When you read many blogs and articles on cloud security, writers such as myself often mention jurisdictional issues as a big problem. Nor is the ability to Audit clouds the only problem. Yet both of these are huge issues for clouds today, but fundamentally, is the cloud flawed from a security point of view or are there plenty of security mechanisms available?
The answer is to dramatically narrow the scope and set of enforcement actions for SOPA and PIPA so that they target just offshore sites engaged in large scale commercial piracy and so that the existing safe harbor for sites that take content from users is both maintained and formally recognized as an exception to the scope of SOPA and PIPA. This will ensure that law enforcement can go after the really bad actors, and that the many good and useful sites and are the basis of the “good Internet” are not collateral damage in these enforcement efforts.
I was discussing yesterday how to use virtualization and cloud performance management tools as an early warning system for security issues. I have touched on use of New Relic, VMware vFabric APM, Quest vFoglight, and other tools that can make up such a early warning system before, but without the proper process in place, the tools will not be good enough.
At the end of last year and the beginning of this year the Virtualization Security Podcast featured two very different guest panelists to discuss cloud security, policy, and compliance: Phil Cox, Director of Security and Compliance at RightScale, joined us for the last podcast in 2011 and the George Gerchow of VMware’s Policy and Compliance Group, joined us for the first podcast of 2012. We asked is the public cloud ready for mission critical applications. The answer was surprising. Have a listen and let us know your thoughts.
Data Protection techniques should be implemented and tested long before they are needed. This is a necessary component of any IT organization. However, the most recent communities podcast brought to light several implementation aspects of Data Protection, specifically about Disaster Recovery: organizations still do not test their DR plans and organizations are waiting for a hardware refresh to implement a DR plan.
Christmas is over and New Years is on its way. A time to make resolutions and see the year complete. A time to review what is old and plan for the future. This is a perfect time to review your defense in depth and look to see if there are security additions needed in 2012. So what cloud and virtualization security New Years resolutions should I make for 2012?
While the legacy enterprise management vendors might like to think of themselves as the Borg (prepare to be assimilated – there is no escape), the new technical requirements and the new buying patterns in the virtualization market do not lend themselves to a repeat of history. Legacy management vendors are unlikely to be able to acquire themselves into this market because their core platforms and business models do not work with the customers who are running virtualized environments and buying management solutions. So to my good friend Andi Mann, I respectfully disagree.
There needs to be better Data Loss Prevention applied to Social Media than there exists today and how that will be applied globally is a huge issue. But it is a growing trend. I see on twitter from those I know many things that should not appear: from the discussion of internal only intellectual property to locations sent to 4 square. Add into this, the myriad forms of ‘U There’ requests. It is so easy to tell people anything on twitter, that it also becomes a problem with telling people too much even in 146 characters. Yet, I also see the same when using text messages, chat, and other technologies. So what is the solution?
VMware has had a great 2011. Product execution was excellent on all fronts except for VMware View where there are also larger strategy issues afoot. VMware is and likely will remain next year not only the most important, but the best system software vendor on the planet. We can only look forward to continued progress with vSphere, the management offerings, and the applications platform offerings.