The Virtualization Practice

Tag Archive for Cloud Security

VirtualizationSecurity

The Virtualization Field Day delegates joined the Virtualization Security Podcast as guest panelists on 2/23 and the topic of the day was cloud security. There were questions about compliance, security of the tenant, and security of the administrators, and legal issues. There were answers from Rodney Haywood (Rodos), another Virtualization Field Day Delegate and cloud architect as well as the podcast standard panelists. So what did the questions boil down to?

I and others look at Virtualization Security constructs with an eye towards Cloud Security, but they are not necessarily the same. Granted for some clouds, virtualization security can lead to cloud security but this really depends on how the cloud’s architecture. Even so, what we know from Virtualization Security WILL apply to Cloud Security and will be the basis for best practices. But you say, my cloud does not use Virtualizaiton? Ah ha, I say, but it is still a cloud? And that implies there are similar security concerns. This was the discussion on the 1/26 Virtualization Security Podcast.

At the end of last year and the beginning of this year the Virtualization Security Podcast featured two very different guest panelists to discuss cloud security, policy, and compliance: Phil Cox, Director of Security and Compliance at RightScale, joined us for the last podcast in 2011 and the George Gerchow of VMware’s Policy and Compliance Group, joined us for the first podcast of 2012. We asked is the public cloud ready for mission critical applications. The answer was surprising. Have a listen and let us know your thoughts.

“The latest challenge on the security front isn’t necessarily an exotic new threat vector: it’s the attackers themselves. They’re organized, well-resourced and patient. And there’s no silver technology bullet to effectively combat them.”

This is a very important point, and one that I have seen at other security conferences for the last 5 years or so. However, attacks are possible because there is a lack of confidentiality and integrity of the data held within the systems under attack. So the system becomes the week point.

On the 2/24 Virtualization Security Podcast we were joined by Davi Ottenheimer and Michael Haines of VMware to discuss vCloud security. This is of quite a bit of interest to many people these days. As VMware adds more and more Cloud functionality, how to secure the environment is becoming more and more important. The podcast started with the question what aspects of the cloud do customers want secured. The answer was intriguing to say the least.

In the last Virtualization Security Podcast on 12/16 we had with us James Urquhart who manages cloud computing infrastructure strategy for the Server Provider Systems Unit of Cisco Systems. Author of the popular C|NET Network blog, The Wisdom of Clouds. James shared with us some of his Wisdom over the hour. The discussion covered what is preventing people from Entry into the Cloud and why private and hybrid clouds are going to stick around for quite a while and are not a passing fad. We answered the question of why people are reluctant to enter the cloud.