Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Overcoming Today’s
Top Data Security
Virtualization Challenges
TASSCC TEC 2010 Presentation
Anyck Turgeon
Chief of Information Strategy & Security
Crossroads Systems
3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 2
Agenda
� New Virtualization Targets & Drivers
� A Brave Past
� The Next Step
� Resolving Today’s Top V-Security Challenges:
� Patch Management
� Offline VM Management
� Access Management
� Separation Upon Recovery
� Security Controls and Policies
� Recommendations
3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 3
Economic Evolution…
Name Dates Duration Unemployment
1980 Recession Jan-July 1980 6 months 7.8%
Early 1980’s Recession July 1981- Nov.
19821 yr, 4months 10.8%
1990 Recession July 1990- March 1991 8 months 7.8%
2001 Recession March- Nov. 2001 8 months 6.3%
2008 Recession Dec. 2007-Dec. 2009 2 years 10.2%
1 2 31980 Recession 2001 Recession 2008 Recession
Internet adoption, ATM’s,
Electronic bankingDot.com Era Virtualization, Cloud
Computing, Windows7
3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 4
Facing the Next Wave…
With Social Media
End-Users
Corporations
Governments
End-Users
Corporations
Governments
Drivers’License
HousePermit
IncomeTax
CriminalRecord
BirthCertificate
Visas
Security
ApplicationDeveloper
SystemAdministrator
NetworkAdministrator
DBA
Compliance
StorageAdmin
FinancialHealth
Legal Personal
CREATION EXPANSION OVER-GROWTH HYPER-GROWTH
86-92% of companies are using virtualization for cost containment
Virtual Consuming
Entities
&
VirtualResources
3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 5
Operating System = Virtual Memory System (VMS) for mainframes
Networking = Virtual LAN (VLAN)
Storage Virtualization
ABSTRACTION
“Most virtual machines will be less secure than the physical devices they will replace”
N. MacDonald
Virtualization:
Not a new science, but managing growth will be!
PAST PRESENT
Memory Virtualization
AccelerationOf
change
3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 6
A New Era:
Virtual Security for Consumers and Resources???
When does virtualization
cost too much?
- Security …
- Over Extension …
(Management & Transparency)
- Privacy …
VIRTUALIZATION MATURITY:- 80% of all IT initiatives are virtualized and deliver up to 16% in enhanced customersatisfaction – Jim Fortner, Proctor & Gamble- 95% of IT executives plan on usingvirtualization to face next year’s workloadincrease (66%) – Computer World- Older technology is 53% more vulnerableto security risks - Wipro study
UK GOV:
32,000 vulnerabilities
72,000 solutions
11,000 vendors
3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 7
Common Security Issue #1:
Patch Management
HARDWARE
HYPERVISOR
V-MONITOR
VirtualMachine
V-OS
V-Apps
VirtualMachine
V-OS
V-Apps
Virtual
Machine
V-OS
V-AppsCHALLENGES:
- Timely deployment
- Pervasive reach (configuration)
- Conflicts management
SOLUTIONS:
- Security-Born Architecture
- Continuous Audits
- Root of Trust Measurements
3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 8
Common Security Issue #2:
Offline VMs Management
HARDWARE
HYPERVISOR
V-MONITOR
VirtualMachine
V-OS
V-Apps
VirtualMachine
V-OS
V-Apps
VirtualMachine
V-OS
V-Apps
VirtualMachine
V-OS
V-Apps
COPY
- Disaster Recovery- Load Balancing- Better Performance- High Availability
*** WIRELESS
PROBLEM:
Patch deployment
RISK:
Global penetration &
infection
SOLUTIONS:
1)Separate patch injection
2) Mount in quarantine
mode & patch
3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 9
Common Security Issue #2:
Offline VMs Management
HARDWARE
HYPERVISOR
V-MONITOR
VirtualMachine
V-OS
V-Apps
VirtualMachine
V-OS
V-Apps
VirtualMachine
V-OS
V-Apps
VirtualMachine
V-OS
V-Apps
COPY
- Disaster Recovery- Load Balancing--Better Performance-High-availability
*** WIRELESS
PROBLEM:
Audit Configuration
RISK:
Orphans
SOLUTION:
Check-in/Check-Out
3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 10
Common Security Issue #3:
Access Management
HARDWARE
HYPERVISOR
V-MONITOR
VirtualMachine
V-OS
V-Apps
VirtualMachine
V-OS
V-Apps
VirtualMachine
V-OS
V-Apps
PROBLEM:
Integration with multi-
dimensional profile
management solution
with access control for
separation of duty
RISK:
The “invisible inside” thief
privacy penalties
SOLUTIONS:
Storage-security inclusion
upon business plans and
on-going tests
Virtual Switch
- Dev/test
- FISMA/HIPAA- Top secret- Confidential- Financial & HR
data
3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 11
Common Security Issue #4:
Separation Upon Recovery
HARDWARE
HYPERVISOR
V-MONITOR
VirtualMachine
V-OS
V-Apps
VirtualMachine
V-OS
V-Apps
VirtualMachine
V-OS
V-Apps
BACKUP
PROBLEM:
Backup and Recovery
RISK:
Breach of Resources
SOLUTION:
Security must be part
of the full virtual
lifecycle data
management
adventureHARDWARE
HYPERVISOR
V-MONITOR
VirtualMachine
V-OS
V-Apps
VirtualMachine
V-OS
V-Apps
VirtualMachine
V-OS
V-Apps
3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 12
Common Security Issue #5:
Security Controls and Policies
HARDWARE
HYPERVISOR
V-MONITOR
VirtualMachine
V-OS
V-Apps
VirtualMachine
V-OS
V-Apps
VirtualMachine
V-OS
V-AppsPROBLEM:
Partial implementation as an afterthought
RISK:
Infection of all resources
How do you know if VM1 is not infecting
VM3 instead of talking to it?
SOLUTIONS:
Ongoing e-discovery audits & testing of
security controls
Security tools at the virtual layer instead of
IP or MAC addresses
3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 13
Recommendations
For Improved Security Virtualization
� HIGH AVAILABILITY & DETERRENCE : Architect, test and implement security policies, tools and practices, including ID management security policy integration, virtual switches and virtualized firewalls/IPS solutions
� PERFORMANCE: Handle storage, memory, hardware, network, computing capabilities separately, and then, build security rules – especially for APIs to external apps, data, etc.
� TRANSPARENCY: Acquire a near real-time centralized dashboard with advanced queries management, management + security portlets pervasively & customized views
� Off-set control costs through new shared services for virtual communities
� Test 3rd party entities (especially providers of the next wave – cloud computing)
Plan BIG
Start SMALL,
VERY SMALL
The Next Generation:
A Cloudy Sky…
Deployment Models User Experience
1. “If we build it right, they will come”
2. “They’ll use it if it’s their only choice”
3. “ “We can do it [Solution Adoption] later if we need it”
4. “Non-use means resistance”
5. “All users are the same”
6. “You’ll never get everyone to use the portal – just forget about the last 10%”
7. “Traditional communication and training will work”
8. “Do it once, why do it again?” / SECURITY IS A CONCERN @ NANOSECOND
Common
Pitfalls
3/16/2010 Crossroads - @ TASSCC TEX 2010 Page 15
THANK YOU!
For more information contact:
Anyck [email protected]
Crossroads Systems, Inc.11000 North Mo-Pac Expressway
Austin, Texas 78759TEL: 866.289.2737 / 512.349.0300
EMAIL: [email protected]
© 2010 Crossroads Systems, Inc. Crossroads, RVA, ShareLoader, TapeSentry, FMA,
XpanDisk and XpanTape are registered trademarks of Crossroads Systems, Inc.
Crossroads Systems, ReadVerify and ArchiveVerify are trademarks of Crossroads Systems,
Inc. All other trademarks are the property of their respective owners.