The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief



Similar documents
RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

How RSA has helped EMC to secure its Virtual Infrastructure

RSA Security Solutions for Virtualization

VBLOCK GRC SOLUTION WITH RSA (GOVERNANCE, RISK, AND COMPLIANCE)

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

Trusted Geolocation in The Cloud Technical Demonstration

RSA Archer Training. Governance, Risk and Compliance. Managing enterprise-wide governance, risk and compliance through training and education

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

PCI Compliance for Cloud Applications

RSA SECURITY MANAGEMENT. An Integrated approach to risk, operations and incident management. Solution Brief

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA

The Impact of HIPAA and HITECH

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

IT Security & Compliance. On Time. On Budget. On Demand.

HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps

Total Protection for Compliance: Unified IT Policy Auditing

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Continuous Network Monitoring

White paper. Four Best Practices for Secure Web Access

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Security Issues in Cloud Computing

Security Information Lifecycle

Cloud and Data Center Security

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

RSA ARCHER OPERATIONAL RISK MANAGEMENT

VMware Integrated Partner Solutions for Networking and Security

Vulnerability Management

Datacenter Management and Virtualization. Microsoft Corporation

Information Risk Management. Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC

Support the Era of the App with End-to-End Network and Application Performance Visibility

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

SIMPLIFYING AND AUTOMATING MANAGEMENT ACROSS VIRTUALIZED/CLOUD-BASED INFRASTRUCTURES

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

VMware Solutions for Small and Midsize Business

VMware Virtualization and Cloud Management Solutions. A Modern Approach to IT Management

Protect Root Abuse privilege on Hypervisor (Cloud Security)

can you improve service quality and availability while optimizing operations on VCE Vblock Systems?

IBM Tivoli Netcool network management solutions for enterprise

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Strategies for assessing cloud security

Enterprise Security Solutions

how can I deliver better services to my customers and grow revenue?

agility made possible

CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT

Intelligent Operations Management from Applications to Storage. VMware vrealize Operations

Secure Administration of Virtualization - A Checklist ofVRATECH

Payment Card Industry Data Security Standard

Meeting the Challenges of Virtualization Security

IBM Tivoli Netcool Configuration Manager

PCI DSS READINESS AND RESPONSE

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

Cisco Unified Data Center: The Foundation for Private Cloud Infrastructure

Security Compliance in a Virtual World

Tufin Orchestration Suite

BRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper

RSA Digital Certificate Solution

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

Trend Micro. Advanced Security Built for the Cloud

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

Enterprise Cloud Management: Drive business value by balancing speed, cost and risk

Riverbed SteelCentral. Product Family Brochure

Symantec Control Compliance Suite. Overview

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

Demonstrating the ROI for SIEM: Tales from the Trenches

Minimize Access Risk and Prevent Fraud With SAP Access Control

Log Management Solution for IT Big Data

Discover & Investigate Advanced Threats. OVERVIEW

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

IBM Security QRadar Risk Manager

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

IBM Security IBM Corporation IBM Corporation

DEMONSTRATING THE ROI FOR SIEM

CA Service Desk Manager

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

Delivering Cost Effective IT Services

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

How to Achieve Operational Assurance in Your Private Cloud

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Detect & Investigate Threats. OVERVIEW

Transcription:

The RSA Solution for Cloud Security and Compliance A GRC foundation for VMware infrastructure security and compliance Solution Brief

The RSA Solution for Cloud Security and Compliance enables end-user organizations and service providers to orchestrate and visualize the security of their VMware virtualization infrastructure and physical infrastructure from a single console. The solution offers a solid foundation that enables security of VMware environments to be addressed systematically so organizations can confidently continue their journey to virtualization and cloud computing models. Taking control of security and compliance in the virtual infrastructure is a critical step to accelerating cloud strategies. According to a recent Forbes Insights report on setting cloud strategies, Among current technologies coming into the mainstream, virtualization is clearly seen as the antecedent to private cloud computing. In fact, of the 235 CIOs and IT executives surveyed for the report, nearly half (48%) have virtualized at least a quarter of their organization s servers in order to reduce infrastructure costs and deliver applications more rapidly. However, adoption of virtualization as the foundation for cloud computing is not without its barriers. Chief among them is security, which 43% of the survey respondents identified as their top concern. 1 Taking control of security and compliance in the virtual infrastructure is a critical step to accelerating cloud strategies. Overview of Virtualization as the Bedrock of Cloud Computing As IT continues to face pressure to reduce complexity and costs while also delivering more value to the business, virtualization and cloud computing are increasingly seen as imperative, not optional. Virtualization accelerates an organization s internal transition to agile and business-responsive cloud computing models by abstracting complexity and creating an elastic pool of computing, storage and networking resources. Specific benefits of virtualization include: Increased efficiency, flexibility and reliability of IT services Reduced capital and operational costs Higher availability and better preparation for disaster recovery Adoption of virtualization for test and development IT environments is growing rapidly, but as companies look to extend the benefits of virtualization to mission-critical applications, new security and compliance concerns emerge. Virtual computing environments are more fluid, agile and portable, creating greater flexibility and convenience. However, this increased flexibility raises anxiety about data security and the ability to ensure compliance as the traditional physical boundaries that define and protect information transform or disappear. Compliance Challenges in the Virtual Infrastructure For the most part, regulations do not differentiate between physical and virtual IT infrastructure, although some, such as the Payment Card Industry (PCI) Data Security Standard, are being revised to include guidelines for virtualized systems. However, whether the infrastructure is physical, virtual or hybrid, organizations and cloud service providers must harden their environment, evaluate the performance of their control framework, resolve deficiencies and report compliance both internally and externally. The process of managing security and proving compliance is quite similar for both physical and virtualized IT, but it is important to note that virtualization presents some unique challenges. Among them is the rapid rate of change in the virtual infrastructure, with virtual machines brought up and down or moved from one server to another on a frequent basis. Also, security and compliance teams may not be included in the planning stages of virtualization projects, and they may find themselves lacking the same visibility and control in the virtualized IT environment that they have in the physical infrastructure. 1 Forbes Insights report (sponsored by EMC), Seeding the Cloud: RSA Solution Brief Enterprises Set Their Strategies for Cloud Computing. 2010. page 2

Figure 1. Cycle enabled by the RSA Solution for Cloud Security and Compliance As a result, virtualized servers may be less secure than physical servers. In fact, Gartner predicts that through 2012, 60 percent of virtualized servers will be less secure than the physical servers they replace, with that number dropping to 30% by 2015. 2 Security and compliance issues associated with virtualization and cloud computing can be costly to the business if they are not addressed proactively. These costs include: Unrealized capital and operational savings when virtualization projects are delayed over security and compliance concerns Regulatory audit failures and fines resulting from insecure virtualized infrastructure Impacts to brand and shareholder confidence stemming from security breaches As enterprises and cloud service providers continue to pursue virtualization as the foundation for private and public cloud strategies, a clear framework for managing security and compliance is needed one that enables businesses to realize the benefits of virtualization for mission-critical applications without compromises on the security front. Such a framework must consistently address security and compliance for physical, virtualized and hybrid environments rather than create new models for virtualization security. RSA Solution for Cloud Security and Compliance RSA has developed a solution that enables organizations to meet their security and compliance requirements as they accelerate their journey to virtualization and the cloud. This solution comprises policy management and implementation, security and compliance measurement, issue remediation, and reporting all within a single management system for both physical and virtual infrastructure, as shown in Figure 1. Policy Management and Implementation Security and compliance teams are challenged with rationalizing the complexity of compliance requirements across both physical and virtual environments especially in today s evolving regulatory landscape. The RSA Archer egrc Suite for enterprise governance, risk and compliance answers this challenge with the industry s most comprehensive library of policies, control standards, procedures and assessments mapped to current, global regulations and industry guidelines. More than 130 control 2 Gartner, Addressing the Most Common Security Risks in Data Center RSA Solution Brief Virtualization Projects, by Neil MacDonald. 25 January 2010. page 3

procedures in the library are written specifically against the VMware vsphere 4.0 Security Hardening Guide3 and mapped to security policies and authoritative sources such as PCI, COBIT, NIST, HIPAA and NERC. In addition, the library includes thousands of other control procedures for operating systems, databases, network devices and other infrastructure assets, which are mapped to the same laws, regulations and industry standards, forming the basis of a complete technology controls approach. The VMware control procedures provide specific instructions for configuring and hardening VMware infrastructure in the following areas: Access control Platform security Information security Operational security Using automated workflow within the RSA Archer egrc Platform, a project manager can distribute security policies and control procedures to appropriate administrators for both physical and virtual infrastructure. For example, VMware ESX configuration steps are sent to the VMware administrator, storage configuration steps are sent to the storage administrator, network security configuration steps are sent to the security administrator, and so forth. Within the RSA Archer egrc Platform, the project manager can then track the implementation of those control procedures from a single dashboard interface, as illustrated in Figure 2. By automating and centralizing the policy management process across physical and virtual environments and between IT and security operations teams, organizations can improve efficiency and accuracy. Security and Compliance Measurement RSA s solution includes new software that substantially automates the assessment of whether VMware security controls have been implemented correctly. The results of these automated configuration checks are fed directly into the RSA Archer egrc Platform, which also captures the results of configuration checks for physical assets via pre-built integration with commercially available scan technologies. As a result, the Platform serves as a point of consolidation for continuous controls monitoring across the physical and virtual infrastructure. Figure 2. Distributing and Tracking Control Procedures RSA Solution Brief page 4

While a significant number of the VMware control procedures are tested automatically, the remainder must be tested manually because their status cannot be directly inferred from the environment. For these control procedures, project managers can issue manual assessments from the RSA Archer egrc Platform, using a pre-loaded bank of questions mapped to control procedures and regulatory requirements. Project managers can create new questionnaires within minutes and issue them to appropriate users based on asset ownership. Those users are automatically notified of their assessments via rules-driven workflow and My Tasks lists, and they can complete their assessments online. Results for both automated and manual assessments are consolidated in the RSA Archer egrc Platform and mapped to applicable control procedures, regulations and standards. IT and security operations teams can then monitor compliance with regulations and internal policies across the physical and virtual infrastructure by device, policy, procedure, regulation and other criteria. This information is presented through a graphical dashboard view, making the information easy to digest and understand. Issue Remediation Configuring the physical and virtual infrastructure according to best-practice security guidelines and regulatory requirements is critical. However, the security and compliance process does not stop there. Organizations also require the ability to monitor misconfigurations, policy violations and control failures across their infrastructure and to respond swiftly with appropriate remediation steps. Deficiencies identified through automated and manual configuration checks are captured within the RSA Archer egrc Platform for management. Control failures are then assigned to appropriate personnel, who can respond by completing remediation tasks or logging exception requests that identify effective compensating controls. RSA s solution also enables security operations teams to manage policy violations and control failures. The RSA Archer egrc Platform integrates with RSA envision log management to collect and correlate security and compliance events from a variety of sources, including the RSA Data Loss Prevention suite, VMware vshield and VMware Cloud Director. Integrations with other tools, including EMC Ionix and HyTrust, will be added to the solution over time. RSA envision log management prepares reports of relevant security events within the physical and virtual infrastructure and passes these reports into RSA Archer, as shown in Figure 3. Figure 3. System overview >_ RSA Solution Brief page 5

Security and Compliance Reporting RSA has developed a solution that enables organizations to meet their security and compliance requirements as they accelerate their journey to virtualization and the cloud. In order to extend the benefits of virtualization beyond the test and development stages to mission-critical application environments, organizations and cloud service providers need a repeatable and comprehensive methodology for deploying and operating virtualization infrastructure securely. Answering this call, RSA provides a centralized, customizable view of security intelligence, business and regulatory impact, and issue remediation across both virtual and physical infrastructure. The RSA Archer egrc Platform offers a holistic dashboard of compliance and remediation efforts, and with a simple click of the mouse, users can expose the details of any area or activity. RSA s solution also includes a dedicated VMware security dashboard, shown in Figure 4. This centralized, real-time view enables IT and security operations teams to monitor: Compliance by VMware security domain (access control, platform security, information security and operational security) Compliance by device (VMware ESX, vswitch, etc.) Compliance by authoritative source Non-compliant control procedures for VMware Remediation status Accountability work queues Figure 4. VMware Security Dashboard in the RSA Archer egrc Platform RSA SecurBook for Cloud Security and Compliance The RSA SecurBook for Cloud Security and Compliance is an easy-to-follow solution guide that provides detailed instructions for deploying and administering RSA s solution in a virtualized environment. Designed to help organizations reduce implementation time and total cost of ownership, the RSA SecurBook offers guidance in the following areas: Solution architecture for managing VMware security and compliance Solution deployment and configuration guides Operational guidance for effectively using the solution Troubleshooting guidance RSA Solution Brief page 6

RSA Solution for Cloud Security and Compliance With RSA, organizations that are deploying virtualization as the foundation for cloud computing can: Take advantage of best-practice security policies and control procedures aligned with VMware guidelines and regulatory requirements Distribute security policies and control procedures to appropriate users Continuously monitor, measure and enforce IT controls in both physical and virtual environments Conclusion Today, RSA offers many of the capabilities that organizations require to manage security and compliance in the virtual infrastructure as they accelerate their journey to private and public cloud computing. RSA is committed to furthering the proliferation of virtualization technology and is continually enhancing its products and services in an effort to ensure the integrity of the virtual environment. RSA helps organizations to rationalize a multitude of compliance requirements, control frameworks, standards and best practices into a set of centralized security policies that can be administered consistently across both virtual and physical infrastructure. Additionally, IT and security operations teams can work cooperatively to manage compliance to those security policies, streamlining processes and ultimately reducing administrative costs. Security and compliance concerns are top of mind for IT executives and can hinder adoption of virtualization for mission-critical applications. However, with the right tools, processes and coordination among IT and security operations teams, organizations can take control of security and compliance across the physical and virtual infrastructure building the foundation today for tomorrow s cloud strategies. Collect and correlate security and compliance events across the hybrid IT infrastructure Employ automated workflow for issue prioritization and remediation Centrally report on their security and compliance posture Implement a sustainable, coordinated process that can keep pace with the evolving IT landscape and regulatory climate RSA is continually enhancing its products and services in an effort to ensure the integrity of the virtual environment. RSA Solution Brief page 7

About RSA RSA is the premier provider of security, risk and compliance solutions, helping the world s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, data loss prevention, encryption and tokenization, fraud protection and SIEM with industry leading egrc capabilities and consulting services, RSA brings trust and visibility to millions of user identities, the transactions that they perform and the data that is generated. www.rsa.com 2010-2011 EMC Corporation. EMC2, EMC, RSA, envision, SecurID, Archer and the RSA logo are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other products or services mentioned are trademarks of their respective companies. h9002-cldinf-sb-0711

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information