manage virtual infrastructure with hytrust
DESCRIPTION
Download the white paper from http://info.hytrust.com/cloud-under-control Every enterprise's top concern is security. There has been an increase in risks likedata breach and misconfiguration that occurs within virtualization and cloud environments. Take a look at this presentation to understand how HyTrust can significantly mitigate cloud risk with its software systems: HyTrust Data Control and HyTrust Cloud Control.TRANSCRIPT
Cloud Under Control:
Virtualize More by Virtualizing More Securely
Virtualization and Clouds are the Foundation for Modern IT
2
Ref: Forrester webinar with HyTrust
48%
Use public cloud
55%
Build internal
private cloud
Organizations need to
reduce costs and support
business agility
To do so, they’re adopting
virtualized server infrastructures
and public cloud Infrastructure
as a Service (IaaS)
Ref: Forrester webinar with HyTrust
Security is a Persistent Issue
3
26%21%
Virtualization and
cloud security
Immature
management tools
Unmet compliance
requirements
43%
Additional
concerns
#1 concern
with cloud
Virtualization and Clouds Have Inherent Risks at Many Layers
4
Users Administrators
Management Layer
vCenter
Software Layer
App Data
Device
Cloud
Hypervisor
Physical Layer
App Data
Device
Virtual
People Layer
Infrastructure Bare Metal
Users Administrators
Management Layer
vCenter
Software Layer
App Data
Device
Cloud
Hypervisor
Physical Layer
App Data
Device
Virtual
People Layer
Infrastructure Bare Metal
Management Layer Risks
5
2Policy risk Control policies vary based
on physical and virtual
machines and can lead to
unapproved connectivity and
management plane actions
1Access riskMultiple remote management
by tools and administrators
lead to access control security
risks through vCenter, SSH,
Third Party Management,
passed-on privileges
Users Administrators
Management Layer
vCenter
Software Layer
App Data
Device
Cloud
Hypervisor
Physical Layer
App Data
Device
Virtual
People Layer
Infrastructure Bare Metal
Software Layer Risks
6
5
Configuration risk Hypervisors can have
incorrect, poorly scripted,
changed configurations,
leading to risks
3
Concentration riskThousands of apps, data
and devices are collapsed
into a single cloud
software layerData risk Virtualization and cloud
environments have
shared storage and
replication of data where
data is moved around
leading to further data risk
4
Users Administrators
Management Layer
vCenter
Software Layer
App Data
Device
Cloud
Hypervisor
Physical Layer
App Data
Device
Virtual
People Layer
Infrastructure Bare Metal
Physical Layer Risks
7
7Visibility riskTo control hypervisor access
by multitudes of individuals,
protocols and access
methods, it is essential to
gather user-specific logs for
full understanding of user
activity and identity
6Infrastructure breach
risk Malware may breach
infrastructure layer below
the hypervisor if the physical
layer components do not have
continual trust attestation
Industry Experts Recommend Security Best Practices for
Virtualization
8
“Secure each management interface”
“Monitor and analyze logs at all layers of the
virtualization infrastructure”1
“Enforce least privilege
and separation of duties”
“Require multi-factor
authentication
for all administrative
functions”3
“Administrative access to
the hypervisor/VMM layer
must be tightly controlled”2
1 NIST SP 800-125: Guide to Security for Full Virtualization Technologies2 Neil MacDonald, Vice President and Gartner Fellow3 PCI-DSS 2.0 Information Supplement – Virtualization Security
HyTrust Offers 2 Comprehensive Solutions
9
Automatic
Encryption for
Virtual Machines
Management
Clients
Virtual
Infrastructure
vCenter
ESXi
hosts
Addresses the policy management
issue with multi-tenancy and
administration access control,
visibility and audits
Secures virtual machines and
data with strong encryption and
key management
HyTrust DataControlTM
HyTrust CloudControlTM
4 Ways CloudControl Protects VMware Infrastructure
10
Tenant A Tenant B
RBAC, Smart-tagging, Secondary Approval
Strong Authentication
Infrastructure Hardening with Root
Password Vaulting
Audit-Quality Logging
Infrastructure configuration hardening Assesses VMware vSphere hosts to
identify configuration errors
Advanced authentication Single, secure authentication policy
enforcement point for administrators
Audit-quality logging and alertingCaptures granular, user-specific, virtual
infrastructure administrator log records for
analysis
Role based access controls
(RBAC) and 2-person authorization Highly granular role and asset based access
policies for virtual infrastructure
DataControl Protects VMs and Data in Clouds and Virtualized
Environments
11
Strong FIPS-approved encryptionAES 128/256, ensuring VMs are secure lifelong
Key management you control State-of-the-art, highly-available, security-
hardened and easy to deploy
Hardware-accelerated performance Ensures minimal latency, automatically leveraging
Intel AES-NI hardware acceleration
Operationally transparent Unique ability to encrypt and re-key
with zero downtime
Infrastructure independenceCan protect VMs in any virtualized environment,
regardless of the underlying cloud platform
Strong
Easy
Fast
Transparent
Heterogeneous
HyTrust Augments vCenter with Comprehensive Security
12
Controls access to
vCenter with
CloudControl
Controls
Offers visibility to hosts with logsfor device operations, attribute changes
and source IP addresses
InsightsPartitions
management and
security functions for
increased partitioning
Partitions
HyTrust offers
federated control
with granular
policies
Download white paper
Cloud Under Control:
How to Virtualize More by Virtualizing More Securely