Embed Size (px)
DESCRIPTION
This webinar reviews data security challenges in cloud environments as well as introduce new solutions for meeting security and compliance in virtualized and cloud infrastructure.
Citation preview
© 2009 VMware Inc. All rights reserved
Confidential
vShield Data Security (vSDS) Overview June 14, 2011
Gargi Mitra Keeling, vShield Product Management
2 Confidential
Agenda
•Data Security Challenges in Cloud Environments
•vShield Data Security Overview
• Introducing vShield Data Security
• How it works
• Benefits
•vCenter Configuration Manager Overview
3 Confidential
You probably already know this… Compliance and Governance Drive Data Security
Regulatory
Compliance
Cardholder Data (PCI) Personal Health
Information (PHI)
Personally Identifiable
Information (PII)
Regional Privacy Laws
Governance Intellectual Property Acceptable Use Customer Data
Frameworks and Best Practices
4 Confidential
…and you’re probably already doing this… Secure Data on Physical Systems
Data at
Rest
Data in
Motion Data in
Use
Data Loss / Leak
Prevention (DLP) E-Discovery
Encryption Access Control
5 Confidential
…But these days, your data could be anywhere.
Storage Array
(data on virtual disks)
Physical
(no virtualization,
local disk or
storage array)
View / VDI –
Linked Clones (data on virtual disks)
Local Disk
Cloud Storage
(storage ‘blobs’)
View / VDI –
CIFS(data on file
shares)
Cloud Deployment Models
6 Confidential
Data explosion in
the virtual data center!
…And if you’re here today, you probably know this firsthand.
Over 10.8 million virtual
machines on SAN!! -- VMware
VMware View $3.63 Billion
revenue in 2011 – Wall Street
The number of virtual machines
double every year -- Gartner
7 Confidential
Data Security for Virtual and Cloud Infrastructure There’s much to do
But before you worry
about applying all of
this data security…
…to your virtual
environments…
8 Confidential
First things first.
Do you know where your sensitive data is stored in
virtual infrastructure and cloud environments?
vShield Data Security Overview Coming Soon – September 2011
vShield 5.0 Release
9 Confidential
10
Introducing vShield Data Security (vSDS) Discovery of Sensitive Data in the Virtual Data Center
1
0
Confidential
Define policies: Choose from built in templates for
standards and regulations governing most
common types of sensitive data
• PII Personally Identifiable Information
• PCI-DSS Payment Card Industry Standard
• PHI Patient Health information
Run Scans: Continuous scan of running virtual
machines to discover sensitive data in
unstructured files, based on policy.
Analyze Results: Generate actionable reports on
type and location of sensitive data, with
virtualization context (logical containers, for
example)
1
2
3
Cardholder Data Personal Health Information Personally Identifiable Information
PCI PHI PII
11
vShield Data Security How it works
Solution Components
• vShield Endpoint Virtual Appliance (vSEP-VA) for
data security (included)
• Thin Agent in every guest virtual machine
(included with VM Tools)
• vShield Endpoint ESX hypervisor module per
host
Features
• Define policies, run scans, and analyze reports of
discovered sensitive data throughout the vDC
• Role-based access control for data security
policies – definition, operation, report analysis
vShield Endpoint virtual
appliance for data security
Powered by
12
vShield Data Security Benefits
Visibility
• Enable regulatory compliance within vDC
with visibility into PCI, PII, PHI
Manageability
• Deployment and operation optimized for
virtual data centers
Proven Technology
• RSA DLP deployed thousands of data
centers
• vShield Endpoint performance gains
validated by 3rd parties
13
VMware vCenter Configuration Manager
Configuration and Compliance Solution Overview
14
vCenter Configuration Manager Overview
Drive IT Compliance to lower risk
• Ensure compliance with various industry and
regulatory standards on a continuous basis
• Quickly remediate problems
Mitigate outages through approved change
processes
• Detailed understanding and tracking of changes
• Control change by following your Closed Loop
Change Mgmt Process
Harden your environment and reduce
potential threats and breaches
Compliance Through Unified Patching and
Provisioning
• Provision Linux, Windows and ESX images
• Assess and Patch Windows, UNIX, MAC, etc
Control your virtual infrastructure
• Fight VM Sprawl & Decommissioning Issues
• Improved Virtual Troubleshooting
• Single Pane of Glass
15
Manage & Measure Compliance
Deep Collection and Visibility
• Virtual and Physical Machines
• Desktops and Servers
• Spans a large array or OSs
Built in compliance tool kits
• Regulatory
• SOX, HIPAA, GLBA, FISMA, DISA, ISO 27002
• Industry
• PCI DSS
• NERC/FERC
• vSphere Hardening
• VMware Best Practices
• CIS Benchmark
Virtualization Hardening Guidelines
FISMA HIPAA
NERC/
FERC
ISO 27002
CIS Benchmarks
Automated & Continuous Enterprise Compliance Posture
• Security
CIS Certified Benchmarks
DISA NIST
Security Hardening Guides
Vendor Specific Hardening Guidelines
Dashboards provide “At-a-Glance”
health
PCI DSS
GLBA
SOX
NIST
DISA PCI
CIS
VMware
