1. Virtualize More: Secure Cloud ScalingGrow Fast, Stay Nimble, Reduce RiskSecond in a three-part series for IT and Security professionals responsible forvirtualization and data center security, architecture, and management1975 W. El Camino Real, Suite 203, Mountain View, CA 94040 Phone: 650-681-8100 / email: info@hytrust.com 2012, HyTrust, Inc. www.hytrust.com1

2. Overview Speakers What are the key business drivers for the virtualization securityblueprint? What guidance can you share for planning security policymanagement and automation initiatives in virtual environments? Can we see a deep dive into logging, policy automation, and accesscontrol to help us work faster, smarter, and with less risk? Summary Q&A 2012, HyTrust, Inc. www.hytrust.com2 3. Speakers Doug Brown, FounderDABCC Ken Sigel, Systems EngineerHyTrust Eric Chiu, President & Co-FounderHyTrust 2012, HyTrust, Inc. www.hytrust.com 3 4. HyTrust Backgrounder Founded: Fall 2007 Headquarters: Mountain View, CA Venture Funding: $16 million Strategic Partners: Awards & Top Ten Lists: VMworld 2009 Best of Show, VMworld 2009 Gold,VMworld 2010 Finalist, TechTarget 2009 Product of the Year, RSA Innovation Sandbox2009/2010 Finalist, SC Magazine 2010 Rookie Company of the Year, Network WorldStartup to Watch 2010, InfoWorld Tech Company to Know 2010, Forbes Whos Whoin Virtualization, Red Herring 2010 North America winner, Gartner Cool Vendor 2011 2012, HyTrust, Inc. www.hytrust.com44 5. What are your virtualization priorities heading into 2012?(Pick Top Priority) Maximize performance and availability with sophisticated monitoring Continue to increase consolidation ratios by virtualizing tier-one applications Better management of existing virtual environments Standardization of hypervisors and/or platforms Become compliant and/or other organizational mandates (i.e. 25% quota for Federalorganizations) Only maintain at this point 2012, HyTrust, Inc. www.hytrust.com 2011, HyTrust, Inc. www.hytrust.com 5 6. How are you addressing security concerns in your virtualizedenvironments? (Pick Top One) Traditional infrastructure tools with NO specific provisions for virtualization Traditional infrastructure tools with specific provisions for virtualization Utilize virtualization-specific security tools provided by virtualization vendor Utilize third-party security tools designed for VMs Utilize third-party virtualization-only security tools No security provisions in place 2012, HyTrust, Inc. www.hytrust.com 2011, HyTrust, Inc. www.hytrust.com6 7. Key Drivers - Business TrendsVirtualize More Analyst research shows market is now 52% virtualized,with many organizations goaled to be 75% virtualizedby 2014. *Virtualize More SecurelyVirtualization increases security risk by 60%.***Forrester Research CISOs Guide to Virtualization Security**Gartner; From Secure Virtualization to Secure Private Clouds; Neil MacDonald & Thomas J. Bittman; 13 October 2010 2012, HyTrust, Inc. www.hytrust.com 7 8. Key Drivers - Business TrendsNetworkWorld Top Initiatives Survey 09/2011 #1 86% Server Virtualization #2 79% Tier-one Application Virtualization #4 Cloud Scaling Initiatives #6 Security (mainly ID Mgmt and Next-gen firewalls) 2012, HyTrust, Inc. www.hytrust.com 8 9. Virtualization platform effects on security Abstraction and ConsolidationCapital and Operational Cost SavingsNew infrastructure layer to besecured and subject to complianceGreater impact of attack ormisconfiguration Collapse of Switches andFaster Deployment in Servers into One Device Shared EnvironmentFlexibility IT responsivenessCost-savingsInconsistencies inconfigurationLack of visibility and control forvirtual network and storage Physical changeprocesses ineffectiveNo separation of church and state(network, security, storage Inadequate tenantadministration) segmentation 2012, HyTrust, Inc. www.hytrust.com 9 10. Virtualization containers effects on security Fuzzy Time Boundaries Great availability / recovery mechanism Security and audit events can be lost Changes in time are not visible from inside the virtual server VM Encapsulation VM MobilityEase DRHardware Independence Improved Service LevelsOutdated offline systems Identity divorced fromUnauthorized copy physical locationReconfiguring virtual hardware Policies may not followand console access are over the virtual machinenetwork operations10 2012, HyTrust, Inc. www.hytrust.com 11. Key Drivers - Proactively Protect and Secure Your IP87%Percentage of companies that have experienced a data breach IT Compliance Institute48%Percent of all breaches that involved privileged user misuse Verizon report, 201074%Percentage of breached companies who lost customers as a result of the breach IT Compliance Institute 2012, HyTrust, Inc. www.hytrust.com11 12. Best Practices and Guidance Secure Cloud Infrastructure CIO.com IT Execs Survey of Top 5 Concerns for VI #1. Managing oversight and responsibility The specifics Host Management Privileged User Management 2012, HyTrust, Inc. www.hytrust.com12 13. Best Practices and Guidance Secure Cloud Infrastructure CIO.com IT Execs Survey of Top 5 Concerns for VI #3 is Visibility and Control The specifics Audit-quality Logging Complete Reporting Policy Engine 2012, HyTrust, Inc. www.hytrust.com 13 14. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 14 15. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 15 16. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 16 17. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 17 18. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 18 19. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 19 20. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 20 21. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 21 22. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 22 23. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 23 24. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 24 25. Policy Automation Increases Admin Speed and Accuracy Fallback is screenshots with audio 2012, HyTrust, Inc. www.hytrust.com 25 26. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 26 27. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 27 28. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 28 29. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 29 30. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 30 31. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 31 32. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 32 33. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 33 34. Policy Automation Increases Admin Speed and Accuracy 2012, HyTrust, Inc. www.hytrust.com 34 35. Best Practices and Guidance What Can You Do Today?Give right access to right people in your virtual infrastructure Cut back or eliminate access rights for those not on the projects Manage networks Take full inventoryAutomate to drive scalability Consider management tools to streamline workflow Drive security policy automation to prevent mistakes 2012, HyTrust, Inc. www.hytrust.com 35 36. Best Practices and Guidance What Can You Do Today?Create the business case for change Show costs of Not doing it (i.e. 87%) Be proactive and collaborative with IT, Security to understand andidentify the business problem Create a planDont be scared! 2012, HyTrust, Inc. www.hytrust.com36 37. eric@hytrust.com ksigel@hytrust.com dbrown@dabcc.com 2012, HyTrust, Inc. www.hytrust.com 37 38. eric@hytrust.com ksigel@hytrust.com dbrown@dabcc.com 2012, HyTrust, Inc. www.hytrust.com 38 39. eric@hytrust.com ksigel@hytrust.com dbrown@dabcc.com 2012, HyTrust, Inc. www.hytrust.com 39 40. eric@hytrust.com ksigel@hytrust.com dbrown@dabcc.com 2012, HyTrust, Inc. www.hytrust.com 40