After months of feedback and just in time for RSA 2016, I have finally finished the second version of my Secure Hybrid Cloud Reference Architecture. There are some differences between the previous version and V2, but nothing major, as we are talking mostly about semantic changes. However, we did expand storage, add in SaaS-based clouds, and rework all of the diagrams to account for distributed firewalls. Yet, the semantic changes are pretty robust, as they reflect the modern mindset with respect to the secure hybrid cloud. Those changes alone are worth considering.
Articles Tagged with Cloud Security
It is that time of year again, when we look to buying gifts online and offline for family, friends, and associates. When holiday cheer imbues us with brotherly love—well, at least most folks feel that way. There is, however, a group of folks waiting for mistakes to be made so they can capitalize on them. Mike Foley is a senior technical marketing manager at VMware, where he focuses on vSphere security. He and I recently discussed how you, as a consumer, can protect your family, money, and self from digital and other thieves.
On the December 18 Virtualization Security Podcast, we were joined by Rafal Los (@Wh1t3Rabbit) to discuss whether it is time for CISOs to move on. Should CISOs start to look beyond simply the problems at hand? Should they drive security into all decisions made at the business and architecture levels? The discussion was mixed, to say the least.
There are two distinct points of view when discussing cloud security: the tenant’s point of view, and the cloud service provider’s point of view. Both of these points of view are legitimate, but often one is confused for the other, as we discuss our points of view without really clarifying. However, within each of these points of view are two distinctly different approaches to cloud security.
It is that time of year again, when we see all the new toys, tools, ideas, and processes that make up the show called VMworld. This year, quite a few changes in virtualization security will be discussed by VMware and other organizations that work with virtual and cloud environments. One of the key messages will be that everyone needs to stop treating virtualization security as something unique and different. Instead of this type of treatment, we have been seeing the extension of existing tools and techniques into virtual and cloud environments. Virtualization and cloud security is a natural progression of all organizational security.
It was all over the web on June 18: Code Spaces went off the air, as we discussed during the Virtualization Security Podcast on 6/19. The reasons are fairly normal in the world of IT and the cloud. They were hacked. Not by subverting the Amazon cloud, but in ways considered more traditional—even mundane. An account password was discovered, either by hacking using one of the seven SSL attacks that exist today or by guessing with the help of inside knowledge gained through social engineering. However the account was hacked, the damage was total. While we may all ask why Code Spaces was attacked, we may never know the answer. Nevertheless, in general such attacks are all about the Benjamins. What lessons can we learn about this attack? How can we improve our usage of clouds to protect our own data, systems, and more from similar attacks?