Intelligence gathering is an oft overlooked aspect of system and data defense in depth. On the 7/12 Virtualization Security podcast we discussed new and old sources of such intelligence. We were joined by Urvish Vashi, VP of marketing, Alert Logic. Alert Logic has updated their report on cloud based security attacks. Add to this the yearly Verizon Breach and other reports, and we start to have a good handle on intelligence of past and possibly future attacks.
Cloud based security is about securing the data, yet compliance requirements are often about securing the environment, such as PCI’s requirement for web application firewalls, which protect web servers and perhaps applications and imply protection of data. But they do not directly protect data. How can a Software Defined Data Center implement a form of Software Defined Security automatically to meet not only compliance requirements, but security around a particular mote of data?
VMware purchased Nicira, backed the Openflow Community, and is now touting software defined data centers (SDDC). But what is a software defined datacenter? Is it just virtualization or cloud with a software defined network? Or is it something more than that? Given heavy automation and scripting of most clouds, do we not already have SDDC? If not where are we going with this concept? What does SDN add to the mix?
Just what are storage hypervisors? There are several companies that claim to have storage hypervisors. Wikipedia states that a hypervisor is “conceptually one level higher than a supervisory program”. We also know that from our normal use of hypervisors that they manage the underlying resources that a guest uses. Do these definitions work for a storage hypervisor?
The 6/28 Virtualization Security Podcast we spoke about attacks, defense in depth, and compliance with Davi Ottenhiemer and Matt Wallace. Davi and Matt just published a book on how to defend your virtual environment against attack. Unlike other books, this approaches the problem from the point of view of well know attacks. It even gives examples of some of the more interesting attacks against any of the virtual environments, not just VMware vSphere. The discussion eventually found its way to even newer attacks and their impact on the environment.
Storage Security is not only about Encryption, which is just one aspect of Storage Security requirements for the virtual and cloud environments. It is also about increasing defense in depth and knowledge of what is touching your storage environment. As well as providing security around those touch points and to a great extent auditing and protecting the data residing within the storage devices regardless of where the devices live: within the virtual environment or within a cloud.
Join my Circle on Google+
Plugin by Social Author Bio