Congress is an OpenStack project that provides policy as a service across any collection of cloud services in order to offer governance and compliance for dynamic infrastructures. In this lab users will get access to a live OpenStack setup with congress already installed and will be able to walk through several key congress deployment use cases and get hands on experience working with congress. Users will write policies that i…Full session details here:
VMware Cloud Compass — Risk Assessment
The VMware Cloud Compass evaluates risks in 4 categories: availability, governance & compliance, security & privacy and business relationship management. VMware's Craig Stanley details how users can use VMware Cloud Compass risk assessment to mitigate their risks when moving to the cloud.
Today, Coalfire Systems, Inc. announced that it has established the VMware Compliance Lab, a center of excellence and that designs, tests and promotes IT security best practices and audit guidelines for virtualized computing environments.
The VMware Compliance Lab, housed in Coalfire’s Seattle office, provides partners and end users with the information and tools they need to expedite the audit process and ensure compliance with major IT security standards, including PCI DSS, HIPAA/HITECH, GLBA, FISMA and FedRAMP. As a fully-independent IT Governance, Risk and Compliance firm, Coalfire gathers reference architecture and controls data from VMware, tests those controls in both the lab and the field, and issues guidance documents that security professionals can use to manage risk and compliance. In addition to VMware products, the Lab also houses and tests controls information from other products built on the VMware reference architecture, including solutions from EMC, RSA, HP, Symantec, McAfee and LogRhythm.
“Coalfire is partnering with VMware and other industry leaders to promote security and compliance in virtualized environments,” said Rick Dakin, CEO, co-founder and senior strategist at Coalfire. “Our lab provides a clearinghouse of un-biased, tested and proven best practices, and as those best practices are adopted in the field, end users will be able to streamline and risk and compliance efforts.”
”Coalfire’s thought leadership and IT audit expertise enables our partners and customers to confidently virtualize highly regulated workloads and meet their regulatory requirements. The guidance provided by Coalfire coupled with VMware’s proven leadership and ecosystem enables enterprises to use their virtualization investment as they move business critical applications to the cloud,” said Parag Patel, vice president, Global Strategic Alliances.
Coalfire is a leading, independent information technology Governance, Risk and Compliance (IT GRC) firm that provides IT audit, risk assessment and compliance management solutions. Founded in 2001, Coalfire has offices in Dallas, Denver, Los Angeles, New York, San Francisco, Seattle and Washington, D.C. and completes thousands of projects annually in retail, financial services, healthcare, government and utilities.
Efficiency, automation, and availability are some of the key benefits of cloud computing. However, many organizations may not be able to take advantage of these benefits due to concerns with regulatory compliance and security risks such as provider access to tenant data.
As more data moves to private or public clouds, the number of super-users with access to an organization’s data multiplies, the risk of VMs being copied without the owner knowing increases, the possibility of temporary file trails rises, and the organization’s data is more vulnerable to being compromised. To address the data security issues and deliver control and governance of data in the cloud, SafeNet, a global leader in data protection introduces ProtectV, an encryption solution that has achieved VMware Ready™ status.
- ProtectV provides a complete data encryption solution for virtualized and cloud environments, to provide data control, governance and visibility and enable compliance.
- Customers can now migrate mission-critical applications to virtual/cloud environments while ensuring data ownership through encryption and control of sensitive data. SafeNet ProtectV is compatible with VMware vCenter™ and VMware vShield™ virtual infrastructures as well as AWS EC2 & EBS environments.
- With ProtectV, customers can secure critical data throughout the information lifecycle – from provisioning to termination. Key capabilities include encryption of VMs, pre-launch authentication, central auditing and FIPS certified key management.
ProtectV enables virtual machines and storage volumes to be as secure as physical servers and storage in robust, secure on-premise environment. Customers can reap the full benefits of agility and cost savings by turning their virtual datacenter or cloud into a trusted environment with data governance, control and security.
SafeNet ProtectV is compatible with VMware vShield™ and VMware vCenter™. In addition, SafeNet ProtectV can be used by Amazon Web Services customers to secure their critical data in the cloud.
According to Mike Rothman of Securosis, “The flexibility and abstraction of the cloud means many privileged users can create new virtual instances or copies of virtual environments outside of the management console. They can also change access keys, add access or entitlements, or change permissions. This means that organizations don’t have the same level of control over network access and it’s easier for new virtual servers to be created out of thin air, significantly increasing the risk of data exposure. Security needs to be implemented directly within the virtualized instances, and organizations cannot rely solely on the cloud infrastructure to provide it.”
SafeNet ProtectV helps organizations address these challenges with a solution that centralizes the management of encrypting VMs in AWS and VMware environments. Users can manage the policy of what VMs encrypt and who should have access and by doing so, ensuring unified security policies throughout. In this way, it is possible to enjoy the advantages of the cloud and virtualization, while at the same time, achieving full, auditable compliance with regulations and maintaining the visibility for governance.
Complete VM Security and Data Isolation: SafeNet ProtectV provides granular, full-VM encryption, pre-launch authentication and an on-premise hardware root of trust, delivering comprehensive protection throughout the information lifecycle. ProtectV enables you to run your systems as if it was your own private data center, even in co-mingled or multi-tenant environments. Security teams are now able to properly isolate sensitive assets and maintain ownership of their data throughout its lifecycle.
Protection from Rogue Admins: All VMs and associated storage volumes are encrypted, from the VM instances, snapshots and backups, across locations and disaster recovery sites. Super User Admins, who may have control of the virtualization infrastructure, cannot access the encrypted VMs.
Enforced Compliance: ProtectV provides undisputed control and proof of data governance through audit logs. ProtectV enables organizations to enforce the proper controls, present a trusted audit control regardless of where the data is hosted or stored and sustain compliance with regulations, including PCI DSS, HIPAA and HITECH.
Data Governance and Visibility: ProtectV affords cloud security visibility through a centralized policy enforcement and audit point. SafeNet provides a trusted, high assurance key management environment, delivering undisputed ownership of data and keys. As a result, organizations and their compliance auditors are assured complete control of their keys to their data and ownership with the complete logs for the necessary visibility.
Cross-Platform Key Management: Even the best encryption is meaningless without proper key management. As part of SafeNet’s data protection portfolio, SafeNet ProtectV integrates with SafeNet’s Enterprise Key Management solution, KeySecureTM. KeySecure enables security teams to centrally and uniformly manage cryptographic keys across a wide variety of their organization’s encryption platforms, streamlining key and policy administration.
WEBINAR Automating Data Governance With Advanced Data Virtualization 8.22.2011.mp4
WEBINAR Automating Data Governance with advanced data virtualization.