Security in the cloud and the virtual environment is ‘all about the data’ and not specifically about any other subsystem. It is about the data. As such the data has something it knows (the contents of the data), something it is (its signature), and something it has (its digital rights) and since it has these three elements, the data has all it has identity. However, protecting the data requires us to put things between the data and the real world such as firewalls, and complex role based access controls, as well as methods to replicate the data to other locations in a non-intrusive mechanism. The goal to such replication could be to ensure multiple sites have the same data (such as a hot-site) or to have the data available in another locations in case of disaster.
As a delegate for Tech Field Day 6 in Boston, I was introduced to SRM Replication as well as ZeRTO a third party replication tool. They seem to be as different as night and day but are they? Both work within the vSphere environment to replicate virtual disks regardless of storage type, and apparently hook into the same location within VMware’s API stack. This shows a maturity of VMware’s API stack that until now has been unknown and secret. In this one area, Microsoft Hyper-V is beating VMware vSphere: The availability of well known APIs that are easy for Third Parties to use. I now see a change in VMware’s behavior, can they continue this growth?
IT as a Service ...
• • 1 Comment
The problem is that not everything is as black and white as security folks desire. If we implement performance and other management tools, we often need to expose part of our all important virtualization management network to others. But how do we do this safely, securely, with minimal impact to usability? Why do we need to this is also another question. You just have to take one look at the Virtualization ASsessment TOolkit (Vasto) to realize the importance of this security requirement. But the question still exists, how do you implement other necessary tools within your virtual environment without impacting usability?
At the InfoSec World 2011 conference, in the sessions I attended, there was quite a bit of discussion about moving to the cloud as well as cloud outages.
I was reading the post Small Business Virtualization and that really got me thinking about Small to Medium Businesses and what part Cloud Computing will play in that market. There are plenty of small businesses in and around my area and I have a couple of friends that are the owners of a couple of these small businesses. A majority of these small businesses have a single or a couple of point of sale machines that feed to the accounting program. It is these businesses that I think of when I think of what a small business is. Would virtualization help these companies? Sure, I think so but would it really be worth the cost to setup and maintain?
There were two announcements over the last few days that struck me as quite important to the virtualization community. While some may question this statement, the long reaching effects of these purchases will impact virtualization and cloud computing in not so distant future. In fact, these purchases could add a whole new layer to vSphere as we know it today. Which for VMware is a good thing. They need to continue to innovate to stay ahead of the pack. The purchases I talk about are:
VMware purchasing/taking over control of EMC Mozy
RSA purchasing NetWitness
While we may well be on the road towards VMware becoming the layer of software that talks to the hardware in the data center – removing Microsoft from that role, this is not the end of Windows. If Windows were just an OS, it would be severely threatened VMware insertion into the data center stack. But Windows is not just an OS. Windows is also a market leading applications platform with .NET have a far greater market share and base of developers than vFabric. Windows is also in the process of becoming a PaaS cloud – one that will be living at Microsoft, at thousands of hosting providers, and at probably every enterprise that is a significant Microsoft customer. This incarnation of Windows is at the beginning of its life, not the end.
On the second Virtualization Security Podcast of 2011, we had Doug Hazelman of Veeam as our guest panelist to discuss backup security. Since most of backup security relies on the underlying storage security, we did not discuss this aspect very much other than to state that the state of the art is still to encrypt data at rest and in motion. What we did discuss is how to determine where your data has been within the virtual or cloud environment. This all important fact is important if you need to know what disks or devices touched your data. An auditing requirement for high security locations. So we can take from this podcast several GRC and Confidentiality, Integrity, and Availability elements