The Virtualization Practice

Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. ...
We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

Splunk100x30

Splunk is well known for analyzing data in large volumes either within a local Splunk installation or within the Splunk Storm their cloud service. However, there has been a general lack of security related capability within both these tools. Yes they can correlate some security data, but requires a bit of hands on work to make happen. This has changed with the introduction of Splunk App for Enterprise Security v2.4. They now have some very powerful out of the box analysis for enterprise security and one that could solve a growing issue outlined within the latest Verizon Breach Report: the time it takes to determine a breach actually happened.

DesktopVirtualization

There was recently a rather heated twitter discussion between @Guisebule, @VirtualTal, and @Texiwill (myself) about using virtual desktops as a part of cyber defense. While this could be true, there is a need to ensure you know where your virtual desktop(s) start and end, not only within the network, but your applications in use. In addition, it is very important to fully understand the scope of a virtual desktop architecture as well as use.

DataCenterVirtualization

A VMware win against Microsoft simply requires VMware to turn the pricing tables on Microsoft, and to leverage its highly differentiating functionality in its Software Defined Data Center strategy. VMware could re-establish technical dominance in the data center virtualization space as early as the end of this year by leveraging its software defined networking, software defined storage, and management software assets.

DesktopVirtualization

Data Protection and patch management of virtual desktops, while not a sexy topic, is one that should happen on a regular basis within any organization implementing or working to implement virtual desktops. Recently, we have been testing virtual desktop software and there is a huge difference between patching and protecting data in a small number of instances and 1000s of instances. There are scale considerations as well as ease of use for file level and system recovery as well as issues with patching virtual desktops (not to mention other security issues).

VirtualizationSecurity

There is a dilemma for all tenants of a public or private cloud: Scope. For the tenant, they want everything to be in scope. For the Cloud Service Provider (CSP) they want to limit scope to the bare minimum. What does it mean for a Cloud to be ‘PCI Compliant’ and why is this a requirement for some tenants. The real issue, is what is in scope for PCI-DSS while your data is in the cloud and how can you as the tenant meet those requirements.

Virtustream100x30

On the 4/4 Virtualization Security Podcast, Pete Nicoletti, the chief information security officer for Virtustream, joined us to discuss how VirtuStream does cloud security. VirtuStream runs some of, if not the largest SAP installations in the cloud for very large enterprises around the world. The key to VirtuStream is that they are an Enterprise Cloud that looks at everything from the Enterprise perspective, whether that is billing or security. For security, they have implemented many changes required by their customers and allowed the end-enterprise to dial that security to 11 if necessary. But what does VirtuStream do that is different from all others?

CloudComputing

There have been a spate of press releases and news in and around the industry over the last few weeks that bear further consideration. They could actually solve some of your current cloud and virtual environment issues while opening new doors for future expansion. As an architect and analyst I find these technology very interesting for their possible impact of the future of virtual and cloud environment not to mention data center designs.

ITasaService

The software defined data center has the potential to expand the control plane well outside of anyone’s control by the simple fact that we do not yet have a unified control mechanism for disparate hardware (networking, storage, and compute), for disparate hypervisors (vSphere, KVM, Xen, Hyper-V), new types of hypervisors (storage and networking), and new ideas at managing SDDC at scale.

VirtualizationSecurity

Security is not compliance and compliance will not get you security. At least that is what I hear from security teams. Conversations with security focal team members from non-security focal people can be quite interesting and has its unique challenges and hurtles to overcome. You can find yourself speaking the same language but not fully understanding each other very well at all. One topic point of discussion is that “security is not compliance and compliance will not get you security.” Or does it?