www.cloudsec.com | #cloudsec

Extend Security from Enterprise Cloud Platform to Multi-Cloud

Don Fung | Nutanix

#cloudsec

Extend Security from Enterprise Cloud Platform to Multi-Cloud

#cloudsec

Truth in the Numbers

78%OF ORGANIZATIONSHAVE BEEN VICTIMSOF ONE OR MORESUCCESSFUL CYBERATTACKS

45%INCREASE IN DATABREACHES REPORTEDIN 2017 COMPAREDTO 2016

$3.86MIS THE AVERAGETOTAL COST OF A DATABREACH

MULTIPLE VENDORS

Disparate computing,

virtualization, storage, and

networking solutions

MULTIPLE APPROACHES

Each vendor approaches

security differently and

typically in a narrow context of

their product only

MULTIPLE GAPS

Technology silos and inherent

complexity create security

gaps.

MULTICLOUD ADOPTION

The need to avoid vendor lock-

in and to choose theright

clouds for the right workloads

leads to multi-cloud adoption

81%OF ORGANIZATIONSWORK WITH TWO OR MORE CLOUD VENDORS

#cloudsec

Pain Points

COMPLEX INFRASTRUCTURE + TRADITIONAL SECURITY APPROACHES =

INCREASED RISK

• Security blind spots: Use of multiple cloud vendors and many infrastructure

products along with manual efforts to maintain them increases complexity and security gaps.

• Software upgrade delays: Validating and maintaining a security baseline

through software upgrades is time-consuming and often involves error-prone manual processes.

• Lack of a unified solution: Although multi-product strategies can mitigate

many threats, most alone have proven to be too complex and resource-intensive to be practical in a traditional, multivendor infrastructure stack.

• Limited cloud governance: Lack of visibility into and control over resource

consumption in mutlicloud environments leads to increased misconfigurations and security risks without automated cloud governance policies in place.

Config errors are a top riskMiscellaneous errors were the second most cited reason for a data breach, after web applications.Source: “2018 Data Breach Investigations Report,” Verizon.

99%BY 2023 OF CLOUD SECURITY FAILURES

WILL BE THE CUSTOMER'S FAULT

Nutanix Customer Journey

Multi-Cloud Services for Apps and Data

Unify operations across public and private clouds

Secure and automate applications, and consolidate storage

Build an Enterprise Cloud

Modernize IT with HCI

Deliver enterprise apps and VDI from any site

#cloudsec

What is HCI?

Virtualization

App App

Fiber Channel Switch Fiber Channel Switch

Storage

Controller

Storage

Controller

Storage

Controller

Storage

Controller

Storage

Controller

Storage

Controller

Virtualization

App App

Integrated compute, storage, virtualization, network, and

security

Compute Compute

#cloudsec

Converging Storage Services

Server

Node 1 Node 2 Node N

C1 C2

User Workloads

Hypervisor

Server

Hypervisor

Server

Hypervisor

#cloudsec

Flexible Scale-out Architecture

Node 1 Node 2 Node N

User Workloads Compute & Storage Controller

Server

Hypervisor

Server

Hypervisor

Server

Hypervisor

✓ Start small and scale without limits

✓ Increase capacity one node at a time

StoragePool

C1 C2

✓ Keep data local for maximum performance

✓ Mix node types and hardware generations

E N T E R P R I S E C L O U D

| 9

One-Click Operations

Application Automation and Orchestration

• Self-service provisioning

• App deployment and governance

• Multi-cloud visibility and control

Operational Insights

• Behavior-based alerting

• Intelligent remediation

• Consumer-grade search and dashboards

Planning

• Capacity planning

• One-click infrastructure optimization

• Just-in-time forecasting

Infrastructure Management

• Provisioning of storage, VMs, networking policies and data protection

• Cluster scale-out and scale-in

App Mobility

• Migration of Application & VMs across infrastructure

• Hypervisor conversion

• Archiving of data to cloud

#cloudsec

Security Design in Enterprise CloudSecurity Lifecycle

Standards and Certifications

Factory Security Hardening & Baseline

Automated Configuration Validation and Self-healing

Data-at-Rest Encryption (FIPS 140-2 Validated)

Localized Encryption Key Management

Network Segmentation / Microsegmenation

Multi-factor Authentication, Role Based Access, & SAML

Data Protection / Replication / Availability

Flow

Visualize and Discover applications and their network connectivity

Segment applications and virtual networks without additional complexity or hardware

Secure applications, prevent data loss and support compliance goals.

Solution OverviewApplication Security with Flow

AHV and Flow deliver advanced networking and security services inside the datacenter, providing application-centric visibility and protection from network threats, automation of security baselines, and prevents data loss.

#cloudsec

What is Flow? Security and Networking

• Natively built into the Nutanix Enterprise Cloud as part of AHV

• Powerful visualization, policy-based microsegmentation and network automation capabilities

• Intuitive & scalable solution with no additional tools needed

• Built-in simplicity of NutanixServer Data Protection Storage

AHV

Prism

Flow

Comprehensive Visibility, Security, and Automation

#cloudsec

What is Flow ?

Line Rate Stateful FW on Each Node

E-W / VM to VM Level Granularity

Central Policy Management

Ubiquitous Enforcement Rich Visualization and Monitoring

App Centric Security Policy

#cloudsec

Rich Visualization to Aid in Policy Authoring

“Show me all flows for my application”

VLAN 12VLAN 10 VLAN 11

• Visualization is key to policy creation.

• Easily see application tier communication and interactions on the network.

#cloudsec

Security Zoning & Isolation

“Development VMs should not talk to Production VMs”• Isolating environments simplified

through one-click policies.

• Predefined categories for environment-type makes policy writing easy - simply add VMs to the desired category

• Moving workloads across environments is simply swapping the categories from Dev to Prod

“Promote VM from Dev to Prod”

VLAN 12VLAN 10 VLAN 11

Development ProductionDevelopment Production

#cloudsec

Internet

Application Isolation

“All VMs of the same app can talk to each other” • Isolating applications simplified through one-click policies.

• Predefined categories for application-type makes policy writing easy - simply add the VM to the application category.

• Policy language allows simple expression for well defined entry and exit points to/from the application.

“Allow inbound connections to App A from Internet”

“Allow outbound connections from App C to the AD server”

VLAN 12VLAN 10 VLAN 11

App A App B App C AD

#cloudsec

Network & Security Automation

Prism + Calm

Webhook API

Integrated Management Plane • Automated App Provisioning with Prism and

Calm• Physical Switch API Integration (Webhooks)

for Network Automation • Single Pane of Glass

Nutanix Services on AHV• App/VM deployment – PC, Clam• Security Automation with Flow m-seg• L4-L7 Integration / Service Insertion

Fabric Controller

Network Infrastructure• Keep your current physical fabric • Overlay Agnostic (VLAN or VXLAN)• Multi-vendor Support

Automated VLAN Mapping / Discovery

#cloudsec

Security Partners – DPI, NGFW

▪ Engage a security partner when customers are looking for deeper network security functionality or integration. Key Terms: Next Gen Firewall (NGFW), Deep Packet Inspection (DPI), App Firewall

▪ Flow network policy allows for virtual appliances from our security partners to be inserted “in-line” between virtual machines based on policy defined in Flow. This allows customers to specify exactly which traffic they would like to send for additional security inspection.

#cloudsec

Extend HCI > Enterprise Cloud

▪ Consolidate File Storage

▪ AutomateApplications and IT Workflows

▪ Secure Applications

▪ Manage IT Operations

▪ More Efficiently

| 26

Application Lifecycle Management

End-to-end automation of application provisioning, scaling and management

Self-Service and Governance

One-click self-service with centralized role-based IT governance

Multi-Cloud Orchestration

Deployment of apps and centralized visibility across private and public clouds

Calm

AutomateEmpowerRelax

#cloudsec

Blueprints Capture All Elements of the Application

VMs

Base Applications

Configuration

Network

Components

Security

Connectivity

Dependencies

Operations

Policy

Blueprint

Application

| 32

Makes sense of complexity in a visual way

1

Auto generated system action flows

2

Utilize existing Bash or PowerShell scripts

3

Call any external service using HTTP Tasks

4

Easy to understand dependencies

5

Calm Blueprints

#cloudsec

Blueprints: Not Just Provisioning

▪ Provision ▪ Configure ▪ Scale ▪ Upgrade ▪ Delete ▪ Repeat

Automate routine application management operations

Reduce errors, delays and downtime

E N T E R P R I S E C L O U D

#cloudsec

Nutanix Marketplace empowers Self Service

50+ Pre-integrated blueprints

Publish custom apps to marketplace

#cloudsec

Multi-Cloud Brokering Strategy Advantages…

Right Cloud for Right workloads

Laws of physics & locality

Mitigate Vendor lock-in

Public Clouds Nutanix Cloud

#cloudsec

Cloud sprawl causescost leaks

Inadequate visibility across cloud boundaries

Many purchase plans add to planning complexity

Ensuring security compliance

…But Multi-Cloud Governance is Complex

Public Clouds Nutanix Cloud

Xi Beam

Visibilityinto performance across multiple clouds

Optimizationrecommendations and insights across multiple clouds

Controland govern multiple clouds using policy based automation

Cost Governance

Security Compliance

Making Multi-Cloud Governance Invisible

#cloudsec

CostGovernance

Multi-Cloud Cost Governance

Optimization

One-click to easily eliminate unused

resources

RI recommendations for deep cost savings

#cloudsec

Intelligent Consumption Planning

Intelligent Purchase Recommendations

Powered by machine-intelligence to improve cloud spend

Multi-Cloud Savings

Complex planning turns into simple decisions

Proactive Utilization Planning

Ongoing recommendations for consumption planning

#cloudsec

CostGovernance

Multi-Cloud Cost Governance

Control

Policy based automation to control

spend

Automated chargeback reports and budget alerts to

drive accountability

#cloudsec

Centralized Financial Governance

Cost Control

Empower teams with simple access to usage and costs

Cloud Accountability

Ensure owners make data-driven decisions

Granular Budgeting

Policy-driven cost-centers and budgets for multiple teams

#cloudsec

Multi-Cloud Security Compliance

SecurityCompliance

Visibility

Multi-Cloud security heatmap for complete

visibility

Identify security issues using 300+ automated audit

checks

#cloudsec

Global Security Summary

#cloudsec

Multi-Cloud Security Compliance

SecurityCompliance

Optimization

One-click to easily remediate security

vulnerabilities

Automate compliance with Regulatory policies like PCI-DSS/HIPAA and

more

#cloudsec

One Click Remediate

#cloudsec

Multi-Cloud Security Compliance

SecurityCompliance

Control

Custom policies and audits to meet your

specific needs

Real-time security alerts for quicker

remediation

#cloudsec

Compliance Summary

#cloudsec

Beam Advantages

Immediate ValueSaaS delivery model. Optimization

recommendations within 24hrs.

Action orientedMore than just insights. Easily execute on recommendations with ‘One-Click to fix’

feature.

Built for CustomizationCustomizable security compliance policies

and cost reports to meet your business needs.

Multi-cloud coverageSingle service for public and private clouds -

AWS, Azure & Nutanix. GCP coming soon.

Actionable UI Clean and fast interface. Easy on effort,

sharp on performance.

www.cloudsec.com | #cloudsec

THANK YOU

Don Fung| Nutanix