1 Phone: 650-681-8100 / email: info@hytrust.com 1975 W. El Camino Real, Suite 203, Mountain View, CA 94040

Virtualize More in 2012 with HyTrust Boost Data Center Efficiency and Consolidation Ratios Securely and Proactively

First in a three-part series for IT and Security professionals responsible for virtualization and data center architecture, management, and optimization

2

Overview

Speakers

What are the key business drivers for the virtualization security

blueprint ?

What are the pitfalls to avoid as we virtualize more mission-critical

applications, more securely this year?

What guidance and best practices can you share for planning and

undertaking these virtualization initiatives?

Summary

Q&A

3

Speakers

Billy Cox, Cloud strategy - Software and Services Group

Intel

Iben Rodriguez, Cloud Infrastructure Security Architect

eBay

Eric Chiu, President & Co-Founder

HyTrust

4

Desktops Laptops Embedded Smartphones Netbooks Personal Devices

Smart TVs

Federated Share data securely across public and

private clouds

Automated Dynamically Allocate

Resources

Client Aware Optimizing services based

on device capability

Cloud 2015 Vision

Open, Interoperable Solutions Essential

5

From Usage Model to Proven Solution A security example

Define …the strategy to

address IT challenge via usage model

Enable …the usage model in the ecosystem

Prove …the usage model delivers the value

Scale …deployments with

ecosystem

Usage Model

• Trusted Pools • Compliance

Reporting

Pain Points

Enterprise Vulnerabilities

Solution Stacks

Chipset

VMM

Policy Engine

Management

OS

Applications

CPU

Execute End User IT POCs

Prove out in lab Intel® Cloud Builders Reference architecture

Intel® Cloud Builders

Iben Rodriguez

Cloud Information Security Infrastructure Architect

1. Cloud Infrastructure Security Architect who got his start in data networks for military, and now designs and delivers complex projects for international pharmaceutical, semiconductor companies, ecommerce companies, and many government organizations.

2. Has worked closely with RedHat, VMware, and the Center for Internet Security, and kicked off and maintains the Benchmark for vSphere ESX hardening. Has also been selected a vExpert by VMware since 2009.

3. Enterprise Security and virtual infrastructure design leader dealing with ITIL, SOX, PCI-DSS, ISO27000 assessments and remediation.

4. Presents on virtualization security at many conferences including MISTI, AppCon, InfoSec Cloud, Network World, SANs, and Vmworld, and publishes at www.ibenit.com and www.vadapt.com

5. Expert in integration of Virtual Security Infrastructure Components such as Splunk, Nicira NVP, Vyatta, Cisco Nexus 1000v, HyTrust, SilverPeak, NMAP

7

HyTrust Backgrounder

7 © 2011, HyTrust, Inc. www.hytrust.com

Founded: Fall 2007

Headquarters: Mountain View, CA

Venture Funding: $16 million

Strategic Partners:

Awards & Top Ten Lists: VMworld 2009 Best of Show, VMworld 2009 Gold,

VMworld 2010 Finalist, TechTarget 2009 Product of the Year, RSA Innovation Sandbox

2009/2010 Finalist, SC Magazine 2010 Rookie Company of the Year, Network World

Startup to Watch 2010, InfoWorld Tech Company to Know 2010, Forbes “Who’s Who”

in Virtualization, Red Herring 2010 North America winner, Gartner Cool Vendor 2011

8 © 2011, HyTrust, Inc. www.hytrust.com

How are you addressing security concerns in your virtualized

environments? (Pick Top One)

Traditional infrastructure tools with NO specific provisions for virtualization

Traditional infrastructure tools with specific provisions for virtualization

Utilize virtualization-specific security tools provided by virtualization vendor

Utilize third-party security tools designed for VM's

Utilize third-party virtualization-only security tools

No security provisions in place

9 © 2011, HyTrust, Inc. www.hytrust.com

What are your virtualization priorities heading into 2012? (Pick Top Priority)

Maximize performance and availability with sophisticated monitoring

Continue to increase consolidation ratios by virtualizing tier-one applications

Better management of existing virtual environments

Standardization of hypervisors and/or platforms

Become compliant and/or other organizational mandates (i.e. 25% quota for Federal

organizations…)

Only maintain at this point

10

Key Drivers - Business Trends

Virtualize More…

Forrester Research CISO’s Guide to Virtualization Security

Analyst research of CIO top priorities for 2012, 40% picked virtualization as one of top three

Analyst research shows market is now 52% virtualized, with many organizations goaled to be 75% virtualized by 2014. *

11

Key Drivers - Business Trends

Virtualize More Securely…

+ Jeff Burt eWeek 2009

++Forrester Research CISO’s Guide to Virtualization Security

40% of virtualization deployments undertaken WITHOUT information security team input.++

Security and tier-one apps consistently hold down ratios.+

12

Key Drivers - Business Trends

Virtualize More…

More Securely…

With Less!

Forrester Research CISO’s Guide to Virtualization Security

13

Key Drivers - Virtualization / Cloud Security Situation

2Gartner; “Q&A: Six Misconceptions About Server Virtualization”, Thomas J. Bittman; 29 July 2010

“By 2015, 40% of the security controls used within enterprise data centers will be virtualized, up from less than 5% in 2010.”1

“There will be more virtual machines deployed on servers during 2011 than in 2001 through 2009 combined”2

1Gartner; “From Secure Virtualization to Secure Private Clouds”; Neil MacDonald & Thomas J. Bittman; 13 October 2010 13

“Virtualization increases security risk by 60%.”1

14

Key Drivers - Proactively Protect and Secure Your IP

Average cost of a security breach, per

compromised record (2010), with negligence the

main cause

Percentage of breached companies

who lost customers as a result of the

breach

Percent of all breaches that

involved privileged user misuse

Percentage of companies that

have experienced a data breach

—CA-sponsored survey

— Verizon report, 2010

— IT Compliance

Institute

— IT Compliance

Institute

48%

74%

$124

87%

15

Key Drivers - Proactively Protect and Secure Your IP

Average cost of a security breach, per

compromised record (2010), with negligence the

main cause

Percentage of breached companies

who lost customers as a result of the

breach

Percent of all breaches that

involved privileged user misuse

Percentage of companies that

have experienced a data breach

—CA-sponsored survey

— Verizon report, 2010

— IT Compliance

Institute

— IT Compliance

Institute

48%

74%

$124

87%

16

Best Practices and Guidance - Security

Planning for security in the virtual datacenter

Business drivers including compliance requirements

New role of IT in the cloud

Strategy and Framework (and org expectations)

Planning and discovery into the environment is critical

What are the big wins (ref architecture, single roadmap, global

scalability, single portal…)

17

On the Virtualization side, where are things going?

Managing Talent – separation of duties among experts (or cloud

admin “super generalist”)

Private cloud adoption and IT as a service

Mix mode versus air gaps

Best Practices and Guidance - Virtualization

18

Consolidation & Virtualization

SaaS Application

“Rented” Cloud Infrastructure Self-Service

Ubiquitous Access

Data Center of the Future – 3 year Vision

© 2011, HyTrust, Inc. www.hytrust.com

Access

and

Usage

Identity

Data

IT as a

Service

End result of datacenter transformation: IT is delivered as-a-service;

Role of Corporate IT is transformed from operational to control / governance

Cost

19

How To Get Started with Virtualization Security

Strive for virtual security that is equal to or better than the traditional

security in your environment.

Consider the following:

Apply the “Zero Trust” model of information security to your network

architecture

Consider virtualization-aware security solutions

Implement privileged identity management

Incorporate vulnerability management into the virtual server environment

Best Practices and Guidance - Getting Started

20

Summary – Why You? Why Now?

Why do this now?

Proactive collaborative approach to Security planning and architecture

Lever virtualization ROI, payback periods while advancing security,

compliance…

Align these actionable measures to larger initiatives (from CIO survey)

21 © 2011, HyTrust, Inc. www.hytrust.com

eric@hytrust.com

billy.cox@intel.com

Iben.rodriguez@gmail.com