Businesses are increasingly adopting multi-cloud architectures to benefit from the freedom to choose the appropriate cloud platforms for their various workloads. One of the key challenges in a multi-cloud world is ensuring the security of your critical applications and data. According to research by industry leading analysts, by the year 2022, at least 95% of cloud security breaches will be the customer’s fault and arising mostly from resource misconfigurations. The issue of cloud resource misconfigurations leading to security vulnerabilities applies to both public as well as private cloud environments.
In order to help Nutanix customers with security risk posture tracking and proactive remediation of potential security blind spots in their multi-cloud environment, Xi Beam provides the necessary capabilities to detect and respond to security misconfigurations in near real-time. Beam had thus far supported security posture auditing and remediation for public clouds and now it also provides the same capabilities for Nutanix private cloud customers, thus enabling them to use a single, multi-cloud security posture management solution.
Fig 1: Security Compliance in Xi Beam - How does it work
Beam’s support of security compliance for the Nutanix stack is independent of the hypervisor that you are using in your Nutanix Private Cloud. Beam provides more than 300 security audits (and continues to add more with every release) that can be categorized as:
- Network security audits
- VM security audits
- Data security audits
- Access security audits
Some examples of the audits that Beam provides include checking for VMs with attached security policies or VMs that may potentially be exposed to public or external IPs over TCP or UDP ports. Beam can also check if data encryption has been enabled or not, or if there are too many users with admin privileges. This is just a small but representative set of the audits that Beam can run in your Nutanix private cloud.
A subset of the 300+ security audits are also used to validate the compliance of your Nutanix private cloud with regulatory policies such as PCI-DSS. You can use Beam as a system of records to check for the required process, documentation and configuration related checks to ensure that your cloud environment will pass a PCI-DSS audit. In upcoming releases, Beam aims to provide compliance validation with HIPAA, NIST, CIS and other regulatory policies for the Nutanix stack as well.
Beam’s security compliance capabilities are delivered with a SaaS model even when using Beam for the security auditing of your on-premises Nutanix private cloud. Users will be required to install a lightweight VM in their Nutanix clusters with one Beam VM installed per Prism Central install.
This VM will need bi-directional communication with your Prism Central instance as well as the Beam SaaS service. Communication with the Beam SaaS engine is carried out over a secure gRPC channel. The Beam on-premises service (running in the Beam VM) helps to collect the security posture of your Nutanix private cloud through API calls to Prism Central. The security state of your Nutanix environment is compared against the desired security baseline and any audit failures are reported in the Beam SaaS service. Users will need to have a Beam SaaS account before setting up the security compliance module for their Nutanix private cloud.
Fig 2: Beam Security Compliance Architecture for Nutanix private cloud
Having a single solution that can help you detect and remediate security misconfigurations in real-time is essential for businesses that use either private or public cloud environments. Beam provides users with the necessary auditing, remediation and highly customizable capabilities to ensure enterprises can quickly test their private or public cloud environments for potential security risks and take steps to remediate them.
If you are an existing Nutanix customer and would like to try out Beam to audit and improve your Nutanix private cloud security posture, you can start a 14-day free Beam trial. Beam is quick and easy to set up for any cloud environment.
Get started today with Beam. Detect and remediate security vulnerabilities, and validate your compliance with regulatory policies. We look forward to helping you improve your multi-cloud security for Nutanix private cloud as well as public clouds.
This blog includes forward-looking statements concerning our plans and expectations relating to new product features and technology that are under development, including features of Xi Beam, the capabilities of such product features and technology and our plans to release product features and technology in future releases. These forward-looking statements are not historical facts, and instead are based on our current expectations, estimates, opinions and beliefs. The accuracy of such forward-looking statements depends upon future events, and involves risks, uncertainties and other factors beyond our control that may cause these statements to be inaccurate and cause our actual results, performance or achievements to differ materially and adversely from those anticipated or implied by such statements, including, among others: the introduction, or acceleration of adoption of, competing solutions, including public cloud infrastructure; a shift in industry or competitive dynamics or customer demand; and other risks detailed in our Annual Report on Form 10-K for the fiscal year ended July 31, 2019, filed with the Securities and Exchange Commission, or SEC, on September 24, 2019. Our SEC filings are available on the Investor Relations section of the company’s website at ir.nutanix.com and on the SEC’s website at www.sec.gov. These forward-looking statements speak only as of the date of this blog and, except as required by law, we assume no obligation to update forward-looking statements to reflect actual results or subsequent events or circumstances.
© 2019 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and the other Nutanix products and features mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. All other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This blog contains links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site.