? 2. Enforce geographic or organizational boundaries for data security. 3. Establish clear lines of control for security and networking teams in virtual environments. Use case 1 - Encrypt virtual systems and safeguard data with out taking applications offline Just as you physically restrict access to areas in a data center, you might face a similar requirement in a virtual environment for example, the requirement to encrypt each drive on a Microsoft Active Directory domain controller. Using the HyTrust Bootloader for Windows, administrators can encrypt the boot partition and store the keys on the HyTrust Key Control server, providing stronger security for both the data and the encryption keys. Using the Policy Agent, administrators can encrypt new or existing drives. You can do all this including rekeying the encryption without taking applications offline. A major U.S. retailer encountered a roadblock in the middle of a large virtualization project when the security team instituted a requirement that virtualized Microsoft Active Directory domain controllers use disk-based encryption. Microsoft Active Directory domain controllers boot in a specific sequence, which can create complications for encryption programs. Faced with the possibility of having to run the domain controllers on dedicated hardware and reduce the expected cost savings and server density goals for the project, the company partnered with HyTrust to implement DataControl. HyTrust Data Control ensured the sensitive account data residing within the virtualized server was encrypted and decrypted in the right sequence to enable the domain controller to boot properly, thus bringing the project back on track. Use case 2 - Enforce geographic or organizational boundaries for data security Large, global organizations, are often subject to data privacy laws and Safe Harbor policies that require them to protect and in some cases guarantee data sovereignty. Laws and policies are ever changing. This is especially true regarding changes to long established Safe Harbor policies for securing data originating in the EU. Organizations must ensure their technology stack has the flexibility to quickly and easily adapt to changing data sovereignty laws and policies. HyTrust provides organizations with the flexibility they need to respond to changing data sovereignty requirements allowing them to tightly define where VMs are allowed to run including in specific geographies. VMs are highly portable, they can easily be copied and moved to run in unauthorized environments. VMs must be safeguarded from unauthorized transport, access, and use. Using HyTrust CloudControl and DataControl, you can: Create a BoundaryControl rule and enable a VM set within the key control server to enforce the BoundaryControl rule. Add tag-based policy constraints, so the key control server only delivers keys to the VM that is part of the specified boundary. Using Trusted Platform Module (TPM) functionality, establish a trusted host and embed the policy tag within the TPM. A large global financial institution with more than 40,000 VMs partnered with HyTrust to reduce the risk that a stolen VM file could be loaded in a country other than the United States. Using BoundaryControl, HyTrust ensures a VM file only loads on certified hardware that is located with in the designated boundary. 7

8 Use case 3 - Establish clear lines of control in virtual environments Virtualization amplifies the need to ensure clear lines of control between security and networking teams in a software-defined data center because role-based access might not be baked in. If you are using VMware NSX, you can use HyTrust CloudControl to: Authorize create, update, delete (CUD) operations on key NSX resources such as logical switches and routers, load balancers, and VPN services. Create role-based access control policies and ensure operational and monitoring duties are separate so only authorized personnel can configure security controls and policies. Harden data security controls and deter the spread of APTs by using secondary authentication (the two man rule ) on sensitive server or network workloads. HyTrust partnered with a large media company to implement and maintain clear lines of control between security and networking teams. Using the Access Control for NSX capability in CloudControl, once security pushes rules to the network operations center, operations can t make changes, which keeps these rules from being accidentally or purposefully altered. Supporting compliance requirements with greater control and visibility Organizations that are subject to such regulatory compliance guidelines, as well as best practices established by third-party regulatory agencies, already have deep and detailed policies and processes for staying compliant. Virtualizing your infrastructure introduces compliance risk because it tends to widely enable running multitenant workloads without proper data segmentation and can degrade the ability to monitor what compliance measures are being taken. Failing compliance audits can be costly in the form of penalties from regulatory agencies. With HyTrust, companies gain tools that support compliance frameworks such as NIST, CSA, and ISO to help manage compliance risk, and provide dashboard insights. Organizations can use HyTrust to standardize the ways compliance monitoring, enforcement, error tracking and audit response operate in the virtualized environment with policy based controls over compliance-tagged workloads. Thus armed, they can proactively plan for and address compliance requirements for existing and new virtualization projects. HyTrust helps companies with their regulatory compliance requirements by allowing three key actions: 1. Tagging and assigning policies to workloads subject to regulatory control (such as PCI-DSS, HIPAA, FedRAMP, and the Criminal Justice Interface System (CJIS)) 2. Creating and enforcing access control and management policies for compliance sensitive workloads. 3. Encrypting VMs and demonstrating compliance. Use case 1 - Tag workloads subject to regulatory compliance and assign policies It s imperative in today s complex compliance environment that organizations enforce compliance controls on virtualized workloads and proactively plan for compliance audits. With HyTrust, virtual administrators can ensure compliance with numerous regulations and best practices guidelines. HyTrust CloudControl helps you: 8

9 Ask yourself: Can I put controls in place on virtualized workloads to ensure regulatory compliance and quickly produce a report prior to an audit? Are compliance issues impacting my ability to achieve the expected virtualization cost savings? Can I quickly produce audit quality reports to demonstrate how my virtual infrastructure is enforcing compliance controls? Can I encrypt data that is subject to regulatory compliance when it is at rest on VMs and even rekey the encryption without taking applications offline? Create regulation specific tags and apply them to VMs, hosts, and networks containing workloads subject to regulatory compliance. Create access control policies for administrators authorized to work with compliance tagged VMs, hosts, and networks. Export log information for use by audit teams to demonstrate compliance. An investment firm failed an unexpected SEC audit because some elements of their virtual infrastructure were out of compliance with NIST Special Publication , thus risking fines and penalties if they didn t resolve the issues. The CTO put a stop to future virtualization plans and partnered with HyTrust to bring the company into compliance. Using HyTrust CloudControl the company was able to properly segment data, establish access controls to ensure the proper handling of compliance sensitive workloads, and demonstrate compliance to the auditors. Use case 2 - Create and enforce access control and management policies for VMs with compliance sensitive workloads Depending on the regulatory agencies and requirements governing your company or industry, you may need to use tag-based access controls (TBACs) to map to requirements and demonstrate compliance. HyTrust CloudControl helps virtual administrators ease the headaches associated with managing compliance sensitive data. HyTrust provides a hardening template for many regulations that require securing the hypervisor host and VM containers. Once the objects are tagged, administrators can create access control polices for each tag to ensure that only authorized administrators manage VMs and networks with compliance sensitive workloads The CIO at a major university hospital worked with HyTrust after encountering issues implementing compliance controls during the early stages of a virtualization project. With HyTrust CloudControl, the hospital was able put the necessary policy controls in place to satisfy HIPAA requirements. Going forward, the CIO mandated that HyTrust CloudControl be installed with every VCE Vblock rack. The hospital also uses CloudControl to implement secondary approval for actions for HIPAA-tagged workloads, provide audit quality logging to show who did, or did not, do what and when on vsphere, and facilitate audits. Use case 3 - Encrypting VMs and demonstrating compliance Beyond tagging data and creating policies to ensure proper administration, some regulations such as CJIS require organizations to encrypt data when it is at rest even if it s inside a virtual machine. With HyTrust, organizations can encrypt virtual servers and meet the CJIS requirement to encrypt the data at rest when it stored electronically by a third party. Administrators can use the HyTrust DataControl policy engine module that resides within the guest OS to ensure data is encrypted and secure regardless where the VM is loaded. HyTrust partnered with a Southern California airport authority as part of a virtualization project to ensure virtual systems were encrypted and complied with CJIS requirements. The airport authority relies on CJIS to screen air travel passengers. 9

10 The organization was able to map the CJIS requirements to capabilities of DataControl, implement the solution and demonstrate compliance with CJIS data encryption requirements. Conclusion Virtualization can yield great benefits for large organizations, but the only way to truly reap the rewards is to also attend to the accompanying challenges that operations, infrastructure, and IT risk, and compliance teams must work together to overcome. HyTrust can help your organization gain control over virtualized systems so you can secure and manage data and ensure that virtualized servers and networks are in compliance. For more information Contact HyTrust at or visit HyTrust 1975 W. El Camino Real, Suite 203 Mountain View, CA 94040, USA Phone: International: HyTrust, Inc. All rights reserved. HyTrust, and the HyTrust logo are trademarks and/or registered trademarks of HyTrust, Inc., and/or its subsidiaries in the United States and/or other countries. All other trademarks are properties of their respective owners. 10