Security is a major focus point at VCE. Every Vblock™ System shipped contains built-in security features. Now that security is even further bolstered with a tested and validated, Vblock™ Ready solution from SSH Communications Security. In partnership VCE and SSH introduced a new degree of security hardening with checks and balances across the virtualized workload environment.
Securing the Management Plane in Converged Infrastructures
Converged infrastructure systems are being implemented seemingly in every enterprise these days. An ongoing concern for many is maintaining the security hardening on the system management plane in addition to the workloads running on top of it.
Over 60% of significant data breaches are being introduced by third parties and 100% of these breaches involve privileged accounts (source: 2013 Trustwave Global Security Report / Mandiant Consulting Services). So it’s essential to effectively control, monitor, and audit all privileged access to the various layers and components of the converged infrastructure.
The virtualization layer is only one of several layers of the converged infrastructure and the attack surface increases due to the interoperability with the networking and storage layers. That’s why it’s so important to control, monitor and audit encrypted channel access from remote administrators and third parties.
And let’s not forget compliance. Along with the need to reduce risk, compliance mandates such as PCI-DSS, SOX, FEDRAMP, and HIPAA each outline requirements for access enforcement, individual accountability for shared accounts, separation of duties, least privilege, remote access, audit and event management, and continuous monitoring of critical infrastructure.
A New Joint Solution from VCE and SSH Communications
In partnering with VCE, SSH Communications Security had provided VCE customers enhanced session monitoring, auditing, and control for the Administrative Management Pod of the Vblock System with the CryptoAuditor solution.
CryptoAuditor extends the reach of session monitoring, control, and audit of encrypted administrator access to other layers of Vblock Systems ― the application, networking, and storage layers. These critical components and layers are often accessed via remote administrators through encrypted sessions utilizing SSH, RDP or HTTPS via the Vblock Systems Administrative Management Pod (AMP) or directly by third party tools. These activities require session monitoring and recording along with control of what commands can be run during those sessions. When coupled with Hytrust’s virtualization layer monitoring capabilities, it is now possible to have visibility into all remote administrator and third party actions at every layer of the converged infrastructure stack.
Substantiating VCE’s commitment to fast-time-to-value, efficiency, and scalability, CryptoAuditor is a network-based solution requiring no agents to be deployed. And there is no access portal to go through. So there’s zero impact on the end user experience or workflows. VCE customers get a quick, efficient, and cost effective way to deploy and further secure their Vblock Systems. And a proven means to control, monitor, and audit all encrypted administrator sessions and third party access to the Administrative Management Pod.