The Virtualization Practice

Author Archive for Edward Haletky

Edward Haletky
Edward HaletkyEdward L. Haletky, aka Texiwill, is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization. [All Papers/Publications...]

Hotlink100x30

The next generation of data protection is not just about backup or replication into and out of the cloud, but about inexpensive recovery directly into a cloud in a hypervisor agnostic manner. Recovery is the key to backup and while we spend many hours ensuring that our backups happen in a timely manner, we spend very little time testing those backups and ensuring that recovery can happen at any time for any workload, not just those that are mission critical. Next generation data protection must also be extremely simple to use, setup, and configure. Is your data protection tool a next generation tool or lost in the past somewhere?

CloudComputing

What is the total cost of ownership, TCO, of the cloud? When we think of the cloud, we think of using applications in the cloud such as Salesforce, Box.net, and others. We may even consider using security as a service tool such as Zscaler and others. In some cases we also think of placing our own workloads in the cloud using Amazon and other tools. The real question that comes to mind is the TCO of the cloud? Not now, but long term.

When we think of logging within the secure hybrid cloud, we tend to think of analytics, but there is more to logging than just reviewing the data there are also discussions on what to collect and from where as well as why collect the data? For security purposes we may start with collecting access data and work out from there, but most logs from complex systems such as a secure hybrid cloud include many different forms of log data and in some cases, not enough. Perhaps what log data you can retrieve may be a deciding point for hybrid cloud services as logs are used not only for audit purposes, but also for trouble shooting and forensics. What log data do you collect within your secure hybrid cloud?

SMBVirtualization

As a small business we run a 100% virtualized environment and looking to migrate to a cloud, but the investment in IT to do this has been pretty substantial and for a cash strapped small business can be a many year process due to budget constraints and immediacy of other business needs. That is the key to a small business, the immediacy of business needs, but if you can step back and do a little planning, any small business can proceed along the journey from a physical environment to a software defined environment. There are many choices available to a small business depending on when they started this journey, existing investment, and where they wish to go. What choices are available now for a small business and where should we go as small business owners?

The Hybrid Cloud has 100s if not 1000s of APIs in use at any time. API security therefore becomes a crucial part of any hybrid cloud environment. There are only so many ways to secure an API, we can limit its access, check the commands, encrypt the data transfer, employ API level role based access controls, ensure we use strong authentication, etc. However, it mostly boils down to depending on the API itself to be secure because while we can do many things on the front end, there is a chance that once the commands and actions reach the other end (cloud or datacenter) that the security could be suspect. So how do we implement API security within the hybrid cloud today?

DataCenterVirtualization

There has long been a debate about testing products within a virtual environment. Not just on how, but the why as well as the what to test. There are limits in some EULA’s as well on the reporting of such testing. This was the subject of the 7/25 Virtualization Security Podcast (#112 – Virtualization Security Roundtable) held Live from NSS Labs in Austin, TX. Where we delved into the issues of testing within a virtual environment. While the discussion was about security products, it is fairly straight forward to apply the concepts to other products within the virtual environment.

CloudComputing

At the recent Misti Big Data Security conference many forms of securing big data were discussed from encrypting the entire big data pool to just encrypting the critical bits of data within the pool. On several of the talks there was general discussion on securing Hadoop as well as access to the pool of data. These security measures include RBAC, encryption of data in motion between hadoop nodes as well as tokenization or encryption on ingest of data. What was missing was greater control of who can access specific data once that data was in the pool. How could role based access controls by datum be put into effect? Why would such advanced security be necessary?

When it comes to the secure hybrid cloud, Identity has many different definitions from a device a user is using to the combination device, location, password, and other multi-factor authentication means. Even with all the technology there is still the question of where the identity store lives (the bits that contain the identity for all users, devices, etc.) as well as how do you prove identity once the user goes somewhere within the cloud which is outside your control?

Google Circle
Join my Circle on Google+

Plugin by Social Author Bio