Cloud Under Control:

Virtualize More by Virtualizing More Securely

Virtualization and Clouds are the Foundation for Modern IT

2

Ref: Forrester webinar with HyTrust

48%

Use public cloud

55%

Build internal

private cloud

Organizations need to

reduce costs and support

business agility

To do so, they’re adopting

virtualized server infrastructures

and public cloud Infrastructure

as a Service (IaaS)

Ref: Forrester webinar with HyTrust

Security is a Persistent Issue

3

26%21%

Virtualization and

cloud security

Immature

management tools

Unmet compliance

requirements

43%

Additional

concerns

#1 concern

with cloud

Virtualization and Clouds Have Inherent Risks at Many Layers

4

Users Administrators

Management Layer

vCenter

Software Layer

App Data

Device

Cloud

Hypervisor

Physical Layer

App Data

Device

Virtual

People Layer

Infrastructure Bare Metal

Users Administrators

Management Layer

vCenter

Software Layer

App Data

Device

Cloud

Hypervisor

Physical Layer

App Data

Device

Virtual

People Layer

Infrastructure Bare Metal

Management Layer Risks

5

2Policy risk Control policies vary based

on physical and virtual

machines and can lead to

unapproved connectivity and

management plane actions

1Access riskMultiple remote management

by tools and administrators

lead to access control security

risks through vCenter, SSH,

Third Party Management,

passed-on privileges

Users Administrators

Management Layer

vCenter

Software Layer

App Data

Device

Cloud

Hypervisor

Physical Layer

App Data

Device

Virtual

People Layer

Infrastructure Bare Metal

Software Layer Risks

6

5

Configuration risk Hypervisors can have

incorrect, poorly scripted,

changed configurations,

leading to risks

3

Concentration riskThousands of apps, data

and devices are collapsed

into a single cloud

software layerData risk Virtualization and cloud

environments have

shared storage and

replication of data where

data is moved around

leading to further data risk

4

Users Administrators

Management Layer

vCenter

Software Layer

App Data

Device

Cloud

Hypervisor

Physical Layer

App Data

Device

Virtual

People Layer

Infrastructure Bare Metal

Physical Layer Risks

7

7Visibility riskTo control hypervisor access

by multitudes of individuals,

protocols and access

methods, it is essential to

gather user-specific logs for

full understanding of user

activity and identity

6Infrastructure breach

risk Malware may breach

infrastructure layer below

the hypervisor if the physical

layer components do not have

continual trust attestation

Industry Experts Recommend Security Best Practices for

Virtualization

8

“Secure each management interface”

“Monitor and analyze logs at all layers of the

virtualization infrastructure”1

“Enforce least privilege

and separation of duties”

“Require multi-factor

authentication

for all administrative

functions”3

“Administrative access to

the hypervisor/VMM layer

must be tightly controlled”2

1 NIST SP 800-125: Guide to Security for Full Virtualization Technologies2 Neil MacDonald, Vice President and Gartner Fellow3 PCI-DSS 2.0 Information Supplement – Virtualization Security

HyTrust Offers 2 Comprehensive Solutions

9

Automatic

Encryption for

Virtual Machines

Management

Clients

Virtual

Infrastructure

vCenter

ESXi

hosts

Addresses the policy management

issue with multi-tenancy and

administration access control,

visibility and audits

Secures virtual machines and

data with strong encryption and

key management

HyTrust DataControlTM

HyTrust CloudControlTM

4 Ways CloudControl Protects VMware Infrastructure

10

Tenant A Tenant B

RBAC, Smart-tagging, Secondary Approval

Strong Authentication

Infrastructure Hardening with Root

Password Vaulting

Audit-Quality Logging

Infrastructure configuration hardening Assesses VMware vSphere hosts to

identify configuration errors

Advanced authentication Single, secure authentication policy

enforcement point for administrators

Audit-quality logging and alertingCaptures granular, user-specific, virtual

infrastructure administrator log records for

analysis

Role based access controls

(RBAC) and 2-person authorization Highly granular role and asset based access

policies for virtual infrastructure

DataControl Protects VMs and Data in Clouds and Virtualized

Environments

11

Strong FIPS-approved encryptionAES 128/256, ensuring VMs are secure lifelong

Key management you control State-of-the-art, highly-available, security-

hardened and easy to deploy

Hardware-accelerated performance Ensures minimal latency, automatically leveraging

Intel AES-NI hardware acceleration

Operationally transparent Unique ability to encrypt and re-key

with zero downtime

Infrastructure independenceCan protect VMs in any virtualized environment,

regardless of the underlying cloud platform

Strong

Easy

Fast

Transparent

Heterogeneous

HyTrust Augments vCenter with Comprehensive Security

12

Controls access to

vCenter with

CloudControl

Controls

Offers visibility to hosts with logsfor device operations, attribute changes

and source IP addresses

InsightsPartitions

management and

security functions for

increased partitioning

Partitions

HyTrust offers

federated control

with granular

policies

Download white paper

Cloud Under Control:

How to Virtualize More by Virtualizing More Securely