I had a debate with a fellow technologist at Dell EMC World this year about whether the cloud is more secure than any given data center not used by a cloud provider. The argument put forth was that cloud service providers often have better security controls in place, they can auto-patch systems, etc. All in all, it is a valid argument. However, if I as the tenant cannot prove that security, then whatever the cloud does is not necessarily good enough. With the infrastructure of seventy-four countries impacted by the latest ransomware attack, this debate is placed in stark contrast to reality. Were it not for one researcher, the spread might have been worse. At the moment, the only solution for preventing such widespread ransomware is to upgrade and patch. This does not validate the argument that the cloud will patch for you. It does not do so for many Windows systems (depending on the cloud).
Articles Tagged with Cloud Security
After months of feedback and just in time for RSA 2016, I have finally finished the second version of my Secure Hybrid Cloud Reference Architecture. There are some differences between the previous version and V2, but nothing major, as we are talking mostly about semantic changes. However, we did expand storage, add in SaaS-based clouds, and rework all of the diagrams to account for distributed firewalls. Yet, the semantic changes are pretty robust, as they reflect the modern mindset with respect to the secure hybrid cloud. Those changes alone are worth considering.
It is that time of year again, when we look to buying gifts online and offline for family, friends, and associates. When holiday cheer imbues us with brotherly love—well, at least most folks feel that way. There is, however, a group of folks waiting for mistakes to be made so they can capitalize on them. Mike Foley is a senior technical marketing manager at VMware, where he focuses on vSphere security. He and I recently discussed how you, as a consumer, can protect your family, money, and self from digital and other thieves.
On the December 18 Virtualization Security Podcast, we were joined by Rafal Los (@Wh1t3Rabbit) to discuss whether it is time for CISOs to move on. Should CISOs start to look beyond simply the problems at hand? Should they drive security into all decisions made at the business and architecture levels? The discussion was mixed, to say the least.
There are two distinct points of view when discussing cloud security: the tenant’s point of view, and the cloud service provider’s point of view. Both of these points of view are legitimate, but often one is confused for the other, as we discuss our points of view without really clarifying. However, within each of these points of view are two distinctly different approaches to cloud security.
It is that time of year again, when we see all the new toys, tools, ideas, and processes that make up the show called VMworld. This year, quite a few changes in virtualization security will be discussed by VMware and other organizations that work with virtual and cloud environments. One of the key messages will be that everyone needs to stop treating virtualization security as something unique and different. Instead of this type of treatment, we have been seeing the extension of existing tools and techniques into virtual and cloud environments. Virtualization and cloud security is a natural progression of all organizational security.