The 6/30 Virtualization Security Podcast with Simon Crosby Founder and CEO of Bromium started with a discussion of SaaS security but soon went to a discussion of Data Security. Simon left Citrix not to long ago to form a new company, Bromium, to seriously look into how the hypervisor itself can provide better security for data manipulations than it does today. But first we started off with SaaS and how you can Identify the user within a cloud.
• • 1 Comment
As a delegate for Tech Field Day 6 in Boston, I was introduced to many third party management tools. In the past I have been given briefings as well on various VMware, Hyper-V, and Citrix Xen Management Tools as well. Many of these tools are marketed directly for use by the administrator, but they have the tools can be used by more than the administrator. These tools should be marketed to management, administrators, as well as the network operations center (NOC). We need tools that perform continual monitoring and auditing so that we can know as soon as possible when a problem occurs.
The 6/16 Virtualization Security Podcast started as a twitter conversation with a comment about PaaS Security where James Urquhart, Krishnan Subramanian, Rich Miller, and myself went back and forth about PaaS security and the role of the developer. It was not quite a DevOps conversation but pretty close. Rich could not join us on this Podcast but hopefully will make a future one. PaaS security appears to be dependent on two things, the provider’s security, and how it is used.
• • 1 Comment
As a delegate for Tech Field Day 6 in Boston, I was introduced to VMware’s Mobile Virtual Platform (MVP) which allows you to have a single hardened VM running within, currently, very few Android-based devices as such requires a version of Android from VMware for the virtual machine aspect of MVP. The first version of MVP has several interesting security features as well s security issues as you move forward. Given the current spat of Android based malware, it is important to consider the security features of any new product whether it is a version 1.0 or not. Even with these issues, MVP has some very interesting uses outside the realm of a mobile phone platform. I can see this being used on tablets as a way to get a corporate VM.
• • 6 Comments
As a delegate for Tech Field Day 6 in Boston, I was introduced to several virtualization and performance management tools from vKernel, NetApp, Solarwinds, Embotics, and a company still in stealth mode. With all these tools and products I noticed that each were not integrated into the roles and permissions of the underlying hypervisor management servers such as VMware vCenter, Citrix XenConsole, or Microsoft System Center. This lack of integration implies that a user with one set of authorizations just needs to switch tools to gain a greater or even lesser set of authorizations. This is not a good security posture and in fact could devolve any security to non-existent.
Since Juniper bought Altor Networks, there has been steady progress to use Altor VF3 (now Juniper vGW, pronounced vee-Gee-W) as a way to extend the functionality of the Juniper SRX Series of Service Gateways into the virtual and cloud environments. Juniper is focusing on the entire security stack from the endpoint to the hypervisor, vGW offers one component of that entire picture. Another component is the Junos Pulse Mobile Security Suite which provides Security as a Service for mobile devices. These two components alone are a very powerful set of tools for any Enterprise. When you add in the other components it is a compelling story from network security perspective.
On the 6/2 Virtualization Security Podcast, Rich Mogull, an analyst for Securosis, joined us to discuss his work with the Cloud Security Alliance (CSA) to develop the two day course called the Certificate of Cloud Security Knowledge (CCSK). While this course is not about learning all the intricacies of cloud security it is about providing a level set of knowledge required to even begin to talk about cloud security.
NYSE Technologies is providing the very first special purpose financial cloud based on VMware and EMC technology to provide new business models where NYSE Technologies provides the plumbing for global capital markets and business agility at lower costs; encouraging brokers, and other financial institutions to build applications and test algorithms within the Capital Markets Community Platform.
There are several new products in the virtualization and cloud security spaces from PacketMotion, MicroSolved, and LynuxWorks. Each of these companies approach virtualization security from uniquely different ways. Unlike the current set we know and use, these tools could be considered adjuncts for general use, or perhaps specific use cases. All provide additions to the End-to-End virtualization security.