“Security is not a product but a process“- Bruce Schneier, well renowned cryptographer and security specialist
And that’s what we believe at Nutanix, so let me introduce you to the Nutanix Security Development Lifecycle (SecDL), which incorporates security into every step of the software development process so that you, whether belonging to heavy-compliant industry like healthcare, financial services or the federal government, can enjoy the simplicity of Nutanix Web-Scale technology and yet make your production environment secure!
Our SecDL’s defense in-depth model enables automated testing for security during development as well as threat modeling to assess and mitigate customer risk from code changes. Also, multiple scans are performed during the QA process to harden various components and substantially reduce common vulnerabilities. Above all, the process agility enables incorporation of security without slowing the development.
Another unique aspect is that we have developed our own custom, comprehensive Security Technical Implementation Guide (STIG) written in eXtensible Configuration Checklist Description Format (XCCDF) to support the Security Content Automation Protocol (SCAP) standard. This machine-readable STIG format allows easy consumption by automated assessment tools and eliminates the need for time-consuming testing. Thus, the accreditation process time for the DIACAP/DIARMF transition can be reduced from the typical 9-12 months to around 30 minutes.
This model also paved the way for the following security enhancements in the Nutanix Operating System (NOS):
Data-At-Rest Encryption: Security without Impacting Performance
You can now enable Data-At-rest encryption through FIPS 140-2compliant, Self Encrypting Drives (SED) in select configurations across the NX-3000 and NX-6000 appliances. This feature utilizes open standard protocols like KMIP and TCG.
By deploying an enterprise Key Management solution, from Safenet KeySecure, you can ensure that encrypted data is protected against unauthorized access by streamlining the management of associated keys. The whole set-up is very simple to configure through Prism and requires only few steps/clicks, as highlighted in this 2-minute video:
Also, the data is protected from unauthorized access when the drives are unseated or power-cycled. Thus, it meets the data-at-rest encryption requirements as set forth in HIPAA, PCI DSS and SOX standards. Moreover, leveraging hardware-based data at rest encryption ensures no adverse impact to system performance, so you don’t have to worry about taking away precious compute cycles to perform encryption/decryption, incur high latencies, or degraded bandwidth and/or IOPS performance.
Client Authentication: Two Factor Authentication
You can enable two-factor authentication for users through a combination of a client certificate and/or username/password to address stringent security needs.
Cluster Shield: Cluster Lockdown for Additional Security
You can easily lock down access to Nutanix clusters if your environment mandates heightened security requirements. Cluster Shield restricts access to a Nutanix cluster by disabling interactive shell logins.
So, in a nutshell, the afore-mentioned processes and features allow the uncompromisingly simple Nutanix based solution to be compliant with a number of certifications, thus making your environment simply secure!
Nutanix continues to provide innovative solutions to improve IT security across federal government organizations.
-Robert Sanchious, CEO/Chief of Engineering | SHR Consulting Group
[Techy Tidbit: The first webcam was intended not for security surveillance but for monitoring a coffee pot, which was installed in the Trojan room within the Computer Lab of the University of Cambridge, to avoid wasted trips to an empty pot]