The Virtualization Practice

Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. ...
We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

Franken-Monitorsmall

In Beware of the Franken-Monitor, we explained how many enterprises ended up with Franken-Monitors and the dangers associated with assuming that the present state of management tools can make the transition into the software-defined data center (SDDC) and the cloud. In Getting Rid of Your Franken-Monitor, we explained how to use green-field islands to put in place new ecosystem-based management stacks with the intent of eventually retiring your legacy management stacks. In this post, we detail how one could deploy one example of such an ecosystem of tools based upon Splunk and the vendors that comprise its ecosystem.

Hytrust100x30

We have written before about HyTrust and its growing ecosystem of partners, but now HyTrust has acquired HighCloud Security, a provider of encryption and key management for the virtual and IaaS environments. HyTrust provides control and visibility into actions by virtualization administrators within a VMware vSphere or vCloud environment. With the acquisition of HighCloud Security, HyTrust now adds data privacy to its suite of tools. Initially, HighCloud Security’s encryption and key management will be separate products, but there are many ways in which the technologies can be combined. The purchase changes HyTrust’s unique stance in the industry.

In the past we have discussed the various aspects of the secure hybrid cloud, ranging from the data center through a transition stage and finally to and from the cloud. Unfortunately, picking just one security solution, or even one family of solutions, does not work, so we need to start thinking outside the box and pick the best based on our needs, which cover compliance as well as security. So how do we pick a security solution based on our needs?

When we look at the Secure Hybrid Cloud, we notice a few things immediately, such as the need to look at how the data is moving, where the users are going, and the fact that they may never touch the data center component of the cloud at all. Our worldview has to change to be more user-, app-, and data-centric. Hybrid cloud security fails if we continue to consider our data center protections enough, as the bastions have moved and we may not know how that happened.

Hytrust100x30

HyTrust released their version 3.5 of their virtualization security proxy and compliance tool. This tool is core to a growing ecosystem of partners and systems. HyTrust has also expanded its role within the Secure Hybrid Cloud by covering more of what is traditionally part of the data center. HyTrust is a proxy that sits between an administrator and sensitive systems by providing advanced role based access controls but also advanced logging. With HyTrust fronting your VMware vSphere environment, HP ILO, Cisco UCS UIM, Nexus Switches, administrators gain a fine grain level of control over actions, improved logging in these environments, and the ability to vault critical passwords.

VirtualizationSecurity

Passwords are dead or dying: According to Google security executive Heather Adkins, Passwords are dead for Google and warned that any startups that will rely on passwords are going to be dead in the water. Heather Adkins did not offer any real specifics on how Google is going to innovate tomorrow’s security but did hint that Google is experimenting with hardware-based tokens as well as something that Motorola has created that authenticated users by having them touch a device to something embedded.

VirtualizationSecurity

I came away from HP Protect 2013 wondering if current security sold by the traditional security players will actually scale to the hybrid cloud? Are these security tools still system-centric or are they moving to data-, user-, and app-centric? I feel that this move has started but has far to go. I do not think many of the current batch of traditional security services implemented in data centers today can scale properly.

VirtualizationSecurity

While at VMworld 2013, I started to ask 5 security questions that have been bothering me for some time now. Some of these questions apparently have no answers currently and others only have operational answers, no technology. Security of a secure hybrid cloud is a mix of procedures, policies, operations, and technology. These questions are about various aspects of virtual and cloud environments that have been nagging at me for some time now as well as problems I have faced managing our own cloud instances. Perhaps you have questions you would like to add to the list, if so please share.