Overcoming Today’s

Top Data Security

Virtualization Challenges

TASSCC TEC 2010 Presentation

Anyck Turgeon

Chief of Information Strategy & Security

Crossroads Systems

3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 2

Agenda

� New Virtualization Targets & Drivers

� A Brave Past

� The Next Step

� Resolving Today’s Top V-Security Challenges:

� Patch Management

� Offline VM Management

� Access Management

� Separation Upon Recovery

� Security Controls and Policies

� Recommendations

3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 3

Economic Evolution…

Name Dates Duration Unemployment

1980 Recession Jan-July 1980 6 months 7.8%

Early 1980’s Recession July 1981- Nov.

19821 yr, 4months 10.8%

1990 Recession July 1990- March 1991 8 months 7.8%

2001 Recession March- Nov. 2001 8 months 6.3%

2008 Recession Dec. 2007-Dec. 2009 2 years 10.2%

1 2 31980 Recession 2001 Recession 2008 Recession

Internet adoption, ATM’s,

Electronic bankingDot.com Era Virtualization, Cloud

Computing, Windows7

3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 4

Facing the Next Wave…

With Social Media

End-Users

Corporations

Governments

End-Users

Corporations

Governments

Drivers’License

HousePermit

IncomeTax

CriminalRecord

BirthCertificate

Visas

Security

ApplicationDeveloper

SystemAdministrator

NetworkAdministrator

DBA

Compliance

StorageAdmin

FinancialHealth

Legal Personal

CREATION EXPANSION OVER-GROWTH HYPER-GROWTH

86-92% of companies are using virtualization for cost containment

Virtual Consuming

Entities

&

VirtualResources

3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 5

Operating System = Virtual Memory System (VMS) for mainframes

Networking = Virtual LAN (VLAN)

Storage Virtualization

ABSTRACTION

“Most virtual machines will be less secure than the physical devices they will replace”

N. MacDonald

Virtualization:

Not a new science, but managing growth will be!

PAST PRESENT

Memory Virtualization

AccelerationOf

change

3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 6

A New Era:

Virtual Security for Consumers and Resources???

When does virtualization

cost too much?

- Security …

- Over Extension …

(Management & Transparency)

- Privacy …

VIRTUALIZATION MATURITY:- 80% of all IT initiatives are virtualized and deliver up to 16% in enhanced customersatisfaction – Jim Fortner, Proctor & Gamble- 95% of IT executives plan on usingvirtualization to face next year’s workloadincrease (66%) – Computer World- Older technology is 53% more vulnerableto security risks - Wipro study

UK GOV:

32,000 vulnerabilities

72,000 solutions

11,000 vendors

3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 7

Common Security Issue #1:

Patch Management

HARDWARE

HYPERVISOR

V-MONITOR

VirtualMachine

V-OS

V-Apps

VirtualMachine

V-OS

V-Apps

Virtual

Machine

V-OS

V-AppsCHALLENGES:

- Timely deployment

- Pervasive reach (configuration)

- Conflicts management

SOLUTIONS:

- Security-Born Architecture

- Continuous Audits

- Root of Trust Measurements

3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 8

Common Security Issue #2:

Offline VMs Management

HARDWARE

HYPERVISOR

V-MONITOR

VirtualMachine

V-OS

V-Apps

VirtualMachine

V-OS

V-Apps

VirtualMachine

V-OS

V-Apps

VirtualMachine

V-OS

V-Apps

COPY

- Disaster Recovery- Load Balancing- Better Performance- High Availability

*** WIRELESS

PROBLEM:

Patch deployment

RISK:

Global penetration &

infection

SOLUTIONS:

1)Separate patch injection

2) Mount in quarantine

mode & patch

3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 9

Common Security Issue #2:

Offline VMs Management

HARDWARE

HYPERVISOR

V-MONITOR

VirtualMachine

V-OS

V-Apps

VirtualMachine

V-OS

V-Apps

VirtualMachine

V-OS

V-Apps

VirtualMachine

V-OS

V-Apps

COPY

- Disaster Recovery- Load Balancing--Better Performance-High-availability

*** WIRELESS

PROBLEM:

Audit Configuration

RISK:

Orphans

SOLUTION:

Check-in/Check-Out

3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 10

Common Security Issue #3:

Access Management

HARDWARE

HYPERVISOR

V-MONITOR

VirtualMachine

V-OS

V-Apps

VirtualMachine

V-OS

V-Apps

VirtualMachine

V-OS

V-Apps

PROBLEM:

Integration with multi-

dimensional profile

management solution

with access control for

separation of duty

RISK:

The “invisible inside” thief

privacy penalties

SOLUTIONS:

Storage-security inclusion

upon business plans and

on-going tests

Virtual Switch

- Dev/test

- FISMA/HIPAA- Top secret- Confidential- Financial & HR

data

3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 11

Common Security Issue #4:

Separation Upon Recovery

HARDWARE

HYPERVISOR

V-MONITOR

VirtualMachine

V-OS

V-Apps

VirtualMachine

V-OS

V-Apps

VirtualMachine

V-OS

V-Apps

BACKUP

PROBLEM:

Backup and Recovery

RISK:

Breach of Resources

SOLUTION:

Security must be part

of the full virtual

lifecycle data

management

adventureHARDWARE

HYPERVISOR

V-MONITOR

VirtualMachine

V-OS

V-Apps

VirtualMachine

V-OS

V-Apps

VirtualMachine

V-OS

V-Apps

3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 12

Common Security Issue #5:

Security Controls and Policies

HARDWARE

HYPERVISOR

V-MONITOR

VirtualMachine

V-OS

V-Apps

VirtualMachine

V-OS

V-Apps

VirtualMachine

V-OS

V-AppsPROBLEM:

Partial implementation as an afterthought

RISK:

Infection of all resources

How do you know if VM1 is not infecting

VM3 instead of talking to it?

SOLUTIONS:

Ongoing e-discovery audits & testing of

security controls

Security tools at the virtual layer instead of

IP or MAC addresses

3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 13

Recommendations

For Improved Security Virtualization

� HIGH AVAILABILITY & DETERRENCE : Architect, test and implement security policies, tools and practices, including ID management security policy integration, virtual switches and virtualized firewalls/IPS solutions

� PERFORMANCE: Handle storage, memory, hardware, network, computing capabilities separately, and then, build security rules – especially for APIs to external apps, data, etc.

� TRANSPARENCY: Acquire a near real-time centralized dashboard with advanced queries management, management + security portlets pervasively & customized views

� Off-set control costs through new shared services for virtual communities

� Test 3rd party entities (especially providers of the next wave – cloud computing)

Plan BIG

Start SMALL,

VERY SMALL

The Next Generation:

A Cloudy Sky…

Deployment Models User Experience

1. “If we build it right, they will come”

2. “They’ll use it if it’s their only choice”

3. “ “We can do it [Solution Adoption] later if we need it”

4. “Non-use means resistance”

5. “All users are the same”

6. “You’ll never get everyone to use the portal – just forget about the last 10%”

7. “Traditional communication and training will work”

8. “Do it once, why do it again?” / SECURITY IS A CONCERN @ NANOSECOND

Common

Pitfalls

3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 15

THANK YOU!

For more information contact:

Anyck Turgeonaturgeon@crossroads.com

Crossroads Systems, Inc.11000 North Mo-Pac Expressway

Austin, Texas 78759TEL: 866.289.2737 / 512.349.0300

EMAIL: sales@crossroads.com

© 2010 Crossroads Systems, Inc. Crossroads, RVA, ShareLoader, TapeSentry, FMA,

XpanDisk and XpanTape are registered trademarks of Crossroads Systems, Inc.

Crossroads Systems, ReadVerify and ArchiveVerify are trademarks of Crossroads Systems,

Inc. All other trademarks are the property of their respective owners.