managing the risks of virtualization

Similar documents
content-aware identity & access management in a virtual environment

securing virtualized environments and accelerating cloud computing

Server Virtualization: The Essentials

Virtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE

Virtualization System Security

Virtualization and the U2 Databases

2010 State of Virtualization Security Survey

Protect Root Abuse privilege on Hypervisor (Cloud Security)

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE

CA Virtual Assurance for Infrastructure Managers

PCI Compliance in a Virtualized World

STREAM FRBC

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc.

Virtualization: an old concept in a new approach

How to Meet Your Virtualization Goals and Challenges

Chapter 16: Virtual Machines. Operating System Concepts 9 th Edition

Mitigating Information Security Risks of Virtualization Technologies

Virtualization. Michael Tsai 2015/06/08

Making Data Security The Foundation Of Your Virtualization Infrastructure

Virtualization. Types of Interfaces

Access Control In Virtual Environments

What is virtualization

Virtualization Technologies. Embrace the new world of healthcare

Strategies for Bare Machine Recovery

BMC Control-M for Cloud. BMC Control-M Workload Automation

CA Virtual Assurance/ Systems Performance for IM r12 DACHSUG 2011

Lecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

IOS110. Virtualization 5/27/2014 1

Virtual Machines.

Virtualization Case Study

Securing Privilege Delegation in Public and Private Cloud Computing Infrastructure

Before we can talk about virtualization security, we need to delineate the differences between the

Virtual Hosting & Virtual Machines

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;

Virtualization: Concepts, Applications, and Performance Modeling

Distributed and Cloud Computing

How to Achieve Operational Assurance in Your Private Cloud

Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

International Journal of Advancements in Research & Technology, Volume 1, Issue6, November ISSN

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

VM Backup methodologies Oren Wolf, TSM Product Manager 11 Mar 2011

VMware Virtual Infrastucture From the Virtualized to the Automated Data Center

Basics of Virtualisation

Going Beyond Plain Virtualization Monitoring

PICO Compliance Audit - A Quick Guide to Virtualization

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Configuring and Managing a Private Cloud with Enterprise Manager 12c

The Review of Virtualization in an Isolated Computer Environment

Enabling Technologies for Distributed Computing

Managing a Virtual Computing Environment

Virtualizare sub Linux: avantaje si pericole. Dragos Manac

How To Make A Virtual Machine Aware Of A Network On A Physical Server

SECURITY IN OPERATING SYSTEM VIRTUALISATION

COS 318: Operating Systems. Virtual Machine Monitors

COM 444 Cloud Computing

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant

Virtualization. Pradipta De

<Insert Picture Here> Oracle Database Support for Server Virtualization Updated December 7, 2009

HP Data Protector software. Assuring Business Continuity in Virtualised Environments

Virtualization with Windows

Virtualization with VMware and IBM: Enjoy the Ride, but Don t Forget to Buckle Up!

Cedric Rajendran VMware, Inc. Security Hardening vsphere 5.5

Anh Quach, Matthew Rajman, Bienvenido Rodriguez, Brian Rodriguez, Michael Roefs, Ahmed Shaikh

Optimize Server Virtualization with QLogic s 10GbE Secure SR-IOV

Why Choose VMware vsphere for Desktop Virtualization? WHITE PAPER

Closing the cloud and virtualization gap

Hypervisor Software and Virtual Machines. Professor Howard Burpee SMCC Computer Technology Dept.

IBM PowerSC. Security and compliance solution designed to protect virtualised data centres. Highlights. IBM Systems and Technology Data Sheet

The Cloud, Virtualization, and Security

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.

Data Protection: From PKI to Virtualization & Cloud

Hard Partitioning and Virtualization with Oracle Virtual Machine. An approach toward cost saving with Oracle Database licenses

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Deputy Secretary for Information Technology Date Issued: November 20, 2009 Date Revised: December 20, Revision History Description:

Enabling Technologies for Distributed and Cloud Computing

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers

Using SUSE Cloud to Orchestrate Multiple Hypervisors and Storage at ADP

Extending Microsoft Hyper-V with Advanced Automation and Management from Citrix

CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments

Implementing Security on virtualized network storage environment

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

ADC9521: Surviving Regulatory Compliance in the Virtual Infrastructure

Security and Cloud Compunting - Security impacts, best practices and solutions -

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Server and Storage Virtualization. Virtualization. Overview. 5 Reasons to Virtualize

Network Access Control in Virtual Environments. Technical Note

TECHNOLOGYBRIEF. The Impact of Virtualization on Network Security. Discover. Determine. Defend.

Business Continuity Management BCM. Welcome to the Matrix The Future of Server Virtualization

Virtualization Overview

Networking for Caribbean Development

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

CA ARCserve Replication and High Availability Deployment Options for Hyper-V

Best Practices for Virtualised SharePoint

CA Virtual Assurance for Infrastructure Managers

Alliance Key Manager Solution Brief

Can You be HIPAA/HITECH Compliant in the Cloud?

Transcription:

managing the risks of virtualization Chris Wraight CA Technologies 28 February 2011 Session Number 8951

abstract Virtualization opens the door to a world of opportunities and well managed virtualization sets the course for cloud. However, in order to get there, organizations must address various risks, including security, that virtualization brings. Some of the security risks are similar to the physical server environment, but are compounded by virtualization technology. The speaker from CA Technologies will discuss how keeping the risks in-check and extending security can make this migration fruitful, and pay off for IT. 2

virtualization continues to grow There will be more virtual machines deployed on servers during 2011 than in 2001 through 2009 combined! By 2015, 40% of the security controls used within enterprise data centers will be virtualized, up from less than 5% in 2010. 2 1Gartner; Q&A: Six Misconceptions About Server Virtualization, Thomas J. Bittman; 29 July 2010 2 Gartner; From Secure Virtualization to Secure Private Clouds ; Neil MacDonald & Thomas J. Bittman; 13 October 2010 3

agenda Technology Overview Identity and Access Management Risks Mitigating the Risks Session summary 4

virtualization technology overview Terms Used in this presentation: Virtualization host platform guest OS VMs, partitions Privileged partition (admin) Hypervisor Virtualization Architectures: Hosted - VMware Workstation, Microsoft Virtual PC Bare metal Hypervisor-based VMWare ESX, IBM LPAR, HP VPAR OS-based Solaris 10

virtualization technology overview (cont d) Operating system-based virtualization. Virtualization is native to the host operating system Multiple isolated, virtual environment instances Shared OS kernel. Homogeneous OS guests Example: Sun Solaris 10 Containers (Zones).

virtualization technology overview (cont d) Hypervisor-based virtualization Bare Metal Embedded or implemented in the hosting OS kernel Each guest runs on discrete virtual hardware VMs may be referred to as partitions Example: IBM AIX LPAR, HP-UX VPAR and VMware ESX Server.

Technology Overview Identity and Access Management Risks Mitigating the Risks Session summary 8

how is virtualization different? Each physical system becomes more critical A new level of administration is introduced Unstructured physical boundaries Unstructured time dimension Heterogeneous dynamic environments 9

the challenges of virtualization Hypervisors expose high level of privileges Shared resources available to virtualization Each virtualized guest has its own hierarchy of privileged access which should be separate from infrastructure VM sprawl Structured and unstructured data on virtualized environments is unsecure No central authentication source

the challenges of virtualization Regulatory requirements still apply Auditing access and identities is difficult in virtualized environments Privileges in a virtualized environment not well defined Decentralized privileged user administration (incl. virtual environments)

unstructured physical boundaries VM mobility beyond the server room VMs can be copied, or cloned Machine memory is accessible from the host Disk space can be accessed from storage Challenging physical security Copying a VM = Stealing a server from the server room The virtual DC is distributed Not a mainframe 12

managing the 4th dimension - time What happens when we revert to prior snapshot? Lose audit events Lose configuration Lose security policy Am I still compliant with my policy? 13

the privileged user Normal user Is identified Access is controlled root administrator Is anonymous Can bypass application security Can see and alter application data Can change system files Can change system configuration Can alter logs and erase records OS Security Application Security Customer Data Critical services Files & Logs Privileged User 14

the virtualization privileged user Privileged User Virtualization makes the problem worse by introducing a new privilege layer. 15

unrestricted privileged access Data exposure Different business owners VMs can be copied exposing sensitive data Business continuity and availability - isolation is not enough! Halting critical VMs Tampering with configurations Management and Control Administrators can deploy new VMs very easily Increases the chance for mistakes Improperly-configured VMs can be vulnerable 16

managing complexity Virtualization: Making the complex appear simple Configuration and change management Network management Storage management Capacity management 17

managing complexity Virtualization: Making the complex appear simple Configuration and Change Management Network Management Storage Management Capacity Management But what about security management? Heterogeneous VMs Highly-distributed Dynamically changing How do I manage the complexity? 18

audit, audit, audit! Each virtualization host becomes more important. One host running many VMs = Critical Infrastructure Critical infrastructure = Business impact Business impact = Compliance requirements Compliance requirements mandate additional controls! 19

compliance and audit Virtualization audit issues haven't yet been flagged What will drive priorities? Education Compliance and regulatory pressures are expected to increase Public exposure Will require adjusted controls for separation of management, and control 20

Technology Overview Identity and Access Management Risks Mitigating the Risks Session summary 21

best practices: segregate duties - restrict admins Segregate Administration System Virtualization Audit Restrict access to logs Restrict access to virtualization resources Deny sys admins Allow only through admin tools

full privileged user management Privileged User Data & Resource Protection Restrict privileged access Ensure accountability Restrict access to logs Restrict access to virtualization resources 23

central access policy management Enforce the policy across all VMs and virtualization platform Centralization - Do not rely on local policies Enforce policy change control Manage deviations from the policy Report on policy compliance 24

complete and secure auditing Monitor the virtualization platform Monitor administrative activity (including impersonation) Monitor all access to virtualization resources Centralize audit logs Notify on significant events Integrate with SIEM systems 25

Technology Overview Identity and Access Management Risks Mitigating the Risks Session summary 26

conclusions Security and control are the number one inhibitors to virtualization/cloud adoption by the enterprise Automation is an imperative Security will become a cloud differentiator The IT roles are reversing 27

apply Be aware of the security implications Physical boundaries are changing The definition of time is changing An additional administration layer is introduced The virtualization host is critical infrastructure Organizations should prepare now for increasing audit scrutiny Demand visibility and control Privileged user access management Consistent security policies Complete and secure auditing 28

questions and answers

thank you Chris Wraight chris.wraight@ca.com +1 508 628 8134

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information