Tag Archives: DISA

Cloud and Virtualization Security Resolutions for 2012

Christmas is over and New Years is on its way. A time to make resolutions and see the year complete.  A time to review what is old and plan for the future. This is a perfect time to review your defense in depth and look to see if there are security additions needed in 2012. So what cloud and virtualization security New Years resolutions should I make for 2012? Continue reading Cloud and Virtualization Security Resolutions for 2012

Virtualization Security for the SMB, Starting Point for All

The most recent Virtualization Security Podcast was on the subject of virtualization security for the SMB. Specifically covering the case where the customer wanting virtualization security could afford to purchase a hypervisor and perhaps one other security product. In the end the panelists came up with a list of suggestions for virtualization security for the SMB that are applicable to all levels of Virtualization. The panel looked at SMB security with an eye towards Availability, Integrity, and Confidentiality.

The list follows:

  • Download/create a Security and Incident Response Policy: It is very important to have a policy as this will not only let you know your responsibility and legal coverage but will also contain what you need to do if there is a security incident we respect to your data and environment.
  • Segregated your virtualization networks from production networks: Virtualizition Networks are not virtual networks but those networks required by the hypervisor functionality such as Management Appliance, Fault Tolerance, High Availability, LiveMigration/vMotion, and Storage virtual networks. Continue reading Virtualization Security for the SMB, Starting Point for All

NIST Cloud Computing Definitions Final

On the Virtualization Security Podcast from several weeks ago, wh had Craig Balding of the Cloud Security Alliance (CSA) and Peter Mell who heads up Cloud within NIST as guests, who announced the availability of the NIST Cloud Computer Definitions as well as some basic guidance around securely using the cloud. While the NIST definitions were available in draft form prior to a few weeks ago, they are now official definitions, and this is a large step forward for the cloud. Continue reading NIST Cloud Computing Definitions Final