The Virtualization Practice

Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. ...
We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

When we look at the secure hybrid cloud, the entry point to the hybrid cloud is the end user computing device, whether that device is a tablet, smart phone, desktop, laptop, google glass, watch, etc. We enter our hybrid cloud from this device. From there we spread out to other clouds within our control, clouds outside our control, or to data centers. How these devices authenticate and access the data within these various places within the hybrid cloud becomes a matter of great importance and has been a concentration for many companies. How we protect the data that ends up on the end user computing device is also of great importance.

Securing the Hybrid Cloud

The secure hybrid cloud encompasses a complex environment with a complex set of security requirements spanning the data center (or data closet), end user computing devices, and various cloud services. The entry point to the entire hybrid cloud is some form of End User Computing device whether that is a smart phone, tablet, laptop, or even a desktop computer. Once you enter the hybrid cloud, you may be taken to a cloud service or to your data center. The goal is to understand how the data flows through out this environment in order to properly secure it and therefore secure the hybrid cloud, but since it is a complex environment, we need a simpler way to view this environment.

VirtualizationSecurity

On the May 30th Virtualization Security Podcast, Michael Webster (@vcdxnz001) joined us Live from HP Discover to discuss what we found at the show and other similar tools around the industry. The big data security news was a loosely coupled product named HAVEn which is derived from several products: Hadoop, Autonomy, Vertica, Enterprise Security, and any number of Apps. HAVEn’s main goal is to provide a platform on top of which HP and others can produce big data applications using Autonomy for unstructured data, Vertica for structured data, Enterprise Security for data governance and hadoop. HP has already built several security tools upon HAVEn, and I expect more. Even so, HAVEn is not the only tools to provide this functionality, but it may be the only one to include data governance in from the beginning.

PerformanceManagement

VMware has announced its log management product – Log Insight. Log Insight is priced at $200 per monitored OS instance (per VM pricing) and is to be available in Q3 of this year. VMware’s own vSphere environment is the first targeted environment, and the first use caseis Operations Management. Right now this is clearly a 1.0 offering competing with a very mature Splunk Enterprise offering – but there are some very interesting short term and long term dynamics at play.

VirtualizationSecurity

I recently read the book Project Phoenix by Gene Kim, Kevin Behr, and George Spafford. If you are in development, IT, and Security it should be #1 on your reading list. In this book the authors discuss all the horrors we hear about in IT with a clear direction on how to fix them. There is politics, shadow IT, over zealous security professionals, over worked critical employees, lots of finger pointing. But there is a clear solution, at least as far as the story goes. We also know that DevOps works, most of the time.

VirtualizationSecurity

By far, the lowest hanging fruit of virtualization and cloud environment security is the segregation of your management control from your workloads. Separation of data and control planes have been recommended for everything from storage (EMC ViPR) up to the workloads running within virtual machines. The same holds true for cloud and virtual environment management tools, tasks, and functions. Up to now there have been very few choices in how such segregation could occur using properly placed firewalls or by using some form of proxy and the only proxy available was HyTrust. But this has changed. There are some other tools that will help with this segregation of data from control and do they give the level of auditing we require to solve the delegate user problem?

Splunk100x30

Splunk is well known for analyzing data in large volumes either within a local Splunk installation or within the Splunk Storm their cloud service. However, there has been a general lack of security related capability within both these tools. Yes they can correlate some security data, but requires a bit of hands on work to make happen. This has changed with the introduction of Splunk App for Enterprise Security v2.4. They now have some very powerful out of the box analysis for enterprise security and one that could solve a growing issue outlined within the latest Verizon Breach Report: the time it takes to determine a breach actually happened.

DesktopVirtualization

There was recently a rather heated twitter discussion between @Guisebule, @VirtualTal, and @Texiwill (myself) about using virtual desktops as a part of cyber defense. While this could be true, there is a need to ensure you know where your virtual desktop(s) start and end, not only within the network, but your applications in use. In addition, it is very important to fully understand the scope of a virtual desktop architecture as well as use.