Page 7 - GCN, Feb/Mar 2018
P. 7

                                    IT MODERNIZATION
Identifying and encrypting data, then automating the process, is a sound approach.
trustworthiness of the underlying IT infrastructure. It’s important to ensure hosts, hypervisors, and operating systems supporting virtual workloads are all known, trusted, and routinely tested for compliance. This includes imposing controls over privileged administrators tasked with managing the infrastructure. Many data breaches occur because of simple mistakes made by privileged administrators who expose sensitive workloads. Automating the process helps enforce policies around what, where, how,
STEP FIVE: Secure the use of applications. Once you’ ve taken the above steps, you’ ve created a more secure and compliant environment where your applications can run. However, the application layer, along with the staff using those applications, must also be controlled. This typically is accomplished with familiar
As state and local agencies embrace the ef ciency, agility, and cost- effectiveness of virtualization and cloud computing, they must also embrace mandated security and data privacy regulations that go along with it.
keys are distributed is critical. To do this effectively, consider how the data is processed. In a modern, virtualized, and increasingly cloud-based data center, data is often moving, copied, or cloned. The old notion of “data-at-rest” is questionable in a virtual environment where data is often replicated. Virtual machines are frequently moved, cloned, or migrated, and virtual data stores
Protecting data in the dynamic environment of a hybrid cloud has some important differences from what might have been suf cient in older, static and often physically separated data centers. Fortunately, says Bill Hackenberger, vice president of data security at HyTrust, virtualization presents opportunities to simplify compliance, and agencies can do this one step at a time.
are spread out and managed across numerous physical devices. Encrypting data at the virtual machine level with appropriate key management allows for secure controls over the data, while still
and when administrative actions are appropriate.
 STEP ONE: Identify sensitive data. If you think you know where all of your sensitive data is, you’re probably wrong. While you might know the location of your most important databases and applications, those applications can leak data out into
allowing virtual machines to be copied or migrated across hosts and cloud platforms.
STEP THREE: Logically segment the components of the IT infrastructure to limit which hosts and virtual machines must be made compliant. Virtualization, virtual storage, and virtual networking all lend themselves to creating logical segments and divisions within the larger physical IT infrastructure. It pays to take advantage of that fact. Limit where your compliant-sensitive workloads will run so you can isolate them to selected and compliant hosts, decreasing the scope of your compliance task. Furthermore, constraining the delivery of keys for decryption to those selected hosts controls where compliance sensitive data can be processed.
STEP FOUR: Harden the security postures and con rm the
the world, making data susceptible to theft. While you may enforce strict controls on a server running a sensitive database, a user can easily generate
security tools like Identity and Access Management (IAM), endpoint malware prevention, and so on.
a report, or copy sensitive content to
a text  le on some other host. This “leaking” of sensitive data, especially in the form of unstructured  les (such as in Excel or a PDF) is a common way that data unknowingly becomes exposed. Locating sensitive data is a continuous task, and requires tools that can routinely look for and report on the location of  les found with sensitive content. This is an important step to knowing the scope of your compliance task.
“Compliance doesn’t have to get in the way of the bene ts of virtualization and the cloud,” says Hackenberger. “By  rst taking steps to secure the virtual foundation, encrypting and controlling virtual workloads, and then apply controls to applications, agencies can more easily achieve compliance and ensure their systems remain so.”
  STEP TWO: Encrypt sensitive data. Choosing the proper method for encrypting data and controlling how
For more information, please visit

   5   6   7   8   9