The document provides an overview of VMware's vShield Data Security (VSDS) designed to protect sensitive data in virtual and cloud environments. It outlines the challenges of data security in such environments and highlights VSDS features including policy definition, continuous scanning for sensitive data, and compliance analysis. Additionally, it mentions the vCenter Configuration Manager as a tool for maintaining IT compliance and managing virtual infrastructures.

1. vShield Data Security (vSDS) Overview
June 14, 2011
Gargi Mitra Keeling, vShield Product Management
Confidential
© 2009 VMware Inc. All rights reserved

2. Agenda
•Data Security Challenges in Cloud Environments
•vShield Data Security Overview
• Introducing vShield Data Security
• How it works
• Benefits
•vCenter Configuration Manager Overview
2 Confidential

3. You probably already know this…
Compliance and Governance Drive Data Security
Regional Privacy Laws
Regulatory
Compliance
Personal Health Personally Identifiable
Cardholder Data (PCI) Information (PHI) Information (PII)
Governance
Intellectual Property Acceptable Use Customer Data
Frameworks and Best Practices
3 Confidential

4. …and you’re probably already doing this…
Secure Data on Physical Systems
Data Loss / Leak E-Discovery
Prevention (DLP)
Data in Data at Data in
Motion Rest Use
Access Control Encryption
4 Confidential

5. …But these days, your data could be anywhere.
Storage Array
Local Disk (data on virtual disks)
Physical
(no virtualization,
local disk or
Cloud Storage
storage array)
(storage ‘blobs’)
Cloud Deployment Models
View / VDI –
View / VDI –
CIFS(data on file
Linked Clones shares)
(data on virtual disks)
5 Confidential

6. …And if you’re here today, you probably know this firsthand.
Over 10.8 million virtual
machines on SAN!!
-- VMware
Data explosion in
the virtual data center!
The number of virtual machines VMware View $3.63 Billion
double every year revenue in 2011
-- Gartner – Wall Street
6 Confidential

7. Data Security for Virtual and Cloud Infrastructure
There’s much to do
But before you worry
about applying all of
this data security…
…to your virtual
environments…
7 Confidential

8. First things first.
Do you know where your sensitive data is stored in
virtual infrastructure and cloud environments?
8 Confidential

9. vShield Data Security Overview
Coming Soon – September 2011
vShield 5.0 Release
9 Confidential

10. Introducing vShield Data Security (vSDS)
Discovery of Sensitive Data in the Virtual Data Center
PCI PHI PII
Cardholder Data Personal Health Information Personally Identifiable Information
1 Define policies: Choose from built in templates for
standards and regulations governing most
common types of sensitive data
• PII Personally Identifiable Information
• PCI-DSS Payment Card Industry Standard
• PHI Patient Health information
Run Scans: Continuous scan of running virtual
2
machines to discover sensitive data in
unstructured files, based on policy.
Analyze Results: Generate actionable reports on
3 type and location of sensitive data, with
virtualization context (logical containers, for
example)
10
1 Confidential

11. vShield Data Security
How it works
vShield Endpoint virtual  Solution Components
appliance for data security
• vShield Endpoint Virtual Appliance (vSEP-VA) for
data security (included)
Powered by
• Thin Agent in every guest virtual machine
(included with VM Tools)
• vShield Endpoint ESX hypervisor module per
host
 Features
• Define policies, run scans, and analyze reports of
discovered sensitive data throughout the vDC
• Role-based access control for data security
policies – definition, operation, report analysis
11

12. vShield Data Security
Benefits
 Visibility
• Enable regulatory compliance within vDC
with visibility into PCI, PII, PHI
 Manageability
• Deployment and operation optimized for
virtual data centers
 Proven Technology
• RSA DLP deployed thousands of data
centers
• vShield Endpoint performance gains
validated by 3rd parties
12

13. VMware vCenter Configuration Manager
Configuration and Compliance Solution Overview
13

14. vCenter Configuration Manager Overview
 Drive IT Compliance to lower risk
• Ensure compliance with various industry and
regulatory standards on a continuous basis
• Quickly remediate problems
 Mitigate outages through approved change
processes
• Detailed understanding and tracking of changes
• Control change by following your Closed Loop
Change Mgmt Process
Harden your environment and reduce
potential threats and breaches
Compliance Through Unified Patching and
Provisioning
• Provision Linux, Windows and ESX images
• Assess and Patch Windows, UNIX, MAC, etc
 Control your virtual infrastructure
• Fight VM Sprawl & Decommissioning Issues
• Improved Virtual Troubleshooting
• Single Pane of Glass
14

15. Manage & Measure Compliance
Automated & Continuous Enterprise Compliance Posture
 Deep Collection and Visibility SOX HIPAA FISMA
• Virtual and Physical Machines
• Desktops and Servers DISA GLBA ISO 27002
PCI
• Spans a large array or OSs CIS
NERC/
 Built in compliance tool kits NIST PCI DSS
FERC
VMware
• Regulatory
Virtualization Hardening Guidelines
• SOX, HIPAA, GLBA, FISMA, DISA, ISO 27002
• Industry CIS Benchmarks
• PCI DSS
• Security
• NERC/FERC
 CIS Certified Benchmarks
• vSphere Hardening
• VMware Best Practices  DISA NIST
• CIS Benchmark  Security Hardening Guides
 Vendor Specific Hardening Guidelines
Dashboards provide “At-a-Glance”
15 health