I just finished reading, yet another Multi-Tenancy Design/Overview that claims to be secure or trusted. While I will agree that this particular design does cover Availability and some GRC (Governance, Regulatory, and Compliance) it is severely lacking in Integrity and Confidentiality. The design even went as far as saying the cloud/virtual administrator requires “COMPLETE VISIBILITY.” I was really taken aback by those words. Why does an administrator need ‘COMPLETE VISIBILITY?’ Which leads me to the question is Integrity and Confidentiality possible within any cloud or virtual environment? Or is it purely based on TRUST?
If so this is an appalling state of virtual and cloud environment security.
Java based applications can now be moved between not only a SpringSource TC-Server Java platform on VMware vSphere, but also between the same platform on VMForce, and now Google AppEngine. This level of support from VMware, Salesforce.com, and now Google is starting to make SpringSource look like the early leading technology for PaaS Clouds. This is a significant advance in the state of PaaS clouds as there were previously no examples that offered such broad support for one platform by such a diverse set of industry leaders. However as is always the case, platform advances have outstripped security, management and performance assurance capabilities.
Citrix Synergy 2015 wraps up in Orlando today, and the announcements and sentiment at Synergy make it clear that Citrix is repositioning itself as the market leader for application and desktop virtualization. No way, no how is Citrix going to accept status quo in the virtualization space.
One of the decisions faced by anyone that wishes to have a cloud presence is what will be moved to the cloud, why, and whether or not there is a service that can be used instead of using virtual machines. Give The Virtualization Practice’s case, we plan on moving our customer facing VMs to the cloud, but what are those machines? The most important are a Web Server with a split LAMP stack, a Mail Server, and DNS.
Symantec and others are providing more products that fill the gaps in current End-to-End Hybrid Cloud Security. These solutions range to improved log analysis through multi-layer security for critical systems. If these solutions are rolled out would we finally have secure environments? Would we be approaching the dream of secure multi-tenancy? But first what are the products that have come to light?
On 9/22 was held the Virtualization Security Podcast featuring Anil Karmel, Solutions Architect at Los Alamos National Library (LANL), to discuss their implementation of secure multi-tenant Cloud. LANL makes extensive use of the entire VMware product suite from vCloud Director down to the vShield components to implement their SMT cloud. They have also added into their cloud their own intellectual property to improve overall cloud security. It was a very interesting conversation about the state of SMT today.