The Virtualization Practice

Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. ...
We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

If there was one thing I saw and heard about at VMworld, was the number of third party collaborations that were taking place. While not explicitly stated by VMware at VMworld, the show floor had many different collaborations that were taking place. This level of collaboration shows a level of maturity within the virtualization and cloud vendor ecosystems. A maturity, that shows that the vendors understand the benefits of leveraging other companies to lower their overall costs while producing better and more attractive products. Some of the collaborations I saw where purely the resale of products, while others were integrations between products.

VMware announced a loosely coupled group of vCloud providers that will use vCloud Connector to loosely couple their clouds, so that VMs can move from vCloud to vCloud without requiring you to renegotiate pricing, capability, and functionality with multiple cloud vendors, just your local one. This announcement is intriguing in that it is a move to push the cloud into the global space, but also fraught with peril if not done correctly.

Your VMworld 2011 Enterprise Private Cloud and IT as a Service Short List

Choosing a Private Cloud platform involves trading off the scale of the environment, the types of applications running on the environment and compatibility with public cloud platforms with each other. VMware, DynamicOps, Gale Technologies, Abiquo, Platform Computing and Cisco offer the most compelling enterprise focused production application platforms. However other use cases and markets are best handled by other vendors.

More and more is coming out about the attack from a MacDonald’s that left an organization crippled for a bit of time. The final tally was that the recently fired employee was able to delete 15 VMs before either being caught or he gave up. On twitter, it was commented that the administrator must not have been a powershell programmer because in the time it takes to delete 15 VMs by hand, a powershell script could have removed 100s. Or perhaps the ‘Bad Actor’ was trying to not be discovered. In either case, this has prompted discussions across the twitter-sphere, blog-sphere, and within organizations about how to secure from such attacks.

Last week there was a bit of a surprise when someone announced Catbird Security made an agreement to purchase vShield App and only App from VMware. This left quite a few of us scratching our heads wondering why VMware would let this particular security software go. This announcement was incorrectly relayed and quite far from the truth. Catbird Security has written an agreement with VMware to OEM vShield App. This OEM agreement provides Catbird with a missing piece to the security puzzle as well as proving out VMware’s concept of virtualization security, that they should be the low level bits providing an API for higher level tools to use.

While looking on twitter this morning I discovered a tweet that pointed to the following article, which is relatively devoid of details but none-the-less extreme interesting to those who follow virtualization security: Fired techie created virtual chaos at pharma company. This article points out an external attack that lead to management access of a virtual environment. Now we do not know if the attack was using antiquated credentials or some other means. But what we do know is that VMs were deleted by an external source that used to be a former employee. Hoax or not, this is a very serious issue brought to light.

On the 7/28 Virtualization Security Podcast, we were joined by Robert Martin of Mitre to discuss Mitre’s new CWE, CWSS, and CWRAF tools to aid in software and system security evaluation. We put a decidedly cloud based discussion around these tools to determine how they would be used by those that program within a PaaS environment, make use of SaaS, or other cloud services.