© 2016 VMware Inc. All rights reserved.

Andrew Pearce EMEA NSX Architect

How NSX can help to comply with General Data Protection Regulation (GDPR)?

What is GDPR?

• Name: General Data Protection Regulation,

• Purpose: to replace existing Data Protection legislation in-acted by various EU member-states (28 different laws and regulations) with a single, unified regulation for protecting the personal data of EU citizens.

• Scope: The regulation applies if the data controller or processor (organization) or the data subject (person) is based in the EU

• New rules:

– Right « to be forgotten »: When you no longer want your data to be processed, they must delete it.

– Easier access to One’s data: Better visibility on personal data processing

– Right to data portability: Easy transfer of personal data (to individuals)

– The right to know when one’s data has been hacked:

• Mandatory for large enterprises and organization (handling more than 5000 EU Residents data / year)

• Data breaches publicly notified

– Data protection by design and by default: Develop new methods and technologies for security and protection of personal data.

– Stronger enforcement of the rules: Significant sanctions and fines

2

What changes from previous laws/regulations?

• Large enterprises and organizations will be required to perform Data Privacy Impact Assessments (DPIA’s):

– to identify how data handling procedures and processes (including what Personal Data is used for) could impact the safety of information associated to data-subjects, and overall compliance of that information under the GDPR.

• Data Protection Officers (DPO’s): New regulation will force large enterprises and organizations to appoint a DPO:

• Independent, act as a contact point for the supervisory Authority,

• Similar, but not same as Compliance Officer: expected to be proficient at managing IT processes and data security (including cyber-attacks)

• Monitor the performance and application of Data Protection Impact Assessment,

3

Data breaches notification and sanctions

• DPO is under a legal obligation to notify the Supervisory Authority of all data breaches without undue delay, within 72 hours.

• The new Regulation will come with fines up to 4% of annual group-wide revenue or €20 million, whichever is higher, based on 3 categories of infringements:

– Category 1: infringements relating to Controller and Processors obligations: up to €10 million or 2% of annual group-wide revenue,

– Category 2: infringements to the rights of data subjects and general principles: up to €20 million or 4% of annual groupe-wide revenue,

– Category 3: infringements concerns non-compliance with an order by the supervisory authority: up to €20 million or 4% of annual groupe-wide revenue,

4

These are substantial changes that all organizations should take on board when allocating budget

and priority to Data Protection and Information Security

How NSX will help to comply with GDPR? Protect, Control, Remediate

5

How VMware NSX will help to comply with GDPR?

• Security by design and by default: NSX provides a zero-trust security model inside Datacenters and clouds. Micro-segmentation tightens the security of VMs and enables East-West traffic inspection without additional costs or traffic engineering.

6

How an SDDC approach makes micro-segmentation feasible

7

Internet

Security Policy

Perimeter Firewalls

Cloud

Management

Platform

How VMware NSX will help to comply with GDPR?

• Security by design and by default: NSX provides a zero-trust security model inside Datacenters and clouds. Micro-segmentation tightens the security of VMs and enables East-West traffic inspection without additional costs or traffic engineering.

8

• Minimizing Risk: Security-groups allow building adaptive, application centric security policy where VMs will land, immediately once they are provisioned, and inherit their FW rules in accordance to applications requirements.

Intelligent grouping Groups defined by customized criteria

Operating System Machine Name

Application Tier

Services

Security Posture Regulatory

Requirements

How VMware NSX will help to comply with GDPR?

• Security by design and by default: NSX provides a zero-trust security model inside Datacenters and clouds. Micro-segmentation tightens the security of VMs and enables East-West traffic inspection without additional costs or traffic engineering.

11

• Minimizing Risk: Security-groups allow building adaptive, application centric security policy where VMs will land, immediately once they are provisioned, and inherit their FW rules in accordance to applications requirements.

• Real-time Security Level monitoring: Network and Guest introspection will help to monitor the VM security posture and dynamically move them to Quarantine Security-group if they are comprimised

Network and Guest Introspection with 3rd Parties

ACTION (then) ATTRIBUTE (if)

Virus found

IIS.EXE

Vulnerability found (old software version)

“PCI”

Sensitive Data Found

Allow & Encrypt*

Restrict access

while investigating

OR

Automated detection of

security conditions

(virus, vulnerability, etc.)

Security policies define

automated actions

Security operations are automated and adapt to

dynamic conditions

Monitor VM with IPS

Quarantine VM with Firewall

How VMware NSX will help to comply with GDPR?

• Security by design and by default: NSX provides a zero-trust security model inside Datacenters and clouds. Micro-segmentation tightens the security of VMs and enables East-West traffic inspection without additional costs or traffic engineering.

13

• Minimizing Risk: Security-groups allow building adaptive, application centric security policy where VMs will land, immediately once they are provisioned, and inherit their FW rules in accordance to applications requirements.

• Real-time Security Level monitoring: Network and guest introspection will help to monitor the VM security posture and dynamically move them to Quarantine Security-group if they are comprimised

• Data Privacy Impact Assessment: NSX and vROps, Loginsight and vRNI will help organizations and their DPO to build their Data Privacy Impact Assessment by delivering a realistic security overview on the whole Datacenter. (Underlay and Overlay)

vRNI Security Operations, Audit and Compliance

15

• Real Time Visibility into Security Group Memberships & Effective Firewall Rules for a VM, between VMs and between VM and Physical

• Datacenter Time Machine - Track Changes for Troubleshooting or Audit

• Compliance Engine with a Simple Google-like Search Interface to Write Policies and Set Alerts

• Instant Alerting Upon Policy Violation and Non Compliance

How VMware NSX will help to comply with GDPR?

• Security by design and by default: NSX provides a zero-trust security model inside Datacenters and clouds. Micro-segmentation tightens the security of VMs and enables East-West traffic inspection without additional costs or traffic engineering.

17

• Minimizing Risk: Security-groups allow building adaptive, application centric security policy where VMs will land, immediately once they are provisioned, and inherit their FW rules in accordance to applications requirements.

• Real-time Security Level monitoring: Network and guest introspection will help to monitor the VM security posture and dynamically move them to Quarantine Security-group if they are comprimised

• Encrypting Data in motion: NSX Edge provide IPSec and SSL VPN tunneling to users and partners outside a customers datacenters(*)

(*): DNE will enhance these capabilities

• Data Privacy Impact Assessment: NSX and vROps, Loginsight and vRNI will help organizations and DPO to build their Data Privacy Impact Assessment by delivering a realistic security overview on the whole Datacenter. Underlay and Overlay

Summary – How will GDPR impact you “Data Protection by design and by default”

No environment is 100% secure – but a zero trust security model will provide far greater protection

IT Security Experts, are going to be in High Demand

Senior management in your organisation will be more concerned with security / data protection, because of the risk to the business.

Ensure high levels of encryption and authentication are used wherever possible

Engage with VMware now.

Remember that VMware has solutions that Protect you from security breaches in ways other vendors can’t achieve.

VMware has Management tools to help DPO’s with DPIA’s

Thank You

The industry leading Network and Security Virtualisation platform

Go to the next session in Breakout Room 2. To learn how VMware and TrendMicro, can provide a secure, and flexible working environment for mobile users.

Backup Slides

Problem: Data Center Network Security Perimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible

Little or no

lateral controls

inside perimeter

Internet Internet

Insufficient Operationally Infeasible