Post on 29-May-2020
Matt Cooley – VMware Security Specialist – EducationMario Spallarossa – VMware Engineering – EducationNovember 2016
1
Data is Everywhere and our Schools are under Attack!In today’s K-12 environments, personal information is everywhere. Students, teachers, and employees’ personal, financial, and healthcare data exist throughout your network. Schools are struggling with the legal and moral responsibility to protect it. Unfortunately this data is more valuable;; more under attack;; and harder to protect than ever.
FERPA Compliance
“63,000 Student Social Security Numbers Stolen”
“School District’s computer network was compromised by a ransomware program and held hostage in exchange for 500 Bitcoins, which equates to approximately $125,000”
“Stolen laptop contained 2000 student health records…”
HIPAA Compliance
Understanding Cyber Attacks“East-West” attacks provide access to sensitive data
MATH201
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
101101001101010010100000101001110010100
Traditional Approach to Protecting our Schools
Access through the front door is tightly controlled in today’s schools
But one open window will give you run of the building…
Traditional Approach to Protecting our Schools
Today We Guard the Front Door of Our NetworksSchools are spending more on digital security than ever before – But one breach can cost everything!
Next Generations Firewalls $$$
Intrusion Prevention & Detection $$$
Antivirus $$$
Anti Malware $$$101101001101010010100000101001110010100
Increasing Physical Security is a challenge…
Operationally infeasible andpotentially counter productive
• Increasing data center security –more firewalls –provides diminishing returns at significant capital expense.
• In addition, operational overhead increases dramatically as the number of firewalls in the environment increases.
8
And the Data Center is no different
Software Defined Networking (SDN) changes it all
VMware’s NSX security platform allows you to put a Virtual Lock and Guard
on every door of the digital school.
FinanceMarketing HREngineering
Micro-SegmentationAligning Security to the Mission, not the Network…
Micro-Segmentation allows every workload to have its own perimeter defense system, blocking east-west attacks and preventing threats from moving through the data center...
Operational policies are built dynamically, allowing security to scale efficiently throughout the environment…
Mr. Smith(Faculty)
Isabella(Students)
Blackboard Banner Email InternetNetwork
Students Faculty
Security Unique to Every User…
New Technologies mean New Challenges…
Just as adding mobile classroom to address student capacity complicate the physical protection of a school environment;; mobile devices make securing the digital
school exponentially more complex and exposed to new threats.
Micro-Segmentation enables a “Secure Digital Backpack”Providing a seamless, secure educational experience
MATH201
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
VMware’s E-Rate EligibilityWe agree with commenters that virtualized products, including hardware and software, that perform the same functions as eligible internal connections equipment are eligible. 54 We also agree that virtualized functionalities such as Software Defined Networking (SDN) and Network Function Virtualization (NFV)–solutions that virtualize eligible routing, switching, controller, and firewall functionalities–are eligible and may be a more cost effective solution than traditional wireless local area network components. 55 We emphasize, however that only virtualized solutions that perform the functions of eligible broadband internal connections are eligible. - FCC Order adopted September 11, 2015
E-Rate Use Case – Secure, Integrated District
CONFIDENTIAL 15
• Customers can leverage the virtual routing, switching, and firewall features of NSX to avoid physical hardware purchases.
• Customers can leverage the virtual firewalling capabilities of NSX to manage the inbound and outbound traffic between datacenter virtual machines, remote sites, and the public internet.
• Customers can leverage the NSX Firewall to secure communication channels with remote users and locations.
• Virtual networking and security components can coexist on common hardware and while still maintaining isolation between security zones.
Learn more:vmware.com/industry/education/e-rate 16
Key Takeaways• Traditional data center security is not sufficient. Attackers find weak points on the network and then move laterally to your sensitive data.
• Micro-segmentation protects against lateral attacks by protecting every workload in your data center. Attacks may still happen, but attackers are not able to move through the network.
• Don’t put off building your Cyber Security Plan until it is too late!
Thank you!