All posts by Edward Haletky

Edward L. Haletky, aka Texiwill, is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization. [All Papers/Publications...]

Copy Data vs. Data Protection

VirtualizationBackupCopy data software is becoming much more prevalent and could be a replacement for many data protection products. But is it? Do copy data solutions provide data protection or just movement of data around the cloud? That is really the crux of the discussion. Is having multiple copies of data out in the cloud sufficient for data protection, or do we need more?

Continue reading Copy Data vs. Data Protection

On Web Scale

agilecloudRunning a secure hybrid cloud with an on-premises 100% virtualized environment does not make one ready for web scale. Nor does using a hyperconverged infrastructure (HCI). Even if the hybrid cloud is IaaS, we are still talking about something that needs to scale to billions of transactions per day. Web scale, to me, is billions of queries and transactions. That scale is not seen by many applications. Nearly every cloud service is web scale, as cloud services do hit those numbers; however, individual tenants may not be.

Continue reading On Web Scale

In Search of Breach and Security Reports

VirtualizationSecurityPart of  a security professional’s job is to do research on possible breaches and attacks. Some try to do this in a vacuum, others share data and information, and still others read reports generated by companies in the know. The granddaddy of such reports is the Verizon DBIR. Where are the reports related to our industries? Do they exist? What other reports exist?

Continue reading In Search of Breach and Security Reports

Security Training Is BS

VirtualizationSecurityHow many of you went through your security awareness training for the year? Did it consist of a simple slide show with a quiz at the end—a slide show that covered not even a tenth of your full security requirements and was about as memorable as the rock you went by this morning? Yes, you passed the quiz (as they gave you the slide deck to review); now you are done with security training for the year. This approach to security training is a load of fecal matter, a useless waste of time that teaches no one anything. It is time for a change!

Continue reading Security Training Is BS

Model for Securely Moving to the Cloud

CloudComputingAt InfoSec World 2016 in Orlando, I will be speaking on a model for securely moving to or developing for the cloud. A good model tells you not only what to consider when developing for the cloud, but also what surrounds that application. Knowing what surrounds the application is often required when moving to the cloud. As such, we combine them into one model that covers the basics necessary for a secure cloud deployment of any application.

Continue reading Model for Securely Moving to the Cloud

Secure Agile Cloud Development

agilecloudA secure agile cloud development procedure to produce cloud-native and other applications starts first with a process. (See video at end of this article for a secure process.) This process defines how code created by a developer eventually makes it through to production and customer use. I have found that many companies do not even have such a process, or they have a very short process that primarily comprises the developers doing everything, including testing and security bits within their own little worlds. Since the same developer who wrote the code is testing and performing security, there are not enough eyes on the code to see all potential attacks.
Continue reading Secure Agile Cloud Development