The Virtualization Practice

Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. ...
We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

In the past we have discussed the various aspects of the secure hybrid cloud, ranging from the data center through a transition stage and finally to and from the cloud. Unfortunately, picking just one security solution, or even one family of solutions, does not work, so we need to start thinking outside the box and pick the best based on our needs, which cover compliance as well as security. So how do we pick a security solution based on our needs?

When we look at the Secure Hybrid Cloud, we notice a few things immediately, such as the need to look at how the data is moving, where the users are going, and the fact that they may never touch the data center component of the cloud at all. Our worldview has to change to be more user-, app-, and data-centric. Hybrid cloud security fails if we continue to consider our data center protections enough, as the bastions have moved and we may not know how that happened.

Hytrust100x30

HyTrust released their version 3.5 of their virtualization security proxy and compliance tool. This tool is core to a growing ecosystem of partners and systems. HyTrust has also expanded its role within the Secure Hybrid Cloud by covering more of what is traditionally part of the data center. HyTrust is a proxy that sits between an administrator and sensitive systems by providing advanced role based access controls but also advanced logging. With HyTrust fronting your VMware vSphere environment, HP ILO, Cisco UCS UIM, Nexus Switches, administrators gain a fine grain level of control over actions, improved logging in these environments, and the ability to vault critical passwords.

VirtualizationSecurity

Passwords are dead or dying: According to Google security executive Heather Adkins, Passwords are dead for Google and warned that any startups that will rely on passwords are going to be dead in the water. Heather Adkins did not offer any real specifics on how Google is going to innovate tomorrow’s security but did hint that Google is experimenting with hardware-based tokens as well as something that Motorola has created that authenticated users by having them touch a device to something embedded.

VirtualizationSecurity

I came away from HP Protect 2013 wondering if current security sold by the traditional security players will actually scale to the hybrid cloud? Are these security tools still system-centric or are they moving to data-, user-, and app-centric? I feel that this move has started but has far to go. I do not think many of the current batch of traditional security services implemented in data centers today can scale properly.

VirtualizationSecurity

While at VMworld 2013, I started to ask 5 security questions that have been bothering me for some time now. Some of these questions apparently have no answers currently and others only have operational answers, no technology. Security of a secure hybrid cloud is a mix of procedures, policies, operations, and technology. These questions are about various aspects of virtual and cloud environments that have been nagging at me for some time now as well as problems I have faced managing our own cloud instances. Perhaps you have questions you would like to add to the list, if so please share.

VirtualizationSecurity

On the 9/5 Virtualization Security Podcast we discussed Hyper-V Security and were joined by Alex Kibkalo, a former senior architect at Microsoft who works as a Director of Product Management in 5nine Software. 5nine Software has developed the first introspective virtualization security device for Hyper-V and is a very large step forward. Introspective security has been missing from Hyper-V for a number of years, while it was possible to implement, the market has been so small that is was not feasible until now. Which implies Hyper-V is gaining adherents so has a need for better security measures.

DataCenterVirtualization

In order to sell the Software Defined Data Center, VMware needs to prove that it delivers a hard dollar ROI to the customers of the Software Defined Data Center. Commoditizing the expensive networking hardware business and commoditizing the expensive storage hardware business are two excellent ways for VMware to deliver that hard dollar ROI, and for VMware to be able to justify its price premium over competitive offerings.

VMworld2013.150px

At VMworld 2013 and on the Virtualization Security Podcast there were many conversations about VMware NSX. These conversations ranged from how will we implement this new technology to security, scale, and other technical questions. In addition, NSX and what was needed to make it a reality may be the answer to a nagging security question. Brad Hedlund, from the VMware NSX team, joined the Virtualization Security Podcast to share with us some of the details around VMware NSX prior to the podcast.