Date post: | 10-Jun-2015 |
Category: |
Technology |
Upload: | vmworld |
View: | 86 times |
Download: | 5 times |
VMware Compliance Reference Architecture
Framework: Accelerate your Deployments
Moderator: Rob Randell, VMware
Jerry Breaud, VMware
David Barker, EMC
Eric Bruner, Sallie Mae
Noah Weisberger, Coalfire
Tim West, Accuvant
SEC5624
#SEC5624
2 2
Objective
Objective
• Understand how the VMware Compliance Reference Architecture provides
guidance to enable the design and deployment of VMware and VMware
Partner products to meet PCI DSS 2.0 requirements.
• Learn how customers have utilized the VMware and PCI QSA guidance to
accelerate the deployment of VMware products to meet their PCI regulatory
requirements
Key Takeaways
• The VMware Compliance Reference Architecture for PCI contains product
applicability and design guidance for VMware and our Technology
partners products
• The Compliance Reference Architecture for PCI has been reviewed and
validated by an independent PCI QSA
• Audit, assessment, design and deployment services are available from
VMware and our services partners
3 Confidential Confidential
Meet your panelists….
Moderator
Rob Randell, CISSP
Nicira by VMware
Director Systems Engineering NSBU
Noah Weisberger
Coalfire
Dir Professional Services
David Barker
EMC
Cloud Operations & Security
EMC OnDemand
Tim West
Accuvant
Senior Consultant
Eric Bruner
Sallie Mae
Business Systems Architect
INSERT
PICTURE
4 4
Panel Topics
Satisfying information risk managers who have concerns
regarding how these technologies are implemented to achieve
an ongoing compliant state
Defining the steps on the cloud computing journey in the
customer's terms while providing specialization on product
implementation to achieve goals and objectives required
What is the VMware Compliance Reference Architecture
Framework
Leverage these Compliance services with the VMware
Compliance Reference Framework
5 5
Two Types of Compliance Challenges
Compliance & Security
Operations
Operations Wants to Virtualize
and Consolidate More
Business Risk Owner
Chief Compliance Officer/ Legal Council
But Sometimes Risk Owners
Need Convincing
Will I meet compliance & security requirements?
Will my auditor approve?
What’s in it for me?
Will my virtualized environment be as compliant as my physical
environment?
Reducing Costs
Infrastructure efficiency
Simpler management
Reduces Compliance Complexity
Streamline compliance reporting
6 6
Trust and Cloud Computing – Some New Challenges
Mixed mode levels of trust
• VMs riding on the same Guest with different Trust Levels (PCI)
• Multi-Tenancy protecting Intellectual Property (IP) with shared Resources
• Auditor Approval of Design
Evidence based compliance
• What standards and frameworks do I adopt to minimize risk?
• How do I prove my data is properly protected and segmented?
• How do I automate the application best practices, regulatory guidelines and vendor standards?
Separation of consumer and provider
• Consumer delivered governance around workloads
• Evidence from provider around infrastructure compliance
• How do I address data governance, privacy, etc?
• How do we account for change? (Loss of Service)
7
Infrastructure
Requirements
• Access
Control
• Segmentation
• Remediation
• Automation
• Policy
Management
• Audit
Common
Control
Frameworks
Regulations,
Standards,
Best Practices
Reference
Architectures
PCI Zone
VMware vSphere
Process for Defining Reference Architectures is Not Trivial
8 8
Solution Development Lifecycle
AUDITOR VALIDATED AUDITOR REVIEWED MULTI VENDOR
9 9
VMware + Partner + Customer PCI Responsibility
10 10
Panel Discussion – Enabling PCI Compliant Applications
What do the
experts say?
11 11
Take Aways
Key Takeaways
The VMware Compliance Reference Architecture for PCI contains product applicability and design guidance for VMware and our Technology partners products
The Compliance Reference Architecture for PCI has been reviewed and validated by an independent PCI QSA.
Audit, assessment, design and deployment services are available from VMware and our services partners
VMware Collateral
VMware Approach to Compliance
VMware Solution Guide for PCI
VMware Architecture Design Guide for PCI
VMware QSA Validated Reference Architecture PCI
Partner Collateral
VMware Partner Solution Guides for PCI
How to Engage?
12 12
Summary
You now have product, industry and audit guidance coupled with a
reference architecture to begin building a PCI compliant cloud
VMware and their partners address compliance concerns for
the cloud
VMware has an eco-system of partners and industry leaders
aligned behind and supporting the VMware Compliance
Point of View
1
2
Confidential
13 13
Thank You!
14 14
Other VMware Activities Related to This Session
HOL:
HOL-SDC-1315
vCloud Suite Use Cases - Control & Compliance
Group Discussions:
SEC1002-GD
Compliance Reference Architecture: Integrating Firewall Antivirus,
Logging IPS in the SDDC with Allen Shortnacy
SEC5624
THANK YOU
VMware Compliance Reference Architecture
Framework: Accelerate your Deployments
Moderator: Rob Randell, VMware
David Barker, EMC
Jerry Breaud, VMware
Eric Bruner, Sallie Mae
Noah Weisberger, Coalfire
Tim West, Accuvant
SEC5624
#SEC5624