WikiLeaks is the most serious social and political event of the emerging Cloud. It has remained alive through a “do-it-yourself” approach as the commercial Cloud was denied to it. When the dust settles, the Cloud may well emerge different, with the rights/obligations of Cloud Services providers clarified.
• • 3 Comments
I have been thinking about blades and virtualization security for some time spurred on by a conversation with Brad Hedlund six months ago. Nearly all my customers use Blades and virtualization security is a big concern to them. In my Rethinking vNetwork Security article, I touched on some of the issues in response to Brad’s comments a while back. I would like to now expand that discussion to blades.
There are three sets of blade enclosures I would like to discuss, those that use pass thru networking, those that use standard switching fabric within the enclosures, and those that use flexible interconnects such as HP Flex-10 and Cisco Palo adapters. The last is the so called physical-virtual network device.
• • 2 Comments
In the last Virtualization Security podcast on 12/2 we had with us members of the PCI DSS Virtualization Special Interest Group (SIG). Kurt Roemer of Citrix and Hemma Prafullchandra of HyTrust joined us to discuss the differences to the PCI DSS 2.0 with respect to virtualization. In essence, PCI DSS explicitly calls out the need to bring virtualization, people, and processes in scope.
As we discussed in a previous article, the PCI DSS 2.0 does not state exactly what needs to be assessed within the virtual environment, or even what part of the virtual environment is a concern of each aspect of the PCI DSS. What the PCI DSS 2.0 does do is change the language, however subtle, that technologies employing shared resources are now acceptable.
The Virtualization Security Podcast on 11/2 was quite a change from our normal podcast. Instead of featuring a vendor as a guest panelist, Gurusimran S Khalsa (known as GS) joined us. Our topic was getting started with virtualization security with a real world twist.
The PCI Security Standards Council published its latest PCI guidance in the form of PCI DSS 2.0, but quickly followed up with the document Navigating the PCI DSS v2.0. The Navigating document is very important to those who have virtual systems as it contains the basic guidance about virtualization while PCI DSS 2.0 does not provide anything specifically geared towards virtualization. However, there is an adjunct document that does layout PCIs thoughts on virtualization. This is stated within the Navigating the PCI DSS (v2.0) document.
I was invited to CSI 2010 this year to speak on the Low Hanging Fruit of Virtualizaiton Security. This presentation brought to light some simple to implement features that would give you the most security for what I consider very little cost or effort. These 7 items if implemented will improve the overall security of your virtual environment.
The Freemium sales model is a business model innovation best suited to inexpensive products that are very easily understood (and therefore not very new or very different) and that solve an obvious problem in a manner that is more convenient for the customer to acquire and implement. There are not many new virtualization and cloud technology companies who set out to produce undifferentiated products which suggests that a general application of the Freemium model to startups in our ecosystem is ill advised. Enterprise customers should pay great attention to products that are being marketing in this manner to ensure that they do not end up growing the use of something that was purchased in a tactical manner into a strategic use case.
Last week, there were several major virtualization security announcements, that taken singularly may only apply to the specific products, but taken together show the growth of the virtualization security ecosystem.
The Virtualization Security Podcast on 10/21 was the third in a series of Virtual Desktop Security discussions we are having. The special guest panelist was Chris Mayers of one of the Chief Security Architects for Citrix, the makers of XenServer, XenClient, and the FlexCast solutions. FlexCast provides an all encompassing method to provide virtual desktop and applications that include the following mechanisms:
Let us look at each of these mechanisms in a bit of detail then discuss how they work to provide Security and how to secure them.