I had an interesting conversation with Vizioncore yesterday about how backup is not as much a decision about what software to use but what process to use. In addition, this process needs to be considered from the very beginning of your virtualization architecture. With the quantity of virtual machines being used today by the SMB and Enterprise customers, the backup window has grown to nearly an all day event. What you say? An all day event? My backups happen with the window I set.
Cloud Computing ...
• • 3 Comments
There are two key features missing from Virtualization and Cloud Computing. Those are auditing and forensics. The A6 project aims to fix this problem for auditing, but there is only some research into forensics. The issue is about discovering who did what when, where, how, and hopefully why. Auditing plays into this for Compliancy but also for forensics. Forensics has two major components in its arsenal: Audit Trails, and Disk Images.
I was posed with a question today, “I’m looking for some info on account & password management for consultants that visit a lot of customers where they have to do admin stuff.” with a secondary question of “how to manage the account if a constultant leaves?” This was specific to the VMware vSphere but would apply to any hypervisor.
VMware has just announced the End of Availability but not End of Life (EOL) for some of its pre-vSphere ESX products (Announcing End of Availability), specifically all but the latest releases of ESX 3.x and vCenter 2.x however, it has dropped availability for the ESX 2.x products completely.
The future of Virtualization and Cloud Security is being worked on today and there are several projects worth watching. Early guidance from these projects will aid your current virtualization and cloud security policies, procedures, plans, and architectures. (A6, DMTF, CSA, PCI, FDIC, etc.)
• • 1 Comment
I was privileged to speak at the 3rd Annual South Florida ISACA WoW! Event with Robert Stroud, Alan Shimel, and other great speakers. What I discovered from this conference is something I have feared for quite a number of years. Compliance actions are not continuous but often only enacted when the auditor shows up at the door. Secondly, very few auditors raised their hand when I asked if they are working with Virtualization or have customers that virtualize, this was quite a surprise.
Have you ever wondered how all the virtualization security tools fit together? Wait no longer as we have a new White Paper that will tell you this information. How do products from Altor Networks, Catbird Security, Reflex Systems, HyTrust, Tripwire, and others fit within your virtual environment?
When you think of backup security, many people think of ensuring tapes are offsite or even encryption on media, but what is really required for backup security? There is quite a bit going on when someone performs a backup within the virtual environment, so where does security begin and end for making a single or multiple backups?
In the article End-to-End Virtual Machine Backup I mentioned the new VMware Workstation 7.0 feature that creates an encrypted disk but in reality it is an encrypted virtual machine, which also implies encrypting the virtual disk. This one option to VMware Workstation is something that is needed within VMware vSphere as well as the other hypervisors. Encrypting virtual disk data can add to the overall security stance based on the encryption technology employed. So what do we need with virtual disk encryption?
Join my Circle on Google+
Plugin by Social Author Bio