Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device.|We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

Most Recently added Virtualization Security Resources: (See More...)

Security Wrapped Data

July 10, 2014
By
VirtualizationSecurity

On the July third Virtualization Security Podcast, we discussed mobile security with Harry Labana, CPO of CloudVolumes, and Ben Goodman of VMware. Actually, it was not necessarily about mobile security as much as it was about security in accessing corporate data from mobile devices, regardless of device and location of data. What came out of…

Read more »

A Timely Remider: Passwords and Pin Codes Are Important

July 8, 2014
By
VirtualizationSecurity

On June 24, 2014, a former editor of a now-defunct British tabloid newspaper (some will disagree with the use of the prefix “news”) was found guilty of phone hacking. Phone hacking is the practice of intercepting and listening to a phone’s voicemail messages without the owner’s knowledge or permission.

Read more »

Gigaom Structure: Hyperscale Cloud Innovation

June 25, 2014
By
CloudComputing

Attending Gigaom Structure was an exercise in getting fire-hosed with the leading edge innovation that public cloud providers are bringing to their customers worldwide. These innovations not only will have a profound effect on public cloud computing, but also will ultimately impact data center architectures, costs, and benefits worldwide.

Read more »

Protecting ITaaS Consoles

June 24, 2014
By
ITasaService

There has been quite a bit written about Code Spaces and how unauthorized access to its ITaaS console granted enough permissions to delete everything out of Amazon, including backups. There are lessons here not only for tenants, but also for those vendors who create ITaaS consoles, such as VMware (vCHS, vCD, vCAC, vCenter, Orchestrator, etc.),…

Read more »

Lessons We Can Learn from the Code Spaces Attack

June 20, 2014
By
CloudComputing

It was all over the web on June 18: Code Spaces went off the air, as we discussed during the Virtualization Security Podcast on 6/19. The reasons are fairly normal in the world of IT and the cloud. They were hacked. Not by subverting the Amazon cloud, but in ways considered more traditional—even mundane. An…

Read more »

Security Discussion: Backup and Scripting

June 9, 2014
By
VirtualizationBackup

During the last two Virtualization Security Podcasts, the panel discussed backups as well as scripting related to backups and in general. We went further to discuss the security implications surrounding backups, including whether or not a recovery is required when a site is hacked. The latter raises an important question: what constitutes a disaster that…

Read more »

Securing Clouds from Service Providers

May 22, 2014
By
SecuringCloudsTheFuture-thumb

Secure multi-tenancy is not just about ensuring security and segregation between tenants. It is also about limiting, auditing, and tracking the activities of a cloud service provider within a tenancy or that touches upon more than one tenant, which of course includes any activity that occurs within the hypervisor, storage, or other layers of the…

Read more »

Security DevOps (SecDevOps)

April 22, 2014
By
Security DevOps (SecDevOps)

At InfoSec World a few weeks ago, I was in a talk with Rich Mogull (@rmogull) of Securosis. Rich spoke on the concept of SecDevOps while demonstrating how he applies this concept to workloads running within Amazon. Now, some would argue that DevOps already contains security practices within the workflows. The unfortunate reality is that,…

Read more »

How Much Insight Are We Missing from Our Environments?

April 18, 2014
By
CloudComputing

How much insight are we missing from our environments? That is a question I find myself asking after being bitten by a new “bug” found in VMware vCloud Automation Center (vCAC). There seem to be many people like me who discovered their morning was wrecked when the vCloud Automation Center 6.0 tenants became inaccessible and…

Read more »

Featured Solutions