VMware’s Project Octopus and others like ownCloud and Oxygen Cloud have stirred some interesting ideas about Application Security. Those applications that make use of SSL, nearly every web application, can make use of secure data storage for certificate verification means. What makes SSL MiTM attacks possible, is mostly related to poor certificate management. If there was a way to alleviate the need for the user to be involved in this security decision, then SSL MiTM attacks would be significantly reduced.
• • 2 Comments
The 3/22 Virtualization Security Podcast brought to light the capabilities of Symantec Critical System Protection (CSP) software. This software successfully implements a manageable version of mandatory access control policies based on role-based and multi-level security functionality within the virtual environment. More specifically on those systems that are critical to the well being and health of your virtual and cloud environments such as all your management and control-plane tools (VMware vCenter, Microsoft SCVVM, XenConsole, etc.). In addition, Symantec CSP will monitor your virtualization hosts for common security issues. This in itself is great news but why are we just hearing about this now? Is this a replacement for other security tools?
The 3/8 Virtualization Security Podcast held a discussion on the happenings as the 2012 RSA Conference in San Francisco as well as a discussion of the features of Bitdefender’s entry into the virtualization and cloud space with their SVE product. RSA Conference high lights not just those security tools for the virtualization and cloud spaces but the entire industry and each year there is always a common theme. Was there one this year? Was there any surprises at the conference?
Cloud Computing ...
• • 0 Comments
The Virtualization Field Day delegates joined the Virtualization Security Podcast as guest panelists on 2/23 and the topic of the day was cloud security. There were questions about compliance, security of the tenant, and security of the administrators, and legal issues. There were answers from Rodney Haywood (Rodos), another Virtualization Field Day Delegate and cloud architect as well as the podcast standard panelists. So what did the questions boil down to?
OnLive Desktop is on the verge of making a game-changing move in the VDI space delivering the hope of a service that a CFO would bite your hand off for. OnLive’s delivery capability is a wakeup call to the ISVs and SPs who are trying to penetrate this market. With the license battle is about to ensue, Microsoft has the heads up display and is the one holding the shotgun, perhaps OnLive can finally convince Redmond that its always more fun in multiplayer mode.
During a briefing of Quest’s new data protection announcements I started to think about the future of data protection. Quest recently announced that NetVault will now work with Exagrid devices and that there is now a Capacity Edition targeting SMBs and SMEs. These changes add some more capabilities to an existing product suite. While, these announcements do not necessarily merge with virtualization backup, the combination of Quest’s tools and partnerships do form an impressive view of the future with respect to Data Protection.
VMware prices and licenses its products today along a set of models that are not optimized for either pure market penetration (like Microsoft) or pure extraction of the maximum cash from each customer (like Oracle). These policies will likely ensure that VMware continues to dominate the high end of the market – especially in enterprise accounts, but that VMware will leave itself open to being eaten from below by Microsoft Hyper-V (especially in Windows only SMB/SME accounts). The long term answer to how VMware positions itself with respect to price and value in the marketplace will likely come from vFabric and Cloud Foundry, as both of these products are crucial to the long term strategic position of VMware in the market – and also will rely upon aggressive third party support to succeed.
• • 0 Comments
Virtualization and Cloud Security architects, pundits, and writers like myself often talk about protecting the data within the virtual and cloud environments. However, in order to protect that data we need to be able to determine how the data will be used, accessed, modified, and eventually removed. So, how can we understand data security without understanding the application around it. But there is an even more fundamental problem, how do we define the application and the security measures we should take?
As Virtual Desktops become standard components of the entire desktop environment there are increasing demands on the end point devices to provide the performance of legacy desktop computers they are replacing. Devices with more memory, faster processors and expandable peripheral device support are quickly replacing the utility devices most associated with thin clients. On Monday February 13, 2012 HP announced the release a new class of thin client devices that are designed to address the end user performance needs and adds security architecture to combat increasing security threats.