Cybersecurity threats grow and change every day, demanding perpetual vigilance and adaptation to the shifting security landscape. However, upgrading security in a traditional three-tier architecture is so time consuming and expensive, often involving multiple separate vendors, that some enterprises put off innovation. In light of competing security concerns—the need to reclaim resources for innovation versus the need to keep costs down—corporate and government environments demand a simpler approach: one vendor, with technology secured by design, and automated security compliance and reporting.
Nutanix has created a security development life cycle (SecDL) that addresses security at every layer in the deployment cycle, rather than applying it at the end as an afterthought. The SecDL implements security culture from top to bottom, ensuring that it is a foundational part of the design. SecDL reduces the time it takes to update code, which mitigates the risk of zero-day exploits.
As regulations become more cumbersome and threats continue to proliferate, a fully tested platform with security at the forefront is the best choice for meeting tomorrow’s challenges today. The Xtreme Computing Platform (XCP) shrinks the compliance auditing window from months to minutes, allowing you to focus instead on the applications that drive the business.
SCMA also covers frustrating maintenance scenarios in which you upgrade your storage or hypervisor software only to find that the new software has overwritten your careful configuration work, forcing you to go through all the settings again from scratch. Returning to the baseline manually is slow and error-prone, often causing significant problems, particularly when dealing with major release upgrades. Companies have had to delay upgrading their systems to preserve security compliance, even when an upgrade would offer new features required to support the business. Nutanix SCMA means that businesses don’t have to shoulder the burden of interoperability testing or go through cumbersome steps to manually inspect and revert the upgraded system to a known good state.
With SCMA, you can schedule Nutanix STIGs to run hourly, daily, weekly, or monthly. The automation checks have the lowest system priority within the virtual storage controller, ensuring that security checks do not interfere with platform performance.
Nutanix has embedded five STIGs covering Nutanix storage and AHV in the product. These STIGs are:
o Acropolis Virtual Storage Controller STIG
o Nutanix Prism Web Server STIG (for tomcat)
o Nutanix Prism Proxy Server STIG (for Apache)
o Nutanix JRE8 STIG
o Acropolis Hypervisor STIG
With both the storage and they hypervisor meeting the highest levels of security out of the box I think it’s safe to say from day 1 to the life of the cluster that you have the most secure platform for your workloads. You can’t simply do one without the other and be secure. It’s this end to end life cycle (SecDL) that makes Nutanix so different from other vendors on the market today.