Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Similar documents

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

The growing importance of a secure Cloud environment

Netzwerkvirtualisierung? Aber mit Sicherheit!

VMware vcloud Networking and Security

VMware vcloud Networking and Security Overview

Learn how to build Enterprise Hybrid Clouds for your customers using VMware vcloud

How To Protect Virtualized Data From Security Threats

Security in the Software Defined Data Center

Trend Micro Deep Security

How To Protect Your Cloud From Attack

Mitigating Information Security Risks of Virtualization Technologies

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Building an Enterprise Hybrid Cloud with the VMware vcloud Solution

Agentless Security for VMware Virtual Data Centers and Cloud

vshield Quick Start Guide

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

Why Choose VMware vsphere for Desktop Virtualization? WHITE PAPER

Securing the private cloud

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Secure Cloud-Ready Data Centers Juniper Networks

SOFTWARE DEFINED NETWORKING

Cloud and Data Center Security

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

VirtualclientTechnology 2011 July

vshield Quick Start Guide vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0

Business Values of Network and Security Virtualization

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

Accelerating the Journey to The Cloud Via Virtualization

VMware vcloud Director for Service Providers

Meeting the Challenges of Virtualization Security

Building an Enterprise Hybrid Cloud with the VMware vcloud Solution

How To Compare The Cost Of A Microsoft Private Cloud To A Vcloud With Vsphere And Vspheon

vsphere 6.0 Advantages Over Hyper-V

Vyatta Network OS for Network Virtualization

Total Cloud Protection

Virtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE

vshield Quick Start Guide

How To Build A Software Defined Data Center

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

VMware Integrated Partner Solutions for Networking and Security

Potecting your business assets in The Cloud, with. Secure Multitency Environment from CloudHPT.

How Network Virtualization can improve your Data Center Security

VDI Security for Better Protection and Performance

VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE

Sicurezza Data Center 22 giugno Fabio Paravani Regional Account Manager

Proactively Secure Your Cloud Computing Platform

The first agentless Security, Virtual Firewall, Anti- Malware and Compliance Solution built for Windows Server 2012 Hyper-V

End to End Security do Endpoint ao Datacenter

Shifting Roles for Security in the Virtualized Data Center: Who Owns What?

VMware NSX A Perspective for Service Providers part 2

Virtualization Journey Stages

Network Segmentation in Virtualized Environments B E S T P R A C T I C E S

VMware Solution Guide for. Payment Card Industry (PCI) September v1.3

Virtualization Essentials

Sichere Virtualisierung mit VMware

Bitdefender GravityZone Sales Presentation

Virtualizing Apache Hadoop. June, 2012

VMware vsphere Design. 2nd Edition

Virtualization, SDN and NFV

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

Virtualization Impact on Compliance and Audit

VIRTUALIZATION SECURITY OPTIONS: CHOOSE WISELY

Hardening and Hacking vsphere and Private Cloud Everything you need to know about vsphere Security

Moving beyond Virtualization as you make your Cloud journey. David Angradi

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Software Defined Environments

How RSA has helped EMC to secure its Virtual Infrastructure

Deep Security. Προστατεύοντας Server Farm. Σωτήρης Δ. Σαράντος. Available Aug 30, Σύμβουλος Δικτυακών Λύσεων. Copyright 2011 Trend Micro Inc.

Devising a Server Protection Strategy with Trend Micro

Securing the Virtualized Data Center With Next-Generation Firewalls

C a r l G o e t h a l s T e r r e m a r k E u r o p e. C a r l. g o e t h a l t e r r e m a r k. c o m

1518 Best Practices in Virtualization & Cloud Security with Symantec

Palo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

The Virtualization Practice

Data Center Connector for vsphere 3.0.0

vshield Administration Guide

Availability Acceleration Access Virtualization - Consolidation

Security Virtual Infrastructure - Cloud

RSA Security Solutions for Virtualization

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

Product Description. Product Overview

Transcription:

1 Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Agenda Cloud Computing VMware and Security Network Security Use Case Securing View Deployments Questions 2

IT consumption is changing Work Style Applications Devices Delivery Methods 3

Enterprise IT is Aligning to Consumption Empowered, Secure Mobile Workforce Faster Time-to-Market for Modern Applications Paul Maritz CEO A More Flexible, Scalable, Efficient Infrastructure for All Apps Existing Datacenters Public Cloud Services VMware enables our customers success by simplifying and automating IT in the Cloud Era. 4

Future of Cloud Computing 80% of new commercial enterprise apps will be deployed on cloud platforms in 2012 predicted cloud computing market in 2020 $241B 2.7ZB predicted volume of digital content, up 48% from 2011 Source: IDC, Predictions 2012: Competing for 2020, December 2011; Forrester, Sizing the Cloud, April 2011 5

Security and Compliance are Key Concerns for Organizations Considering Cloud Migrations Q.What are the top challenges or barriers to implementing a cloud computing strategy? Concerns about security 67% Concerns about access to information Concerns about information governance Concerns about the ability to meet enterprise and/or industry standards Difficulty measuring ROI Lack of clear strategy or help from key vendors in adapting their applications 41% 37% 31% 30% 24% Business leaders are not receptive Employees are not receptive 14% 11% Top 4 Concerns Relate to Security or Compliance Source: 2010 IDG Enterprise Cloud-based Computing Research, November 2010 6

VMware and Security Virtualization Security Secure hypervisor architecture Platform hardening features Secure Development Lifecycle Audit and Compliance Hardening Guidelines - Prescriptive guidance for deployment and configuration Enterprise controls for security and compliance Network Security in the Data Center/ Cloud Virtualization-aware security Products taking Unique Advantage of virtualization 7

Traditional Security in Virtual Environments Physical Security Devices and Airgaps Air gap Air gap Air gap DMZ vsphere vsphere vsphere vsphere Firewall Firewall Firewall Firewall VPN Load balancer Load balancer Load balancer 8

Customers Want to Virtualize More. Increased interest in Mixing Trust Zones PCI Tier 1 Apps DMZ Application 1 Application 2 Application 3 DMZ 9

New Challenges with Cloud Computing Virtualization forms the foundation for building private clouds. Security must change to support both. - Gartner 2010 Public Cloud Internal IT Virtual Machines are dynamic and can move around Virtual Machines are easily created and can be self provisioned by non IT staff Increased workloads with large amount of virtual desktops in datacenter 10

How Do We Transform Rigid Silos Into Secure Elastic Clouds? OUCH! 11

The Security Evolution - From Appliances to Security as a Service Cloud Low Governance Enterprise Hybrid Cloud High Governance Security as a Service Virtualized Security Infrastructure focus Application focus Business focus Virtualization Hardware Appliances IT Production Business Production IT as a Service 12

VMware vshield Foundation for Trusted Cloud Securing the Cloud From Edge to Endpoint vshield Edge vshield App vshield Endpoint vshield Data Security Secure the edge of the virtual datacenter Protect applications from threats with trust zones Streamline and accelerate anti-virus solutions Protect against data leaks Virtual Datacenter 1 Virtual Datacenter 2 DMZ Web HIPAA PCI VMware vshield Manager 13

vshield Edge firewall Secure the Edge of the Virtual Data Center Auto-wired Security for VDCs VPN, Load Balancer, DHCP, NAT, Firewall Eliminate Air-Gapped sprawl Scalable Performance Features Load balancer VPN Tenant A Tenant X Multiple edge security services in one appliance Stateful inspection firewall Network Address Translation (NAT) Dynamic Host Configuration Protocol (DHCP) Site to site VPN (IPsec) Web Load Balancer Policy management through UI or REST APIs Logging and auditing based on industry standard syslog format 14

vshield App Enforce Micro-segmentation Inside the vdc Protect applications against Network Based Threats Full Stateful Packet Inspection firewall Virtual Datacenter 1 Web App Control on per-vm/per vnic level See VM-VM traffic within the same host with Robust Flow Monitoring Databas e DISA & PCI Virtual Datacenter 2 CIS & PCI Security groups enforced with VM movement Logging and auditing via Syslog VMware vsphere + vcenter ESX Hardening REST APIs for automation Cluster B Cluster A 15

Visibility into Sensitive Data to Address Regulatory Compliance vshield Data Security Overview More than 80 pre-defined templates for country/industry specific regulations Accurately discover and report sensitive data in unstructured files with analysis engine Segment off VMs with sensitive data in separate trust zones!!! Cloud Infrastructure (vsphere, vcenter, vshield, vcloud Director) Benefits Quickly identify sensitive data exposures Reduce risk of non-compliance and reputation damage Improve performance by offloading data discovery functions to a virtual appliance 16

Efficient Protection Against Malware vshield Endpoint Overview USE AV Storm! Offloaded anti-virus protection Leverage 3rd party anti-virus solutions Eliminate security agent from guest VM Partner provides security virtual appliance for endpoint security such as anti-virus, file integrity monitoring, OS event logging 17 Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Cloud Infrastructure (vsphere, vcenter, vshield, vcloud Director) AV Partner Product Benefits Efficiency - Improve performance and consolidation ratios from 30-100%*. Eliminate anti-virus storms Manageability - Streamline deployment and monitoring of endpoint security Better than physical VM protected the moment it comes online, no agent susceptible to attack * Depending on whether workload stresses the AV solution Source: Tolly Group 2010

vshield Endpoint SVM VM VM VM AV OS Hardened APP OS Kernel BIOS APP OS Kernel BIOS APP OS Kernel BIOS Introspection VMware vsphere 18

Where to learn more Security Specialist Team s Everything security.. http://portal.sliderocket.com/atohl/vmware-security-links_v2 Or http://tinyurl.com/vmwaresecuritylinks Use it as a reference visit often.. 19

Thank you Question & Answer Session 20