Matt Cooley – VMware Security Specialist – EducationMario Spallarossa – VMware Engineering – EducationNovember 2016

1

Data is Everywhere and our Schools are under Attack!In today’s K-­12 environments, personal information is everywhere. Students, teachers, and employees’ personal, financial, and healthcare data exist throughout your network. Schools are struggling with the legal and moral responsibility to protect it. Unfortunately this data is more valuable;; more under attack;; and harder to protect than ever.

FERPA Compliance

“63,000 Student Social Security Numbers Stolen”

“School District’s computer network was compromised by a ransomware program and held hostage in exchange for 500 Bitcoins, which equates to approximately $125,000”

“Stolen laptop contained 2000 student health records…”

HIPAA Compliance

Understanding Cyber Attacks“East-­West” attacks provide access to sensitive data

MATH201

VMVM

VMVM

VMVM

VMVM

VMVM

VMVM

101101001101010010100000101001110010100

Traditional Approach to Protecting our Schools

Access through the front door is tightly controlled in today’s schools

But one open window will give you run of the building…

Traditional Approach to Protecting our Schools

Today We Guard the Front Door of Our NetworksSchools are spending more on digital security than ever before – But one breach can cost everything!

Next Generations Firewalls $$$

Intrusion Prevention & Detection $$$

Antivirus $$$

Anti Malware $$$101101001101010010100000101001110010100

Increasing Physical Security is a challenge…

Operationally infeasible andpotentially counter productive

• Increasing data center security –more firewalls –provides diminishing returns at significant capital expense.

• In addition, operational overhead increases dramatically as the number of firewalls in the environment increases.

8

And the Data Center is no different

Software Defined Networking (SDN) changes it all

VMware’s NSX security platform allows you to put a Virtual Lock and Guard

on every door of the digital school.

FinanceMarketing HREngineering

Micro-­SegmentationAligning Security to the Mission, not the Network…

Micro-­Segmentation allows every workload to have its own perimeter defense system, blocking east-­west attacks and preventing threats from moving through the data center...

Operational policies are built dynamically, allowing security to scale efficiently throughout the environment…

Mr. Smith(Faculty)

Isabella(Students)

Blackboard Banner Email InternetNetwork

Students Faculty

Security Unique to Every User…

New Technologies mean New Challenges…

Just as adding mobile classroom to address student capacity complicate the physical protection of a school environment;; mobile devices make securing the digital

school exponentially more complex and exposed to new threats.

Micro-­Segmentation enables a “Secure Digital Backpack”Providing a seamless, secure educational experience

MATH201

VMVM

VMVM

VMVM

VMVM

VMVM

VMVM

VMware’s E-­Rate EligibilityWe agree with commenters that virtualized products, including hardware and software, that perform the same functions as eligible internal connections equipment are eligible. 54 We also agree that virtualized functionalities such as Software Defined Networking (SDN) and Network Function Virtualization (NFV)–solutions that virtualize eligible routing, switching, controller, and firewall functionalities–are eligible and may be a more cost effective solution than traditional wireless local area network components. 55 We emphasize, however that only virtualized solutions that perform the functions of eligible broadband internal connections are eligible. -­ FCC Order adopted September 11, 2015

E-­Rate Use Case – Secure, Integrated District

CONFIDENTIAL 15

• Customers can leverage the virtual routing, switching, and firewall features of NSX to avoid physical hardware purchases.

• Customers can leverage the virtual firewalling capabilities of NSX to manage the inbound and outbound traffic between datacenter virtual machines, remote sites, and the public internet.

• Customers can leverage the NSX Firewall to secure communication channels with remote users and locations.

• Virtual networking and security components can coexist on common hardware and while still maintaining isolation between security zones.

Learn more:vmware.com/industry/education/e-­rate 16

Key Takeaways• Traditional data center security is not sufficient. Attackers find weak points on the network and then move laterally to your sensitive data.

• Micro-­segmentation protects against lateral attacks by protecting every workload in your data center. Attacks may still happen, but attackers are not able to move through the network.

• Don’t put off building your Cyber Security Plan until it is too late!

Thank you!