All posts by Edward Haletky

Edward L. Haletky, aka Texiwill, is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization. [All Papers/Publications...]

Secure Agile Cloud Development

agilecloudA secure agile cloud development procedure to produce cloud-native and other applications starts first with a process. (See video at end of this article for a secure process.) This process defines how code created by a developer eventually makes it through to production and customer use. I have found that many companies do not even have such a process, or they have a very short process that primarily comprises the developers doing everything, including testing and security bits within their own little worlds. Since the same developer who wrote the code is testing and performing security, there are not enough eyes on the code to see all potential attacks.
Continue reading Secure Agile Cloud Development

Observability, Repeatability, and Visibility

PerformanceManagementEveryone wants visibility into their hybrid cloud of all resources and subsystems. We have expounded upon this need over the years as well as on how to gain some level of visibility. The tools exist, as do the methodologies. What we need now is better observability. Visibility is inherent in many tools today, but observability is not. There is one observed basis in every tool to the visible data; we need to go past that to gain better insights.

Continue reading Observability, Repeatability, and Visibility

Failure of Imagination

BusinessAgilityAfter the Apollo 1 disaster, astronaut Frank Borman told Congress that the tragedy had not been caused by any one company or organization, but by the entirety of all those involved with the Mercury, Gemini, and Apollo missions. The problem had been a failure of imagination. They knew that at some point there would be a fire in a space capsule. However, they assumed it would take place in space somewhere. They just did not think about the possibility of fire while the capsule was still on earth. We call this failure of imagination “unknown unknowns” within the security world, but it boils down to the same thing. We just do not think about some things. Even with all the tools out there to help us, we have failures of imagination. Continue reading Failure of Imagination

Security in 2016: About the Person

VirtualizationSecurityIn the new year, security is going to move from the organization itself to protecting the individuals who make up the organization. Or more to the point, educating the individual as consumers about operational security with an eye toward family, finances, and self. Without this focus, breaches will continue and become worse before they become better. While governments try to ensure privacy while protecting the country from outside attack, it behooves the individual to protect their family, finances, and self. Without this security, privacy does not truly exist. In World War II, one catchphrase was “loose lips sink ships.” It is as apropos today as it was back then.

Continue reading Security in 2016: About the Person

Next-Generation Private Cloud

BusinessAgilityA new generation of private cloud environments is being created now, ones where all the management is done via SaaS. This way, the heavy lifting is done by others, and you inherit an IT as a Service environment ready for you to add new workloads without worrying too much about upgrades, management constructs, or even, in some cases, security controls. It is all done for you. For many companies, this is one way to transform to an on-premises cloud and then to a hybrid cloud. There is a growing list of players; however, the first out the door are ZeroStack, Platform9, and SkySecure from Skyport Systems.

Continue reading Next-Generation Private Cloud

Necessary and Sufficient for 100% Public Cloud

BusinessAgilityWhen we talk about transforming to the cloud, we often talk about hybrid cloud and what it will take to transition to it, leaving discussions about 100% cloud usage purely to the new startup (greenfield) organizations. What is needed to move 100% off-premises to a public cloud? What is sufficient, what is necessary, and what is the required last mile of this effort? I recently spoke to @AndiMann about concepts of what is necessary and sufficient.  Andi brought up some great points I would like to share over a series of articles.

Continue reading Necessary and Sufficient for 100% Public Cloud