hytrust and mckesson present at vmworld 2014
DESCRIPTION
Leading pharmaceutical company McKesson presents its strategy for building a secure, multi-tenant private cloud leveraging HyTrust cloud security software. McKesson has been a long-time adopter of virtualization which has driven greater efficiencies and cost savings across many business units within McKesson. McKesson has entered its next phase of data center evolution with OneCloud which is built as a true private cloud to enable data center consolidation of multiple business units. In addition, McKesson has lots of sensitive data and compliance mandates ranging from HIPAA to PCI to SOX. Therefore, OneCloud has been built with security controls and logging to handle sensitive workloads across the company.TRANSCRIPT
McKesson OneCloud – The One Cloud to Rule Them All
MGT2385
Luke Youngblood (@lukeyoungblood), McKesson Eric Chiu (@emchiu), HyTrust
McKesson At-‐a-‐Glance
Company Founded: 1833
Fortune 500: Ranked 15th
Revenue: $137.6 billion
America’s oldest and largest healthcare services company
Headquarters: San Francisco
Employees: 42,800
Segments: Distribution Solutions and Technology Solutions
Together with our customers and partners, we are creating a sustainable future for healthcare. Together we are charting a course to better health.
Leadership Posi6on in Both Segments
Technology Solutions
Distribution Solutions
#1 pharmaceutical distributor in U.S. and Canada
#1 generics distributor
#1 in medical-surgical distribution to alternate care sites
Leader in clinical, revenue-cycle and resource-management solutions
Leading RelayHealth claims-processing and connectivity business
#1 in medical-management software and services to payers
The Changing Landscape of Healthcare Creates New Challenges
ALTERNATE CARE
RETAIL PHARMACY
PHARMACEUTICAL MANUFACTURER
PAYERS
PHYSICIANS
CONSUMER
HOSPITALS
REGULATORY AGENCIES/GOVERNMENT
Manufacturers
11% of branded drugs coming off patent
Payers
>$100billion in administrative costs
Hospitals
-20% operating cost
Physicians
+75% M.D. employment since 2000
Pharmacies
$300 billion cost of non-adherence
A Vision for BeBer Health
ALTERNATE CARE
RETAIL PHARMACY
PHARMACEUTICAL MANUFACTURER
PAYERS
PHYSICIANS
CONSUMER
HOSPITALS
REGULATORY AGENCIES/GOVERNMENT
ALTERNATE CARE
RETAIL PHARMACY
PHARMACEUTICAL MANUFACTURER
PAYERS
PHYSICIANS
CONSUMER
HOSPITALS
REGULATORY AGENCIES/GOVERNMENT
Business Care
Connectivity
Customers Are Demanding Changes in IT
More Agility
and Control
Freedom to Pursue New Models
without Constraints
Greater Security and Privacy
Increased Reliability
Downward Cost Pressures
7 8/7/2014 For Internal Use Only. Confiden6al and Proprietary.
§ Piloted vCloud Automa6on Center in Feb. 2013. § Highly successful pilot – over 500 VM customer workloads. § Leveraged VCE Vblock Converged Infrastructure.
§ OneCloud General Availability in Sep. 2013. § Most pilot workloads carried forward. § Over 2,000 VMs under management as of Aug. 2014.
§ Second Data Center Availability in July 2014. § In order to support mission cri6cal workloads such as SAP, a second VCE Vblock Converged Infrastructure
solu6on was acquired and brought online.
§ Suppor6ng Produc6on Pharma Distribu6on in August 2014. § SAP, Oracle, and vHANA.
Demand forecast: 7,000 VM workloads by April 2015.
Current State Analysis: OneCloud
The Vision is Evolving
Single portal access
x86 virtualization
Internal
Multiple OS Multiple DB Multiple Apps PaaS
Self Service
Self Managed Fully Managed
Self Provisioned Assisted Provisioned
BU & McKesson IT Pla1orm Services1
Cloud Mgt Pla1orm & Brokering
Infrastructure Pools
Support Level
Provisioning Choices
Giving customers what they want, when they want it, how they want it, from the best possible sources
Business McKesson IT
vCAC Approach: Abstrac6on and Personaliza6on
Resource Pools
VM’s with Network
Applications
Abstrac6on to “Model once–deploy anywhere”
Production
Test
Development Private Cloud
Public Cloud
Infrastructure Policies
Application Policies
Machine Policies
ü Personalize Services through
§ Business Policies § Machine Policies § Applica6on Policies § Reserva6on Policies
Agility via automa6ng delivery of personalized services
vCAC Approach: Abstrac6on and Personaliza6on
Resource Pools
VM’s with Network
Applications
Abstrac6on to “Model once–deploy anywhere”
Production
Test
Development Private Cloud
Public Cloud
Infrastructure Policies
Application Policies
Machine Policies
ü Personalize Services through
§ Business Policies § Machine Policies § Applica6on Policies § Reserva6on Policies
Agility via automa6ng delivery of personalized services • Before vCAC
• 4 to 6 week produc6on acceptance process • Acer vCAC
• Linux workloads: 5-‐10 minutes • Windows workloads: 15-‐20 minutes • Workloads automa6cally meet acceptance process criteria
OneCloud Self Service Portal for IaaS
Current State Analysis: DevOps and Mul6-‐Machine Provisioning
Current State Analysis: DevOps and Mul6-‐Machine Provisioning
Example of mul6-‐machine provisioning with vCAC: 1 hour 10 minutes for a full Hadoop cluster vs days or weeks
VMware NSX and DevOps
vCAC Pre-‐Created Model
Cloud Management Plagorm Design
vCloud Automa6on Center IaaS Design
Broad Set of Security Requirements Need to be Met
§ Compliance regula6ons § PCI, HIPAA, SOX § Data breach implica6ons are huge
§ Mul6ple business units with stringent security requirements § Audit findings
§ Shared Local Administrator Accounts § Overly Broad Administrator Access § ESXi Security Hardening Compliance § Hardening Guide out of date
Key Mgmt / PUM / TVM / Backup
Fat Client / Browser / Mobile App
Authen6ca6on / Authoriza6on / Access Control
Presenta6on Layer Components / Forms
Business Logic / Applica6on EXE
Data / Run-‐Time / Config / Modules
Auth / Azn / AC / DLP / Firewall
Crypto / A-‐V / Configs / Patches / Logs
Guest O/S Instance (eg Win2K8)
vHAL: Hardened Config
vStorage / vMMU / vAPI / vNet
Auth/Azn/AC / Configs / Patches / Logs
Vmware ESXi O/S
Firmware: BIOS /Intel TXT
Hardware: IA-‐64 / Intel VT / TPM
Securing the Management Plane: Appropriate use of Privilege
§ Privileges must map appropriately to Roles in the management of the Virtualiza6on layer, the Guest VMs, and security governance
Applica6on Administrator
Storage Administrator
Network Administrator
Security Administrator
Server Administrator
Virtualiza6on Administrator
Solving our Use Cases with HyTrust
§ 1. Shared local Administrator accounts on ESXi -‐ HyTrust gives us independent management of the password (via Password Vaul6ng), check-‐in/check-‐out, and an ability to audit "who did what" on the ESXi infrastructure through event/log correla6on
§ 2. Overly broad Administrator Access -‐ HyTrust gives us the capability to tailor access privileges to specific role defini6ons
§ 3. ESXi Security Hardening Compliance -‐ HyTrust lets us audit a great many elements of the standard in the compliance templates, and even remediate dric from the approved sekngs.
§ 4. Security Hardening Guide out of date HyTrust facilitates upda6ng the hardening spec directly through the compliance templates instead of having to produce and disseminate a document, as well as easily iden6fying non-‐compliant sekngs and unapproved versions in the environment.
§ 5. Troubleshoo6ng – HyTrust provides the detailed log informa6on that is not provided by vSphere in terms of who made what change, what aBribute was changed, from where, etc. In addi6on, HyTrust integrates with major SIEM and log management solu6ons like LogInsight
§ Intel TXT provides integrity assurance for server hardware, and the socware stack above § The star6ng point is Intel Xeon
processors & motherboard chipsets
§ VMware supports Intel TXT to verify vSphere hypervisor trustworthiness
§ Intel TXT relies on partners to deliver complete solu6ons § HyTrust was an early partner
and remains firmly commiBed to developing Intel TXT-‐based solu6ons
Intel Trusted Execu6on Technology (Intel TXT) Provides a Strong Founda6on for Hardware and Loca6on Aware Security
TPM
Intel® TXT Hardware SoluFon Components
Intel® Chipset
Flash BIOS
Xeon® Xeon®
A trusted execuEon plaForm for sensiEve apps and data
§ An industry first: Control over virtual server placement and data decryp6on enforced by hardware
§ Extends HyTrust CloudControl and DataControl policies to Intel TXT
§ No performance impact
Extending TXT With Boundary Controls to Ensure Secure Workload Placement and Decryp6on by Loca6on
Server Pla1orm Integrity
Virtual Server Placement by
LocaFon
Data DecrypFon by LocaFon
Only allow sensi6ve virtual workloads to be run on a trusted hardware & socware server stack
Only allow certain virtual servers to be run on hardware in a par6cular loca6on
Only allow virtual server data to be decrypted on hardware in a par6cular loca6on
HyTrust Background
Mission: Mitigate the concentration of risk and potential for catastrophic failure that virtualization and cloud introduce, enabling organizations to securely virtualize all workloads and move faster to the cloud
Strong IP Protection: Five foundational patents granted covering access control, hardening and logging for cloud infrastructure, automated tagging, policy enforcement based on tags, and virtual machine security
Investors:
Strategic Partners:
Representative Customers:
Protec6ng the Management plane
§ Addressing compliance and trust through architecture and technology
Create requirements like § Separation of duties § Accountability for admin actions § Management as “in scope”
Necessitating point considerations like § Good management practices § Multi-factor authentication § Simplified assessment and audit § Secure separation
Regulations § FISMA/FedRAMP § PCI-DSS § HIPAA § Etc.
Complex Trust § Multi-tenancy § People and
technology § Mixed trust zones
Authen6cate/control/audit admins
MANAGEMENT CLIENTS
Guest traffic uninterrupted
VIRTUAL INFRASTRUCTURE
ESXi hosts
1. Strong Authentication and Root Password Vaulting 3. Audit-quality Logging and Alerting
4. Infrastructure Hardening with Intel TXT 2. RBAC, Object Policies, Secondary Approval
PCI DMZ
HyTrust Complements vCAC and Log Insight
§ vCAC provides self-‐service provisioning and life-‐cycle management of VMs § HyTrust secures all vSphere administra6ve ac6vity (authen6ca6on, authoriza6on and audit) § Complements vCAC by enforcing opera6onal and security policies assigned to provisioned resources § HyTrust forensic-‐quality logs integrate na6vely with Log Insight (one of Log Insight’s original content pack
partners) Self-‐service Admins
Infrastructure Admins
VMware Log Insight
* NSX protec6on (AAA for NSX) on roadmap
HyTrust CloudControl
VMware vCAC
VMware vSphere VMware NSX*
Secondary Approval (Two-‐Person Rule)
Ensuring two administrators approve sensi6ve opera6ons
§ Protect critical virtual assets by requiring secondary approval (two-person rule)
§ Prevents a malicious insider or a compromised admin account
§ Prevents inadvertent mistakes by a privileged user
The director of the N.S.A., Gen. Keith B. Alexander, acknowledged the problem and said his agency would institute “a two-man rule” that would limit the ability of each of its 1,000 system administrators to gain unfettered access to the entire system. The rule would require a second check on each attempt to access sensitive information. Source: NY Times “N.S.A. Leak Puts Focus on System Administrators”, June 23, 2013
Administrator
HyTrust Appliance
Copy Server
Add Storage Allow Virtual
Infrastructure
Allow
Approve
Approval Administrator
s
Trusted Infrastructure Leveraging Intel TXT and HyTrust
Attempt to power on VM on untrusted host is denied by HyTrust
Forensic-‐Quality Logging and Aler6ng
Highly detailed log information for all key events § Includes not only VMware specific data, but also HyTrust
CloudControl tags, two-person approvals, etc.
Customizable alert engine § Triggers on any object, command, or tag § Volume based alerts (e.g., executing a specific action more than X
times in Y minutes)
Full indexed searching to rapidly find all events related to an object Syslog export and integration with leading SIM/SIEM solution § ArcSight Common Event Format § SplunkApp § McAfee ESM/Nitro, LogInsight, and RSA Envision parsing
HyTrust CloudControl delivers the logging necessary for enterprise-grade compliance, audit, forensics, and troubleshooting
Cri6cal Controls for Compliance And Audit
Every single compliance regimen identifies administrator activity and logging as critical control objectives § PCI, HIPAA, FedRAMP/FISMA, NERC, etc.
As auditors become familiar with the power and risk of virtual infrastructure, they are starting to apply these admin controls to virtual environments § Unfortunately the native controls offered by these firms are not up to the standards most auditors expect
(e.g., no two-factor authentication for VMware, insufficient logging detail)
VCE and HyTrust deliver a proven solution to implement the robust administrator controls compliance auditors expect
§ vCAC enables self service and orchestra6on § HyTrust delivers trusted cloud with secure management § Combined, vCAC and HyTrust enable McKesson to deliver a
secure, trusted private cloud for regulated environments
Summary
For more informa6on, go to: www.vcdxpert.com www.hytrust.com
Thank You
Fill out a survey Every completed survey is entered into a
drawing for a $25 VMware company store gift certificate
McKesson OneCloud – The One Cloud to Rule Them All
MGT2385
Eric Chiu, HyTrust, Inc. Luke Youngblood, McKesson Corporation