The Virtualization Practice

Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. ...
We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

HyTrust has announced Series B Financing in the amount of $10.5 Million with participation from Cisco, Granite Ventures as well as existing investors Trident Capital and Epic Ventures. This is very good news for HyTrust. While the Series B Funding was not much of a surprise given that HyTrust fits into the Virtualizaiton Security within its own niche. What is surprising is that Cisco is one of the backers of this innovative product.

When I first interviewed Reflex System’s CEO he had a desire for the vTrustTM VMsafe-Net driver be the defacto standard for all such VMsafe-Net drivers. While others may not agree with this desire and will create their own VMsafe-Net drivers, TippingPoint is the first to integrate into Reflex’s VMC product to leverage the vTrust VMsafe-Net Driver and puts Reflex System’s on the second step of the path for vTrustTM to be the defacto standard. At the same time TippingPoint adds an Intrusion Protection System to the Reflex System VMC family of products with Tipping Point vController.

Rethinking vNetwork Security

Brad Hedlund of Cisco asked the question, should the physical network security policy be different than the virtual network security policy? The answer is obviously no, but why are they treated separately? I and other have pushed the concept that to gain performance, redundancy, and security that you should use multiple network links to your virtualization host to separate traffic. However, does this really give you security?

There are two key features missing from Virtualization and Cloud Computing. Those are auditing and forensics. The A6 project aims to fix this problem for auditing, but there is only some research into forensics. The issue is about discovering who did what when, where, how, and hopefully why. Auditing plays into this for Compliancy but also for forensics. Forensics has two major components in its arsenal: Audit Trails, and Disk Images.

I was privileged to speak at the 3rd Annual South Florida ISACA WoW! Event with Robert Stroud, Alan Shimel, and other great speakers. What I discovered from this conference is something I have feared for quite a number of years. Compliance actions are not continuous but often only enacted when the auditor shows up at the door. Secondly, very few auditors raised their hand when I asked if they are working with Virtualization or have customers that virtualize, this was quite a surprise.