IT@Intel, profile picture
Uploaded byIT@Intel
797 views

Best Practices for Cloud Security

Virtualization and cloud computing provide business benefits like scalability, efficiency and elasticity but also introduce security challenges. Key security risks in virtualized environments include issues with the hypervisor, shared infrastructure vulnerabilities, and operational problems with access controls and application hardening. To balance security and business needs, a "protect to enable" strategy uses granular trust zones like high, medium and low trust environments that apply controls proportionate to asset risk and value. Lessons learned are that a holistic risk view is needed, virtualization security is still maturing, and applications introduced must be hardened.

Embed presentation

Virtualization Security to Enable the Private Cloud
Virtualization and Cloud: Business Drivers • Scalable • Multi-Tenancy • Efficiency • Elastic • Self-Service Landscape of cloud security may change based on the cloud implementation 2 Copyright © 2012, Intel Corporation. All rights reserved.
Virtualization Challenge Server Virtualization Increases efficiency Concentrates our assets OPTIMIZATION CHALLENGE Efficiency Controls Asset Density 3 Copyright © 2012, Intel Corporation. All rights reserved.
Virtualization Security Challenges: Key Risks Technology: Hypervisor integrity, multi-tenancy Infrastructure: Shared resources, management interfaces, automation and support code Operational: Separation of duties, administrative access, path to production, image protection and life-cycle Application: Code quality, development practices, application characterization, pre-existing vulnerabilities 4 Copyright © 2012, Intel Corporation. All rights reserved.
Security Challenges: Controls Security is a balancing act between business needs and risk • Key controls • Careful trust segmentation • Application risk reviews • Identity and access controls • Proper classified data handling • Security event and incident logging Intel IT’s “Protect to Enable” Security Strategy 5 Copyright © 2012, Intel Corporation. All rights reserved.
Security Challenges: Implementation Based on risks and controls how do we virtualize? Trust: Resistance to Compromise • How much do we Trust an application or server? • How much do we Trust the virtual environment? Consequence: Impact of Compromise • How much Risk can a server or application accept? • How much Risk does a virtual environment assume? 6 Copyright © 2012, Intel Corporation. All rights reserved.
Security Challenges: Implementation Granular Trust Environments High Trust Zone (HTZ): Secured virtual environment, highest controls, managed risk Medium Trust Zone (e.g. DMZ): Secured virtual environment, high controls, managed risk Low Trust Zone (LTZ): General virtual environment, low controls, varying risk Granular Trust Environments allow for balance of risk versus controls 7 Copyright © 2012, Intel Corporation. All rights reserved.
High Trust Zone: Need and Concept • Controls relative to Risk Posture – Limited logical access, extra physical separation, more extensive monitoring, better vetting of applications • Solution – Create a trust zone for virtual servers and apps that require greater protection • Delivers – Granular Trust Enablement – Levels of controls are proportionate to value of assets – Strengthen application implementation security 8 Copyright © 2012, Intel Corporation. All rights reserved.
Lessons Learned • Holistic view of risk and vulnerability is required • Virtualization technology is still maturing • Virtualization administrators must be treated as a “super admin” • Applications and systems landing in the environment must be hardened There are still functions that cannot be virtualized 9 Copyright © 2012, Intel Corporation. All rights reserved.
To Learn More… Virtualizing High Security Servers radio show Looking into the Cloud radio show Virtualizing High-Security Servers paper 10 Copyright © 2012, Intel Corporation. All rights reserved.
More Resources Enterprise Private Cloud Architecture Rethinking Information Security Information Security Protect to Enable Strategy video Learn more about Intel IT’s Initiatives at Intel.com/IT 11 Copyright © 2012, Intel Corporation. All rights reserved.
Legal Notices This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Intel, and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. * Other names and brands may be claimed as the property of others. Copyright © 2012, Intel Corporation. All rights reserved. 12 Copyright © 2012, Intel Corporation. All rights reserved.
Best Practices for Cloud Security

More Related Content

PDF
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
bySymantec
 
PPT
Cio ciso security_strategyv1.1
byAnindya Ghosh,
 
PDF
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
byHyTrust
 
PDF
Enterprise Strategy for Cloud Security
byBob Rhubart
 
PDF
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
byBob Rhubart
 
PDF
HyTrust and VMware-Providing a Secure Virtual Infrastructure
byHyTrust
 
PDF
Trend micro deep security
byTrend Micro
 
PDF
Trend Micro Dec 6 Toronto VMUG
bytovmug
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
bySymantec
 
Cio ciso security_strategyv1.1
byAnindya Ghosh,
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
byHyTrust
 
Enterprise Strategy for Cloud Security
byBob Rhubart
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
byBob Rhubart
 
HyTrust and VMware-Providing a Secure Virtual Infrastructure
byHyTrust
 
Trend micro deep security
byTrend Micro
 
Trend Micro Dec 6 Toronto VMUG
bytovmug
 

What's hot

PDF
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
byHyTrust
 
PDF
Trend Micro - Virtualization and Security Compliance
by1CloudRoad.com
 
PPTX
From Physical to Virtual to Cloud
byCisco Security
 
PDF
Cloud Security Checklist and Planning Guide Summary
byIntel IT Center
 
PDF
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
byBob Rhubart
 
PDF
Introduction - Trend Micro Deep Security
byAndrew Wong
 
PDF
Defense Foundation Product Brief
bywdjohnson1
 
PPTX
Trend micro v2
byJD Sherry
 
PPTX
Sådan undgår du misbrug af kundedata og fortrolig information
byIBM Danmark
 
PPT
Ibm security overview 2012 jan-18 sellers deck
byArrow ECS UK
 
PPTX
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
byAcrodex
 
PDF
Cloud Security: Perception VS Reality
byKVH Co. Ltd.
 
PDF
Intel Cloud Summit: Greg Brown McAfee
byIntelAPAC
 
PPTX
Cloud securityperspectives cmg
byNeha Dhawan
 
PDF
Axoss Network Vulnerability Assessment Services
byBulent Buyukkahraman
 
PDF
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
bySkybox Security
 
PPT
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
byIBM Danmark
 
PPT
Microsoft Forefront - Secure Endpoint Solution Presentation
byMicrosoft Private Cloud
 
PDF
Isc2conferancepremay15final
byMahmoud Moustafa
 
PPT
Trend micro real time threat management press presentation
byAndrew Wong
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
byHyTrust
 
Trend Micro - Virtualization and Security Compliance
by1CloudRoad.com
 
From Physical to Virtual to Cloud
byCisco Security
 
Cloud Security Checklist and Planning Guide Summary
byIntel IT Center
 
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
byBob Rhubart
 
Introduction - Trend Micro Deep Security
byAndrew Wong
 
Defense Foundation Product Brief
bywdjohnson1
 
Trend micro v2
byJD Sherry
 
Sådan undgår du misbrug af kundedata og fortrolig information
byIBM Danmark
 
Ibm security overview 2012 jan-18 sellers deck
byArrow ECS UK
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
byAcrodex
 
Cloud Security: Perception VS Reality
byKVH Co. Ltd.
 
Intel Cloud Summit: Greg Brown McAfee
byIntelAPAC
 
Cloud securityperspectives cmg
byNeha Dhawan
 
Axoss Network Vulnerability Assessment Services
byBulent Buyukkahraman
 
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
bySkybox Security
 
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
byIBM Danmark
 
Microsoft Forefront - Secure Endpoint Solution Presentation
byMicrosoft Private Cloud
 
Isc2conferancepremay15final
byMahmoud Moustafa
 
Trend micro real time threat management press presentation
byAndrew Wong
 

Viewers also liked

PPT
halloween
byguest19c0a3
 
PPTX
jThree announcment 4-24
by翔 石井
 
PPT
HNW_LiekeMuller001
byLiekeMuller
 
PDF
How indie developer can conquer mobile tops with VK game platform
byDevGAMM Conference
 
PPSX
Laws of interest to security professionals
byShivani Gamit
 
PDF
Jamming on Collaboration
byIT@Intel
 
PPTX
Kb2 konsep tumbuh kembang
bypjj_kemenkes
 
PDF
Lundi de la sorbonne Décembre 2016
byService Academique d'Information et d'Orientation
 
PPTX
Monthly Games Platforms in the media - 2015 edition
byICO Partners
 
PPTX
Talent mapping, for growing startups
byaviva gatt
 
PPTX
Game settings design
byDevGAMM Conference
 
PDF
IT@Intel: Creating Smart Spaces with All-in-Ones
byIT@Intel
 
PPTX
Materi biologi x bab 2 struktur dan fungsi tumbuhan
byeli priyatna laidan
 
PPTX
Producing for indies
byDevGAMM Conference
 
PPSX
Moving from Flash to HTML5 – converting large projects
byDevGAMM Conference
 
PPTX
Applied music: how to speak the composer’s language
byDevGAMM Conference
 
PPT
Integrating Sustainable Consumption & Production
byIsuru Abeynayake
 
PDF
Вебинар ИБ АСУ ТП NON-STOP. Серия №11
byКомпания УЦСБ
 
PDF
2015 for Kickstarter
byICO Partners
 
PDF
ИБ АСУ ТП NON-STOP. Серия 8. Требования по обеспечению ИБ систем автоматическ...
byКомпания УЦСБ
 
halloween
byguest19c0a3
 
jThree announcment 4-24
by翔 石井
 
HNW_LiekeMuller001
byLiekeMuller
 
How indie developer can conquer mobile tops with VK game platform
byDevGAMM Conference
 
Laws of interest to security professionals
byShivani Gamit
 
Jamming on Collaboration
byIT@Intel
 
Kb2 konsep tumbuh kembang
bypjj_kemenkes
 
Lundi de la sorbonne Décembre 2016
byService Academique d'Information et d'Orientation
 
Monthly Games Platforms in the media - 2015 edition
byICO Partners
 
Talent mapping, for growing startups
byaviva gatt
 
Game settings design
byDevGAMM Conference
 
IT@Intel: Creating Smart Spaces with All-in-Ones
byIT@Intel
 
Materi biologi x bab 2 struktur dan fungsi tumbuhan
byeli priyatna laidan
 
Producing for indies
byDevGAMM Conference
 
Moving from Flash to HTML5 – converting large projects
byDevGAMM Conference
 
Applied music: how to speak the composer’s language
byDevGAMM Conference
 
Integrating Sustainable Consumption & Production
byIsuru Abeynayake
 
Вебинар ИБ АСУ ТП NON-STOP. Серия №11
byКомпания УЦСБ
 
2015 for Kickstarter
byICO Partners
 
ИБ АСУ ТП NON-STOP. Серия 8. Требования по обеспечению ИБ систем автоматическ...
byКомпания УЦСБ
 

Similar to Best Practices for Cloud Security

PDF
Securing virtualization in real world environments
byArun Gopinath
 
PDF
Virtualizing More While Improving Risk Posture – From Bare Metal to End Point
byHyTrust
 
PDF
Cloud Security & Control: A Multi-Layer Approach to Secure Cloud Computing
byOpSource
 
PDF
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
byUNIT4 IT Solutions
 
PDF
Vss Security And Compliance For The Cloud
byGraeme Wood
 
PDF
Vmware Seminar Security & Compliance for the cloud with Trend Micro
byGraeme Wood
 
PDF
Ibm security virtual server protection
byE-Government Center Moldova
 
PDF
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
byBIOVIA
 
PDF
Day 3 p2 - security
byLilian Schaffer
 
PDF
Day 3 p2 - security
byLilian Schaffer
 
PPTX
Virtualizing Business cCritical Applications_ Darren Thomson
byArrow ECS UK
 
PPTX
Private cloud day session 5 a solution for private cloud security
byMicrosoft TechNet - Belgium and Luxembourg
 
PDF
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
byIxia
 
PDF
Server Virtualization in Manufacturing Operations
byARC Advisory Group
 
PDF
Using Server Virtualization for Manufacturing Operations
byARC Advisory Group
 
PPTX
Data Centre Evolution: Securing Your Journey to the Cloud
byTrend Micro (EMEA) Limited
 
PDF
Smau Bari 2012 Marco Soldi
bySMAU
 
PDF
Symantec Virtualization Launch VMworld 2012
bySymantec
 
PDF
Joe Honan Virtualization Trends
by1velocity
 
PPSX
The Evolution Of Server Virtualization By Hitendra Molleti
byHitendra Molleti
 
Securing virtualization in real world environments
byArun Gopinath
 
Virtualizing More While Improving Risk Posture – From Bare Metal to End Point
byHyTrust
 
Cloud Security & Control: A Multi-Layer Approach to Secure Cloud Computing
byOpSource
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
byUNIT4 IT Solutions
 
Vss Security And Compliance For The Cloud
byGraeme Wood
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
byGraeme Wood
 
Ibm security virtual server protection
byE-Government Center Moldova
 
(ATS4-GS03) Partner Session - Intel Balanced Cloud Solutions for the Healthca...
byBIOVIA
 
Day 3 p2 - security
byLilian Schaffer
 
Day 3 p2 - security
byLilian Schaffer
 
Virtualizing Business cCritical Applications_ Darren Thomson
byArrow ECS UK
 
Private cloud day session 5 a solution for private cloud security
byMicrosoft TechNet - Belgium and Luxembourg
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
byIxia
 
Server Virtualization in Manufacturing Operations
byARC Advisory Group
 
Using Server Virtualization for Manufacturing Operations
byARC Advisory Group
 
Data Centre Evolution: Securing Your Journey to the Cloud
byTrend Micro (EMEA) Limited
 
Smau Bari 2012 Marco Soldi
bySMAU
 
Symantec Virtualization Launch VMworld 2012
bySymantec
 
Joe Honan Virtualization Trends
by1velocity
 
The Evolution Of Server Virtualization By Hitendra Molleti
byHitendra Molleti
 

More from IT@Intel

PPTX
Unlock Hidden Potential through Big Data and Analytics
byIT@Intel
 
PPTX
Intel and IT- key industry trends driving business transformation
byIT@Intel
 
PDF
IT@Intel: Introducing IT on the Go
byIT@Intel
 
PDF
Enterprise Video Hosting: Introducing the Intel Video Portal
byIT@Intel
 
PDF
How to Self-Provision over WLAN with Intel(R) vPro(TM) Technology
byIT@Intel
 
PDF
Accelerating Our Path to Multi Platform Benefits
byIT@Intel
 
PPTX
Deploying Intel Architecture-based Tablets with Windows* 8 at Intel
byIT@Intel
 
PPTX
Nurturing Innovation at Intel through Mindfulness
byIT@Intel
 
PPTX
Evaluating Microsoft Windows 8 Security on Intel Architecture Tablets
byIT@Intel
 
PPTX
Six Irrefutable Laws of Information Security
byIT@Intel
 
PPTX
It tools slideshare
byIT@Intel
 
PPTX
Can Information Security Survive
byIT@Intel
 
Unlock Hidden Potential through Big Data and Analytics
byIT@Intel
 
Intel and IT- key industry trends driving business transformation
byIT@Intel
 
IT@Intel: Introducing IT on the Go
byIT@Intel
 
Enterprise Video Hosting: Introducing the Intel Video Portal
byIT@Intel
 
How to Self-Provision over WLAN with Intel(R) vPro(TM) Technology
byIT@Intel
 
Accelerating Our Path to Multi Platform Benefits
byIT@Intel
 
Deploying Intel Architecture-based Tablets with Windows* 8 at Intel
byIT@Intel
 
Nurturing Innovation at Intel through Mindfulness
byIT@Intel
 
Evaluating Microsoft Windows 8 Security on Intel Architecture Tablets
byIT@Intel
 
Six Irrefutable Laws of Information Security
byIT@Intel
 
It tools slideshare
byIT@Intel
 
Can Information Security Survive
byIT@Intel
 

Recently uploaded

PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
final.pdf
byomarbishtawi04
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
final.pdf
byomarbishtawi04
 
Workflow and decision Automation with Flowable
bychakib ch
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
apidays New York 2025 | AI in Application Security
byapidays
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 

Best Practices for Cloud Security

  • 1.
  • 2.
    Virtualization and Cloud: BusinessDrivers • Scalable • Multi-Tenancy • Efficiency • Elastic • Self-Service Landscape of cloud security may change based on the cloud implementation 2 Copyright © 2012, Intel Corporation. All rights reserved.
  • 3.
    Virtualization Challenge Server Virtualization Increases efficiency Concentrates our assets OPTIMIZATION CHALLENGE Efficiency Controls Asset Density 3 Copyright © 2012, Intel Corporation. All rights reserved.
  • 4.
    Virtualization Security Challenges: Key Risks Technology: Hypervisor integrity, multi-tenancy Infrastructure: Shared resources, management interfaces, automation and support code Operational: Separation of duties, administrative access, path to production, image protection and life-cycle Application: Code quality, development practices, application characterization, pre-existing vulnerabilities 4 Copyright © 2012, Intel Corporation. All rights reserved.
  • 5.
    Security Challenges: Controls Security isa balancing act between business needs and risk • Key controls • Careful trust segmentation • Application risk reviews • Identity and access controls • Proper classified data handling • Security event and incident logging Intel IT’s “Protect to Enable” Security Strategy 5 Copyright © 2012, Intel Corporation. All rights reserved.
  • 6.
    Security Challenges: Implementation Based onrisks and controls how do we virtualize? Trust: Resistance to Compromise • How much do we Trust an application or server? • How much do we Trust the virtual environment? Consequence: Impact of Compromise • How much Risk can a server or application accept? • How much Risk does a virtual environment assume? 6 Copyright © 2012, Intel Corporation. All rights reserved.
  • 7.
    Security Challenges: Implementation Granular Trust Environments High Trust Zone (HTZ): Secured virtual environment, highest controls, managed risk Medium Trust Zone (e.g. DMZ): Secured virtual environment, high controls, managed risk Low Trust Zone (LTZ): General virtual environment, low controls, varying risk Granular Trust Environments allow for balance of risk versus controls 7 Copyright © 2012, Intel Corporation. All rights reserved.
  • 8.
    High Trust Zone: Needand Concept • Controls relative to Risk Posture – Limited logical access, extra physical separation, more extensive monitoring, better vetting of applications • Solution – Create a trust zone for virtual servers and apps that require greater protection • Delivers – Granular Trust Enablement – Levels of controls are proportionate to value of assets – Strengthen application implementation security 8 Copyright © 2012, Intel Corporation. All rights reserved.
  • 9.
    Lessons Learned • Holistic view of risk and vulnerability is required • Virtualization technology is still maturing • Virtualization administrators must be treated as a “super admin” • Applications and systems landing in the environment must be hardened There are still functions that cannot be virtualized 9 Copyright © 2012, Intel Corporation. All rights reserved.
  • 10.
    To Learn More… Virtualizing High Security Servers radio show Looking into the Cloud radio show Virtualizing High-Security Servers paper 10 Copyright © 2012, Intel Corporation. All rights reserved.
  • 11.
    More Resources Enterprise Private Cloud Architecture Rethinking Information Security Information Security Protect to Enable Strategy video Learn more about Intel IT’s Initiatives at Intel.com/IT 11 Copyright © 2012, Intel Corporation. All rights reserved.
  • 12.
    Legal Notices This presentationis for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Intel, and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. * Other names and brands may be claimed as the property of others. Copyright © 2012, Intel Corporation. All rights reserved. 12 Copyright © 2012, Intel Corporation. All rights reserved.

Editor's Notes

  • #4 Virtualization and Cloud Aside from the technology, the main challenge with Virtualization is the flipside of benefits. With greater Efficiency comes greater asset density. And with greater asset density comes a larger attack surface. So the goal for us is figuring out the right level of controls that we need to expand and adopt.
  • #7 The key guidance for implementing controls steams from how we decide to handle Trust and Consequence.Before we build out our environments we consider the amount of trust that we want to build into them.And as we move servers and applications into these environment we consider how much risk they can assume.
  • #8 We came up with 3 kinds of virtualization environments. Low Trust Zones, High Trust Zones and something in between.In the case of the DMZ we started with a virtualization environment that at its core had a lot of risk from exposure to the internet. So we created multiple zones of consequence within that environment.In the case of the HTZ (High Trust Zone) we sough to create an environment that can be considered trustworthy. I’ll go into a little more detail on each of these next.
  • #9 The High Trust Zone came about from the need for virtualizing Internal Enterprise applications and servers that hosted Mission Critical data or business functions or systems and servers that hosted highly classified data. In our road down virtualization we hit a security limiter and needed to create a solution.