Security is not compliance and compliance will not get you security. At least that is what I hear from security teams. Conversations with security focal team members from non-security focal people can be quite interesting and has its unique challenges and hurtles to overcome. You can find yourself speaking the same language but not fully understanding each other very well at all. One topic point of discussion is that “security is not compliance and compliance will not get you security.” Or does it? Continue reading Security is not compliance and compliance will not get you security. Or does it?
End User Computing security seems to be in the hands of the users not actually the IT Security department. At least not yet. So what can we do about this? IT security can be draconian and not allow EUC devices into the office, but the users will be up in arms. They use their smart phones, tablets, laptops, and services on their desktops to get their job done. Draconian IT security measures will hamper timely completion of critical projects, deals, and workplace moral, thereby impacting the bottom line. However, the bottom line will be impacted just as heavily by the lack of security by the end user devices. So how can we alleviate this problem? Continue reading Training and More Training for EUC Security
- VMware announced the intention to become a hypervisor only company, and announced therefore that they were shedding all non-core assets including the end user/mobile division, the hybrid cloud division, and the management software division.
- Intel announced that they will implement the hypervisor in the next generation of their X86 server platform chips, making software hypervisors completely unnecessary. Intel further announced that the Atom chip is its future strategic chip architecture
- Dell announced that they have ported the now unnecessary VMware hypervisor to the Atom chipset and will be using this chipset in all future desktop, server, laptop, tablet and phone offerings
- Microsoft announced that it is abandoning Windows, will adopt open source Ubuntu as its strategic operating system, will cease all further development on Windows, will port all products and services that used to only run on Windows to Ubuntu and will adopt the open source KVM hypervisor as its future virtualization layer.
- EMC announced that “the day of storage virtualization is here”. EMC further announced that it was abandoning its hardware storage business and would now only sell storage virtualization software at a price of $1 per terabyte per year.
- The US Federal Government announced that due to its previous investment in legacy and now worthless IT hardware and software assets that it was declaring bankruptcy in order to remove these now worthless assets from its balance sheet. The US government further announced that it would be using Amazon EC2 for all future computing needs.
- Amazon announced that due to demand from the government for its services, it would no longer offer commercial customers any kind of an SLA.
- Amazon’s commercial customers cheered this move as recognition of the fact that Amazon’s SLA’s were worthless in the first place.
- CA, IBM, and BMC announced that they are finally abandoning their mainframe systems management software businesses to focus entirely upon Intel X86 based systems software just as Intel announced the move from X86 to Atom- ensuring another 20 year legacy systems management software revenue stream for CA, IBM and BMC.
- Adobe announced a digital signature program for PDF files ensuring that customers would never have to print a PDF, sign it, scan it and then email it again.
- HP announced that it was going to go “back to its roots” and become just a vendor of printers. HP then announced that it was acquiring Adobe so that it could become the market leader in the printing of the PDF files that Adobe just said would never have to be printed again.
- Bill Gates fired Steve Ballmer as the CEO of Microsoft and replaced Steve with himself in this role. Gates then decided to focus Microsoft entirely upon improving the primary and secondary educational system in America and told every Microsoft employee to get a job as a teacher or else they would not get paid.
- Steve Ballmer decided to start a new professional sports league focused upon the throwing of chairs.
- Veeam announced that it has backed up all of the data in the world, making further backups of any other data unnecessary.
- Splunk announced that it has indexed all of the data in the world that Veeam backed up and announced that its future business model was a fee of $1 for each query against that database.
- Google announced that it now knows everything about every person in the world that it needs to know. Google further announced that it would open source this data store so that no one could accuse Google of “doing evil”.
- Paul Maritz’s new company, The Pivotal Initiative announced a point and click application development interface that allows any code monkey anywhere in the world to develop any desired big data application against the respective data stores of Veeam, Splunk and Google in less than one hour.
- Cisco announced that it was abandoning the switch hardware and router hardware businesses and would now be only a vendor of software defined switches and routers at a cost of $1 per software switch and router port per year.
- New Relic announced that it was changing its name to Byru, an anagram of Ruby which replaces New Relic which is an anagram of Lew Cirne the founder of New Relic. The company stated that this new name was designed to broaden the appeal of the company beyond the initial 36,000 customers who are personal fans of Lew Cirne.
- AppDynamics announced that it was changing its name of StaticApps, because it has discovered that moving applications around hurts their response time and performance.
- VMTurbo announced that it has exhumed the body of Milton Friedman, put his brain through a CAT scan, and discovered an algorithm that perfectly allocates IT resources to their highest and best uses across all customers and providers in the world based upon global supply and demand curves.
- SolarWinds announced that they were changing the name of the company to MoonWinds, because there are no winds on the moon, in the hope of eliminating all of the barriers to the sale of their products.
- ManageEngine announced that they were exiting the business of managing computer systems so as to focus fully on the brand equity of the “Engine” in their product name. The new company will be called CarEngine, and will allow you to manage the engine of your car from your smartphone.
- AppSense announced that having virtualized the user, that the next frontier was to virtualize the significant others of every user in their installed base. However AppSense discovered that abstracting users from each other did not generate any revenue other than in the case of impending divorces, which turned AppSense into a law firm that advertises on television.
- All of the software start-ups in Silicon Valley who did not want to own servers decided to buy coffee makers with Intel X86 processors, creating a “shadow IT” server infrastructure in these software start ups.
- IBM, CA and BMC announced a growth strategy of managing these new farms of X86 server based coffee makers.
April Fools 2013. Nothing in this post is true. If anything in this post becomes true then we are all fools for not foreseeing it.
The 3/21 Virtualization Security podcast featured @MrsYisWhy who is a recovering Unix engineer most recently assigned to the network security team of financial services provider. She also hosts a podcast called Healthy Paranoia, a security feed of Packet Pushers. I asked @MrsYisWhy to join the podcast as she is from the other side of the world from virtualization and cloud security folks and has quite a different view. The rent we saw being sewn up is now a vast divide as we jump feet first into Cloud deployments, virtualization business critical workloads, and generally using more and more virtualization and cloud in our daily lives. Continue reading The Growing Divide between Security and Virtualization (Cloud)
The Public Cloud Reality around support responsibility is not something often considered, instead we are looking at SLAs, legal documents, compliance documents, and many other items. Do we consider who is ultimately responsible when something goes wrong within the cloud? Is your Cloud provider a full partner or do they limit themselves to a small subset of the implementation? Do they have 24/7 support will be covered by the SLA, but what type of support? How qualified are the clouds support teams to help you with your application’s problems? Who is responsible? Continue reading Public Cloud Reality: Support Responsibility
Just entered my mailbox, there is a new rev of the vSphere 5.1 hardening guide which was spoken about on the last Virtualization Security Podcast. This version of the hardening guide adds a much needed new feature: Profiles. Profiles define the level of security requirements based on small and medium business, enterprises, and government agencies. There is a public review for the guide over the next two weeks, so if you want to comment or read the latest draft of the vSphere hardening guide please visit http://communities.vmware.com/docs/DOC-22783. Continue reading News: Public Comment for VMware Hardening Guide