Presentation is loading. Please wait.

Presentation is loading. Please wait.

Meeting the Increasingly Complex Challenge of Data Center Security Paul Vaccaro / Intel IT Data Center Technologist and Strategy Forrest Gist, P.E. / IDC.

Similar presentations


Presentation on theme: "Meeting the Increasingly Complex Challenge of Data Center Security Paul Vaccaro / Intel IT Data Center Technologist and Strategy Forrest Gist, P.E. / IDC."— Presentation transcript:

1 Meeting the Increasingly Complex Challenge of Data Center Security Paul Vaccaro / Intel IT Data Center Technologist and Strategy Forrest Gist, P.E. / IDC Architects Global Technology Lead Integrated Security and Emergency Preparedness

2 Copyright © 2013, Intel Corporation. All rights reserved. 2 Legal Notices This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information about performance and benchmark results, visit Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. Copyright © 2013, Intel Corporation. All rights reserved.

3 Copyright © 2013, Intel Corporation. All rights reserved. Introduction Paul Vaccaro IT Data Center Strategy and Technology Forrest Gist, P.E. Global Technology Lead Integrated Security and Emergency Preparedness 3 Copyright © 2013, Intel Corporation. All rights reserved.

4 4 Intel Global Strategy Grow PC and Datacenter business with new users and uses Extend Intel Solutions to win in adjacent market segments Create a continuum of secure, personal computing experiences Care for our people, the planet, and inspire the next generation Use our unmatched employee talents, manufacturing, technology, and brand strength to: Copyright © 2013, Intel Corporation. All rights reserved.

5 5 Intel Security Structure Legal & Corporate Affairs – Reports to CEO Corporate Services – Technology and Manufacturing Group Information Technology – Reports to CFO Chief Security and Privacy Officer CSPO Groups with responsibility for Corporate Security Policy and Enforcement

6 Copyright © 2013, Intel Corporation. All rights reserved. Intel IT Vital Statistics 6

7 Copyright © 2013, Intel Corporation. All rights reserved. 7 Copyright 2013 CH2M HILL Our World is Changing

8 Copyright © 2013, Intel Corporation. All rights reserved. Data Center Security 8 Past Focus:  Protect data center facility and structure  Outsider threats Present and Future Focus:  Layered security  ‘Agile’ security system  Respond to both known and unknown threat vectors

9 Copyright © 2013, Intel Corporation. All rights reserved. Security: A Balancing Act 9 ( Source: Intel Corporation, 2012) reasonably protected OPEN ACCESS LOCKED DOWN Balancing Interests Assets should be fully protected Controls increase cost and constrain use of data and systems 

10 Copyright © 2013, Intel Corporation. All rights reserved. SECURITY PROGRAM ELEMENTS Threats Policies and Procedures Layers of Security Value of Assets Security Culture Setting the Stage: Security Considerations 10 These apply for both physical and cyber security. Security Program Elements Threats Policies and Procedures Layers of Security Value of Assets Security Culture

11 Copyright © 2013, Intel Corporation. All rights reserved. Threats 11 Different security systems required for various threats The more dangerous the threat, the more critical the required security system Helps set direction for security program

12 Copyright © 2013, Intel Corporation. All rights reserved. Threat Activity and Probability 12 Is the adversary present? Does the adversary have resources to achieve undesired event? Does adversary have intention or history? Has the adversary selected the facility? ExistenceCapability Intention or History Selection

13 Copyright © 2013, Intel Corporation. All rights reserved. Regulation Drives Security 13 Copyright © 2013, Intel Corporation. All rights reserved. All aspects of security have considerations based on regulatory requirements. HealthcareUtilitiesFinance Critical Infrastructure

14 Copyright © 2013, Intel Corporation. All rights reserved. Components of a Successful Security Program 14 Security Program Elements Operational Policies and Procedures Communication Layered Security Security Staffing

15 Copyright © 2013, Intel Corporation. All rights reserved. Security Culture: Executive Sponsorship is Critical! 15 EXECUTIVE (sponsor) MANAGEMENT (implement) STAFF (buy-in) –Executive commitment –Organizational commitment –Personal responsibility

16 Copyright © 2013, Intel Corporation. All rights reserved. How Much Security is Enough? 16 Begin with a comprehensive Risk Assessment  Assess security resources  Evaluate threats, consequences  Develop short list of security priorities (top 5) Suggested frequency - every months

17 Copyright © 2013, Intel Corporation. All rights reserved. Delay Physical Security System 17 Copyright © 2013, Intel Corporation. All rights reserved. ( Source: CH2M HILL Security Protection Course) Response Detection Physical Protection System Level of Protection (Pe) Intrusion sensing Alarm communication Alarm assessment Entry control Barriers Dispensable barriers Interruption Communication to response force Deployment of response force Mitigation

18 Copyright © 2013, Intel Corporation. All rights reserved. Detection 18 Performance measures  Probability of sensor alarm (Ps)  Time for communication and assessment (Tc)  Frequency of nuisance alarms (NAR)  Alarm without assessment is not detection (PA)  Probability of detection (P D ) = F (Ps, Tc, NAR, PA) Copyright © 2013, Intel Corporation. All rights reserved. Sensor Activated Alarm Signal Initiated Alarm Reported Alarm Assessed

19 Copyright © 2013, Intel Corporation. All rights reserved. Delay 19 Performance measure  Time to defeat obstacles Protective Force (Guards) Physical Barriers Provide Obstacles to Increase Adversary Task Time Delay

20 Copyright © 2013, Intel Corporation. All rights reserved. Response 20 Performance measures  Probability of communication to response process  Time to communicate  Probability of deployment to adversary location  Time to deploy  Response process effectiveness Copyright © 2013, Intel Corporation. All rights reserved. Communicate to Response Process Deploy Response Process Mitigate Attempt

21 Copyright © 2013, Intel Corporation. All rights reserved. Adversary Task Time vs. PPS Time Requirements 21 Adversary Task Time C T Begin ActionTask Complete Time Respond Adversary Interrupted PPS Time Required T I Detect Alarm Assessed A T First Alarm 0 T Delay PPS Time required Respond Adversary Success x Delay ( Source: CH2M HILL Security Protection Course)

22 Copyright © 2013, Intel Corporation. All rights reserved. Characteristics of an Effective Physical Protection System Minimum consequence of component failure Balanced protection Protection-in-depth 22

23 Copyright © 2013, Intel Corporation. All rights reserved. Mitigate Adversary Success For Threats: Protection in Depth 23 Level 1 = Property Line Level 2 = Lobby & Service Yard Level 3 = Facility Inner Spaces From inside From Perimeter to Building Originating at Perimeter Security Protection Layers:

24 Copyright © 2013, Intel Corporation. All rights reserved. Layers of Security 24 Value of Assets Trusted zones Selective zones Untrusted zones Depth and Range of Controls Allowed Devices, Applications and Locations Value of assets drives security protection. Policy Enforcement Point (PEP) (Source: Intel Corporation, 2012)

25 Copyright © 2013, Intel Corporation. All rights reserved. Security Recommendations LAYER 1 – PROPERTY LINE Proper Site Standoff Distance Gates Perimeter Protection Appropriate Landscaping Security Patrol  Security Officer Presence at Gates 25

26 Copyright © 2013, Intel Corporation. All rights reserved. Security Recommendations (continued) LAYER 2 – LOBBY & SERVICE YARD Windows – few or none Cameras Badge Check -Turnstiles/Portals Protect Critical Equipment Limit Entry Points 26

27 Copyright © 2013, Intel Corporation. All rights reserved. Security Recommendations (continued) LAYER 3 – FACILITY INNER SPACES Protect HVAC and Critical Equipment Secure Portals; 2-factor authentication Secure Cages and Carts Visitor Escorting

28 Copyright © 2013, Intel Corporation. All rights reserved. Intel – IT Security Master Design Standards Security Access Control Systems CCTV Schedule and Camera Matrix Facility Entry Control Systems Security Command Center and Standard Panic Alarm System Guard Shack and CCTV System Exterior Security & CCTV System Security Command Center Building Security Equipment Room Security Risk Based Mitigations Security Mitigation Matrix Security Network System Physical Security 28

29 Copyright © 2013, Intel Corporation. All rights reserved. Key Learnings – Intel After 9/11 Adopted 100 yards Outer Ring setback policy on all Data Centers Generator Fuel Storage: 215 gallon separate and secured Day Tank Mandate Keep all combustibles out of the Data Center (Cardboard), use water as fire control, and VESDA as detection. Let the room content protect itself on Thermal Protection  No Thermal Rise EPO and shunt trip disabled Amount of Camera coverage is tied to impact to revenue assessments For highly secure areas we mandate double entry requirements Innovation as a result of being flexible for cultural norms

30 Copyright © 2013, Intel Corporation. All rights reserved. Data Center Security 30 Past Focus:  Protect data center facility and structure  Outsider threats Present and Future Focus:  Layered security  ‘Agile’ security system  Respond to both known and unknown threat vectors

31 Copyright © 2013, Intel Corporation. All rights reserved. Security Technology Innovations 31 Security Monitoring Software Rack Access Control Video Analytics Secure Portals Megapixel Cameras

32 Copyright © 2013, Intel Corporation. All rights reserved. Physical Security Information Management (PSIM) 32  Integrates fire, security, CCTV, building management, etc.  Benefits;  Actionable Intelligence  Staff Efficiencies  Improved response

33 Copyright © 2013, Intel Corporation. All rights reserved. Megapixel Cameras  Higher resolution  Increased frame rates  Johnson criteria 33 FORMATPIXELS (H)PIXELS (V)ASPECTSIZE CIF352 pixelsx240 pixels~4:3 VGA640 pixelsx480 pixels4:3 4CIF704 pixelsx480 pixels~4:3 D1720 pixelsx480 pixels3:20.4M pixel SVGA800 pixelsx600 pixels4:30.5M pixel HDTV(720)1280 pixelsx720 pixels16:90.9M pixel HDTV(1080p)1920 pixelsx1080 pixels16:92.1M pixel 4K4096 pixelsx2304 pixels16:99.4M pixel Beyond!8192 pixelsx1536 pixels(4) X 4:312M pixel    More Pixels More Storage, Higher CPU Requirements Increased Cost

34 Copyright © 2013, Intel Corporation. All rights reserved. Video Analytics 34 Video analytics are more powerful Cost is dropping Self-learning modes Appropriate use areas; perimeter, data center entries Copyright © 2013, Intel Corporation. All rights reserved.

35 Secure Portals 35 Access control within security portal Copyright © 2013, Intel Corporation. All rights reserved.

36 Rack-Level Access Control 36 Access control at individual rack units Copyright © 2013, Intel Corporation. All rights reserved.

37 Summary 37 Security is critically important. Security Threats are multi-faceted and evolving. Conduct a comprehensive risk assessment. Incorporate layered security. Add new technology as appropriate.

38 Copyright © 2013, Intel Corporation. All rights reserved. Links to Additional Information 38 Best Practices: best-practices.htmlhttp://www.intel.com/content/www/us/en/it-management/intel-it/intel-it- best-practices.html : Enterprise Security it-managing-it.htmlhttp://www.intel.com/content/www/us/en/it-management/intel-it/intel- it-managing-it.html Managing Risk and Information Security: Protect to Enable, by Malcom Harkins, Apress 2012 Link for referenceLink for reference Intel IT Performance Report intel-it-annual-performance-report intel-it-annual-performance-report Cyber War: The Next Threat to National Security and What to Do About It – Richard A. Clarke Security and Emergency Preparedness Site: emergency-management/default.asp (Link)http://www.ch2m.com/corporate/services/security- emergency-management/default.asp DHS Executive Order – Improving Critical Infrastructure Cybersecurity: incentives-study_0.pdf incentives-study_0.pdf

39 Forrest Gist, PE Global Technology Lead Security & Emergency Preparedness IDC Architects / CH2M HILL Paul Vaccaro IT Data Center Technologist and Strategy Intel

40 Thank You

41 Intel Confidential — Do Not Forward


Download ppt "Meeting the Increasingly Complex Challenge of Data Center Security Paul Vaccaro / Intel IT Data Center Technologist and Strategy Forrest Gist, P.E. / IDC."

Similar presentations


Ads by Google