This webinar reviews data security challenges in cloud environments as well as introduce new solutions for meeting security and compliance in virtualized and cloud infrastructure.
2. Agenda
•Data Security Challenges in Cloud Environments
•vShield Data Security Overview
• Introducing vShield Data Security
• How it works
• Benefits
•vCenter Configuration Manager Overview
2 Confidential
3. You probably already know this…
Compliance and Governance Drive Data Security
Regional Privacy Laws
Regulatory
Compliance
Personal Health Personally Identifiable
Cardholder Data (PCI) Information (PHI) Information (PII)
Governance
Intellectual Property Acceptable Use Customer Data
Frameworks and Best Practices
3 Confidential
4. …and you’re probably already doing this…
Secure Data on Physical Systems
Data Loss / Leak E-Discovery
Prevention (DLP)
Data in Data at Data in
Motion Rest Use
Access Control Encryption
4 Confidential
5. …But these days, your data could be anywhere.
Storage Array
Local Disk (data on virtual disks)
Physical
(no virtualization,
local disk or
Cloud Storage
storage array)
(storage ‘blobs’)
Cloud Deployment Models
View / VDI –
View / VDI –
CIFS(data on file
Linked Clones shares)
(data on virtual disks)
5 Confidential
6. …And if you’re here today, you probably know this firsthand.
Over 10.8 million virtual
machines on SAN!!
-- VMware
Data explosion in
the virtual data center!
The number of virtual machines VMware View $3.63 Billion
double every year revenue in 2011
-- Gartner – Wall Street
6 Confidential
7. Data Security for Virtual and Cloud Infrastructure
There’s much to do
But before you worry
about applying all of
this data security…
…to your virtual
environments…
7 Confidential
8. First things first.
Do you know where your sensitive data is stored in
virtual infrastructure and cloud environments?
8 Confidential
9. vShield Data Security Overview
Coming Soon – September 2011
vShield 5.0 Release
9 Confidential
10. Introducing vShield Data Security (vSDS)
Discovery of Sensitive Data in the Virtual Data Center
PCI PHI PII
Cardholder Data Personal Health Information Personally Identifiable Information
1 Define policies: Choose from built in templates for
standards and regulations governing most
common types of sensitive data
• PII Personally Identifiable Information
• PCI-DSS Payment Card Industry Standard
• PHI Patient Health information
Run Scans: Continuous scan of running virtual
2
machines to discover sensitive data in
unstructured files, based on policy.
Analyze Results: Generate actionable reports on
3 type and location of sensitive data, with
virtualization context (logical containers, for
example)
10
1 Confidential
11. vShield Data Security
How it works
vShield Endpoint virtual Solution Components
appliance for data security
• vShield Endpoint Virtual Appliance (vSEP-VA) for
data security (included)
Powered by
• Thin Agent in every guest virtual machine
(included with VM Tools)
• vShield Endpoint ESX hypervisor module per
host
Features
• Define policies, run scans, and analyze reports of
discovered sensitive data throughout the vDC
• Role-based access control for data security
policies – definition, operation, report analysis
11
12. vShield Data Security
Benefits
Visibility
• Enable regulatory compliance within vDC
with visibility into PCI, PII, PHI
Manageability
• Deployment and operation optimized for
virtual data centers
Proven Technology
• RSA DLP deployed thousands of data
centers
• vShield Endpoint performance gains
validated by 3rd parties
12
14. vCenter Configuration Manager Overview
Drive IT Compliance to lower risk
• Ensure compliance with various industry and
regulatory standards on a continuous basis
• Quickly remediate problems
Mitigate outages through approved change
processes
• Detailed understanding and tracking of changes
• Control change by following your Closed Loop
Change Mgmt Process
Harden your environment and reduce
potential threats and breaches
Compliance Through Unified Patching and
Provisioning
• Provision Linux, Windows and ESX images
• Assess and Patch Windows, UNIX, MAC, etc
Control your virtual infrastructure
• Fight VM Sprawl & Decommissioning Issues
• Improved Virtual Troubleshooting
• Single Pane of Glass
14
15. Manage & Measure Compliance
Automated & Continuous Enterprise Compliance Posture
Deep Collection and Visibility SOX HIPAA FISMA
• Virtual and Physical Machines
• Desktops and Servers DISA GLBA ISO 27002
PCI
• Spans a large array or OSs CIS
NERC/
Built in compliance tool kits NIST PCI DSS
FERC
VMware
• Regulatory
Virtualization Hardening Guidelines
• SOX, HIPAA, GLBA, FISMA, DISA, ISO 27002
• Industry CIS Benchmarks
• PCI DSS
• Security
• NERC/FERC
CIS Certified Benchmarks
• vSphere Hardening
• VMware Best Practices DISA NIST
• CIS Benchmark Security Hardening Guides
Vendor Specific Hardening Guidelines
Dashboards provide “At-a-Glance”
15 health