Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers:

  • 505 views
Uploaded on

 

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
505
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
2
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Increasing Security while Decreasing Costs when Virtualizing In-Scope Servers: How to virtualize more by building a security fortress around your "in-scope” virtual environment with HyTrust First in a three-part series for IS and IT professionals responsible for virtualization and data center architecture, management, and optimization 1975 W. El Camino Real, Suite 203, Mountain View, CA 94040 Phone: 650-681-8100 / email: info@hytrust.com© 2012, HyTrust, Inc. www.hytrust.com 1
  • 2. Overview Meet the Experts What are the key business drivers for the virtualization security blueprint ? Can you recommend a strategy, framework, and tools to help us succeed with compliance audits and beyond? What cross-vendor architectures exist to help virtualize more mission- critical applications, more securely this year? What best practices and methodologies can you outline for planning and undertaking these newer virtualization security initiatives? Summary Q&A© 2012, HyTrust, Inc. www.hytrust.com 2
  • 3. Today’s Experts Justin Lute  Director, Product Management - Virtualization, Cloud, and Technology Integrations – Qualys  Extensively-certified, technical and business leader in cloud security  Strategic product, technical consulting, and engineering roles at VCE, EMC, RSA, and more.  Justin has studied at Stanford University and The Ohio State University.© 2012, HyTrust, Inc. www.hytrust.com 3
  • 4. Today’s Experts Dave Shackleford  SVP of Research and CTO, IANS  Former consultant at Voodoo Security  Author of SANS Virtualization Security and Cloud Security courses, and SANS curriculum lead for Virtualization and Cloud Security  Sybex “Virtualization Security” book coming in Q3 2012  Helped create and publish first virtualization security hardening guides while CTO at Center for Internet Security© 2012, HyTrust, Inc. www.hytrust.com 4
  • 5. Today’s Experts Eric Chiu  Eric Chiu is CEO and co-founder of HyTrust, Inc. (http://www.hytrust.com/),  Vice President of Sales and Business Development at Cemaphore Systems, a leader in disaster recovery for Microsoft Exchange, Business Development at MailFrontier and mySimon  Instrumental in building OEM partnerships and technology alliances and driving new product initiatives.  Formerly a Venture Capitalist for Brentwood (now Redpoint) and Pinnacle, he also served in the M&A Group for Robertson, Stephens and Company.  Eric holds a BS in Materials Science and Engineering from UC Berkeley.© 2012, HyTrust, Inc. www.hytrust.com 5
  • 6. HyTrust Backgrounder Founded: Fall 2007 Headquarters: Mountain View, CA Venture Funding: $16 million Strategic Partners: Awards & Top Ten Lists: VMworld 2009 Best of Show, VMworld 2009 Gold, VMworld 2010 Finalist, TechTarget 2009 Product of the Year, RSA Innovation Sandbox 2009/2010 Finalist, SC Magazine 2010 Rookie Company of the Year, Network World Startup to Watch 2010, InfoWorld Tech Company to Know 2010, Forbes “Who’s Who” in Virtualization, Red Herring 2010 North America winner, Gartner Cool Vendor 2011© 2012, HyTrust, Inc. www.hytrust.com 66
  • 7. Data Center of the Future – 3 year Vision “Rented” Cloud SaaS Application Infrastructure Self-Service Access Identity and UsageConsolidation & IT as a Virtualization Service Ubiquitous Access Data Cost End result of datacenter transformation: IT is delivered as-a-service; Role of Corporate IT is transformed from operational to control / governance © 2012, HyTrust, Inc. www.hytrust.com 7
  • 8. What security concern ranks highest in importance in your virtualized environments heading into 2012?  Lack of automation (admin is brought in for every update and change)  Self service for line of businesses to access/manage their virtual machines  Strength of security policies and processes around access and change controls  Insider breach – either malicious or errant  Logging and reporting tools for audit and/or forensics purposes  All of the above© 2011, HyTrust, Inc. Inc. www.hytrust.com 8 © 2012, HyTrust, www.hytrust.com
  • 9. When are you planning your next server refresh?  Next 6 months as part of a full data center re-architecture  Next 6 months as standalone server refresh  Next 7-12 months as part of a full data center re-architecture  Next 7-12 months as standalone server refresh  Greater than 12 months as part of a full data center re-architecture  Greater than 12 months as standalone server refresh  No server refresh planned  Unknown© 2011, HyTrust, Inc. www.hytrust.com 9
  • 10. Key Drivers – Innovation Driving Business GoalsVirtualize More…Analyst research of CIO top priorities for 2012, 40% picked virtualization as one of top threeAnalyst research shows market is now 52% virtualized, with many organizations goaled to be 75% virtualized by 2014. * Forrester Research CISO’s Guide to Virtualization Security© 2012, HyTrust, Inc. www.hytrust.com 10
  • 11. Key Drivers - Virtualization / Cloud Security Leading IT Virtualize More Securely… “There will be more “By 2015, 40% of the virtual machines security controls used deployed on servers within enterprise data during 2011 than in centers will be 2001 through 2009 virtualized, up from combined”2 less than 5% in 2010.”1 “Virtualization increases security risk by 60%.”1 1Gartner; “From Secure Virtualization to Secure Private Clouds”; Neil MacDonald & Thomas J. Bittman; 13 October 201011 2Gartner; “Q&A: Six Misconceptions About Server Virtualization”, Thomas J. Bittman; 29 July 2010 © 2012, HyTrust, Inc. www.hytrust.com 11
  • 12. Key Drivers - Business Demands More Virtualize More… More Securely… With Less! Forrester Research CISO’s Guide to Virtualization Security© 2012, HyTrust, Inc. www.hytrust.com 12
  • 13. Key Drivers - Proactively Protect and Secure Your IP87% Percentage of companies that have experienced a data breach — IT Compliance Institute48% Percent of all breaches that involved privileged user misuse — Verizon report, 201074% Percentage of breached companies who lost customers as a result of the breach — IT Compliance Institute© 2012, HyTrust, Inc. www.hytrust.com 13
  • 14. Key Drivers - Proactively Protect and Secure Your IP87% Percentage of companies that have experienced a data breach — IT Compliance Institute48% Percent of all breaches that involved privileged user misuse — Verizon report, 201074% Percentage of breached companies who lost customers as a result of the breach — IT Compliance Institute© 2012, HyTrust, Inc. www.hytrust.com 14
  • 15. Typical Response for Errant Insider-caused Breach© 2012, HyTrust, Inc. www.hytrust.com 15
  • 16. Key Drivers - Summary Build the Business Case External and Internal drivers Describing What is ISO/IEC 27001? Articulating benefits  Value to your intellectual property (IP)  Value to Brand  Value to departmental reputation and team careers© 2012, HyTrust, Inc. www.hytrust.com 16
  • 17. Strategy, Framework, and Tools Scoping – the Key to Success Planning and Design - Understanding the environment is critical ISMS - Documented Components Communication and Setting Expectations Internally© 2012, HyTrust, Inc. www.hytrust.com 17
  • 18. Strategy, Framework, and Tools GRC Tool Benefits ISO Controls Testing (control activities) Obtain Certification Maintenance, Surveillance, and Re-Audit© 2012, HyTrust, Inc. www.hytrust.com 18
  • 19. Why Get Started Now?  Jason Cornish, former Shionogi Pharma IT Staffer  Plead guilty to Feb ‘11 computer intrusion  Wiped out 88 corporate servers (VMs) – email, order tracking, financial, & other services – and 15 ESX hosts  Shionogi’s operations frozen for days  unable to ship product  unable to cut checks  unable to send email  Estimated cost: $800k All of this was accomplished from a McDonalds19 19
  • 20. Why Get Started Now?“…down the road, the cyberthreat will be the number onethreat to the country…”FBI Director Robert Mueller…”service attacks … into NASDAQ,RSA, and the IMF“ underscorethe vulnerability of key sectorsof the economy."…"wholesale plundering" ofAmerican intellectual property.,,Director National Intelligence, James Clapper © 2012, HyTrust, Inc. www.hytrust.com 20
  • 21. Best Practices and Guidance - Getting Started How To Get Started with Virtualization Security Strive for virtual security that is equal to or better than the traditional security in your environment. Consider the following:  Apply the “Zero Trust” model of information security to your network architecture  Consider virtualization-aware security solutions  Implement privileged identity management  Incorporate vulnerability management into the virtual server environment© 2012, HyTrust, Inc. www.hytrust.com 21
  • 22.  eric@hytrust.com jlute@qualys.com dave@daveshackleford.com© 2011, HyTrust, Inc. www.hytrust.com 22
  • 23.  eric@hytrust.com jlute@qualys.com dave@daveshackleford.com© 2011, HyTrust, Inc. www.hytrust.com 23
  • 24.  eric@hytrust.com jlute@qualys.com dave@daveshackleford.com© 2011, HyTrust, Inc. www.hytrust.com 24
  • 25.  eric@hytrust.com jlute@qualys.com dave@daveshackleford.com© 2011, HyTrust, Inc. www.hytrust.com 25