GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer....
Transcript of GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer....
![Page 1: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/1.jpg)
GLOBAL SPONSORS
![Page 2: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/2.jpg)
GLOBAL SPONSORS
Moderne InfrastrukturVMware SDN NSX Networking and GDPRChristoph AltherrSystems Engineer – NSX Specialist
![Page 3: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/3.jpg)
© Copyright 2017 Dell Inc.3
Agenda
• SDN – VMware SW-Defined Data Center (SDDC)
• GDPR – Why and What
• Facing GDPR requirements
• VMware NSX – Network and Security Virtualization
• VMware AppDefence – Validating good (intended) behavior
![Page 4: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/4.jpg)
SDNVMware SW-Defined DataCenter(SDDC)
![Page 5: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/5.jpg)
© Copyright 2017 Dell Inc.5
We built them with a problem in mind and it is very difficult to
adapt them to a different situation,
new arms or tactics…
Ever wondered why we are not building
traditional fortresses anymore?
The ever changing landscape
We built them with a problem in mind and it is very difficult to
adapt them to a different situation,
new arms or tactics…
![Page 6: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/6.jpg)
© Copyright 2017 Dell Inc.6
What is Software-Defined Data Center (SDDC)?
Hardware
Software
Data center virtualization layer
Pooled compute, storage, and network capacityVendor independent, best price/performance/serviceSimplified configuration and management
Intelligence in SoftwareOperational model of VM for data centerAutomated provisioning and configuration
![Page 7: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/7.jpg)
© Copyright 2017 Dell Inc.7
Virtualizing the NetworkDecoupling Applications from Infrastructure
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
VMVM
VMVM
APPVMVM
VMVM
APPVMVM
VMVM
APP
Topology IndependenceApplication agility without regard to the underlying physical topology
Network and Security Virtualization PlatformAligning a ubiquitous networking and security platform to the application
Pooled Data Center CapacityMaximizing utilization and offering complete flexibility
![Page 8: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/8.jpg)
GDPRGeneral Data Protection Regulation
![Page 9: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/9.jpg)
© Copyright 2017 Dell Inc.9
Why GDPR?
Personal data has significant economic impact
1 Trillion € by 2020
9 of 10 Europeansare concerned by mobile apps collecting their datat without their consent
7 Europeans out of 10Source: http://europa.eu/rapid/press-release_MEMO-14-186_en.htm
are concerned by potential use that companies can make of the information disclosed
![Page 10: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/10.jpg)
© Copyright 2017 Dell Inc.10
What is GDPR?
• Name: General Data Protection Regulation
• Purpose: To replace existing national Data Protection legislation enacted by various EU member-states (28 different laws and regulations) under the EU Data Protection Directive with a single, unified regulation for protecting Personal Data
• Scope: The regulation to all organizations established in the EU and outside of the EU if they either offer goods or services to EU data subjects or monitor the behavior of EU data subjects
• New or enhanced rules:– Right «to be forgotten»: Individuals have a right to have personal data deleted and to prevent processing in
specific circumstances [NOTE: Not a ‘new’ rule but broader expansion of right to deletion] :– Easier access to One’s data: Existing right of access expanded to include more categories and it must be
free (i.e. individuals cannot be charged an admin fee as previously allowed under national law).– Right to data portability: New right to transfer between controllers (i.e. easier for individuals to transfer
personal data from one IT environment to the other)– The right to know when one’s data has been hacked: New breach reporting requirements - controller to
notify regulators and data subjects within 72 hours if ‘high’ riskSource: http://europa.eu/rapid/press-release_IP-12-46_en.htm
Any organization who fails to comply with the GDPR could face severe penalties!
![Page 11: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/11.jpg)
© Copyright 2017 Dell Inc.11
Why GDPR is challenging for organizations?
The challenge for organizations facing the GDPR is that:
data is everywhere these days
• and processed through all types of apps,
• stored in various places and
• accessed from all sorts of devices!
Data being so ubiquitous makes it very difficult to control, raising accountability and transparency concerns for IT staff and end users
![Page 12: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/12.jpg)
© Copyright 2017 Dell Inc.12
Devices
Infrastructure
Apps Traditional Apps Cloud-Native AppsAPP APP APP APP APP APP
The World We Must SecureSecurity: The Last One Invited to the Party
APP APP APPAPP APP APP
APP APPAPP APP APP
APP
ManagedClouds
PrivateClouds
PublicClouds
APP
“We Need to Secure All of This”
Virtualized Compute, Storage, Networking
APP APP APPAPP APP APP
APP APPAPP APP APP APP
![Page 13: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/13.jpg)
© Copyright 2017 Dell Inc.13
Switzerland – Data Protection ActNews
Source: https://www.ejpd.admin.ch/ejpd/de/home/aktuell/news/2017/2017-09-150.html
![Page 14: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/14.jpg)
Facing GDPR requirements?How VMware supports your organization
![Page 15: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/15.jpg)
© Copyright 2017 Dell Inc.15
Mapping GDPR to NSX Capabilities
• Co-branded whitepaper “Product Applicability Guide for the European GDPR” authored by 3rd party Assessor, Coalfire Systems Inc.’s concludes:• VMware NSX can be used to dynamically control where workloads can send and receive data and
support a micro-segmentation architecture• Used ISO framework to validate VMware NSX products mapping to GDPR requirements
NSXISO27001GDPR
![Page 16: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/16.jpg)
© Copyright 2017 Dell Inc.16
VMware and GDPRBest Practices and Requirement Mapping
![Page 17: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/17.jpg)
© Copyright 2017 Dell Inc.17
How can VMware NSX support GDPR?
• Security by design and by default: NSX provides zero-trust security model inside Datacenters and clouds
– Micro-segmentation tightens the security to the VMs and enables east-west traffic inspection without additional traffic engineering or redirection
• Minimizing risk: Security-groups allow building adaptive, application centric security policy where VMs will land, immediately once they are provisioned, and inherit their FW rules in accordance to applications requirements
• Real-time Security Level monitoring: Network and guest introspection will help to monitor the VM security posture and dynamically move enforce quarantine Security-group if compromised
• Data Privacy Impact Assessment: NSX vRealize Network Insight and vRealize Operations will help organizations to build their Data Privacy Impact Assessment by delivering a realisticsecurity overview on the whole Datacenters
• Encrypting data in motion: NSX Edge provides IPSec, L2VPN and SSL VPN tunneling to usersand partners outside datacenters
https://blogs.vmware.com/euc/2017/09/accelerate-towards-gdpr-compliance.html
![Page 18: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/18.jpg)
VMware Network and Security Virtualization
![Page 19: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/19.jpg)
© Copyright 2017 Dell Inc.19
“VMware NSX is to networkingwhat VMware ESXi is to compute.”
![Page 20: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/20.jpg)
© Copyright 2017 Dell Inc.20
VMware NSXGround-breaking Use Cases
![Page 21: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/21.jpg)
© Copyright 2017 Dell Inc.21
Provisioning Security Services is hardClassic physical zoning approach
![Page 22: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/22.jpg)
© Copyright 2017 Dell Inc.22
Every modern Cyber Security Breachhas something in common…
…the attacker!Once inside, they were most often able to move freely in the victim's DC network!
![Page 23: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/23.jpg)
© Copyright 2017 Dell Inc.23
Problem: Data Center – Network SecurityPerimeter Security & Zoning has proven insufficient, micro-segmentation is operationally infeasible
Internet
Data center Perimeter
Insufficient
Internet
Data center Perimeter
Operationallyinfeasible
Zone1 Zone2
Zone3
![Page 24: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/24.jpg)
© Copyright 2017 Dell Inc.24
VDS dvPG2 (VLAN-backed)
VM4 VM5 VM6
Insufficient Security ZoningVMs in dvPGs (distributed virtual Port Group)
vSphere Distributed Switch
Physical network
VDS dvPG1 (VLAN-backed)172.16.10.11
VM1
172.16.10.12
VM2
172.16.10.13
VM3
![Page 25: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/25.jpg)
© Copyright 2017 Dell Inc.25
VDS dvPG2 (VLAN-backed)
VM4 VM5 VM6
VMware NSX – Micro-SegmentationVMs in dvPGs (distributed virtual Port Group)
vSphere Distributed Switch
Physical network
VDS dvPG1 (VLAN-backed)172.16.10.11
VM1
172.16.10.12
VM2
172.16.10.13
VM3
![Page 26: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/26.jpg)
© Copyright 2017 Dell Inc.26
VDS dvPG2 (VLAN-backed)
VDS dvPG1 (VLAN-backed)
NSX LS2 (VXLAN-backed)
NSX LS1 (VXLAN-backed)
VM4 VM5 VM6
VMware NSX – Micro-SegmentationVMs in LSs (Logical Switches)
vSphere Distributed Switch
172.16.10.11
VM1
172.16.10.12
VM2
172.16.10.13
VM3
Physical network
192.168.0.50 192.168.100.50 192.168.200.50
![Page 27: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/27.jpg)
© Copyright 2017 Dell Inc.27
NSX Distributed FirewallingMicro-segmentation
• Each VM can now be its own perimeter
• Policies align with logical groups
• Prevents threats from spreading
App
DMZ
Services
DB
Perimeterfirewall
AD NTP DHCP DNS CERT
Insidefirewall
Finance EngineeringHR
![Page 28: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/28.jpg)
© Copyright 2017 Dell Inc.28
NSX Distributed FirewallingMicro-segmentation
Source: http://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmware-nsx-microsegmentation.pdf
![Page 29: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/29.jpg)
AppDefence
![Page 30: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/30.jpg)
© Copyright 2017 Dell Inc.30
• Highly complex and noisy• Limited context – requires a lot of inputs• Manual effort to confirm valid threat
Pitfalls of the current modelFocused on chasing malicious behavior
![Page 31: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/31.jpg)
© Copyright 2017 Dell Inc.31
• Highly complex and noisy• Limited context – requires a lot of inputs• Manual effort to confirm valid threat
Pitfalls of the current modelFocused on chasing malicious behavior
It’s time for a new modelFocused on validating good (intended) behavior
• Simpler and smaller problem set• Better signal-to-noise ratio• Actionable and behavior-based
alerts and responses
![Page 32: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/32.jpg)
© Copyright 2017 Dell Inc.32
Hypervisor
IT provisions a new app
1
VMworld AppDefenceVisibility and context into application lifecycle
Automated collection of intended state across app lifecycle
IT provisions a change to the app
3
Running StateAppDefensenotes the change
4
Intended StateAppDefensecollects intended state of the app
2
AppDefense
NSX
Insert security into DevOps process
Source: https://www.vmware.com/products/appdefense.html
![Page 33: GLOBAL SPONSORS - germany.emc.com · Moderne Infrastruktur. ... Data center virtualization layer. Pooled compute, storage, ... zero-trust security model . inside Datacenters and clouds](https://reader035.fdocuments.us/reader035/viewer/2022070616/5d195a6b88c9934e5f8c8e49/html5/thumbnails/33.jpg)