In one of my more recent articles, I brought attention to the release, or better yet, the data dump, of exploits and hacking tools targeting Microsoft’s Windows OS, Linux, firewalls, and others. One of the main purposes of my post was to bring attention to the grave dangers that these exploits bring to the world. As such, I really hoped that there would be enough interest from individuals in the industry for them to get a copy of the exploits and contribute to the countermeasures needed to better protect and defend the companies and corporations we all represent. I was absolutely sure that there would be many individuals around the world who would reverse engineer the exploits for more devious purposes. We have just experienced the first of what I believe will be multiple attacks unleashed across the globe.
Articles Tagged with Encryption
There is a growing movement to encrypt everything. I prefer encrypting specific data, not everything. However, modern CPU chipset features have sped up encryption so much that encrypting everything is a valid option. Encryption requires one to have access to the keys or the related encryption secrets. Those secrets need to be at the fingertips of your applications or management tools. Encryption secrets should be readily available to an application. How do we achieve this? The February 9, 2017 Virtualization and Cloud Security Podcast addresses this issue. In this podcast, Virtuozzo’s Chief Software Architect, Pavel Emelyanov, joins us to discuss container encryption.
When investigating the security of various products used on-site, in the cloud, or for clouds, I tend to ask the same set of questions. These focus on identity, compliance, logging, and the like. Specifically, I want to know how the product will integrate with security policy and requirements, as well as with other tools and services in use. Unfortunately, not many pass muster even with regard to these basic questions. Because of this, it is time to define why I ask them, why they are needed, and why you need to consider them as you move forward with your own hybrid cloud products.
Throughout all the years I have been working in information technology, security has been an area that engineers have striven to improve. As a result, we have make our environments as secure as possible. We have always looked to make the security of our systems stronger. Security has evolved over time. One example of this evolution is the concept of password management. IT professionals have helped drive the change from simple passwords to more secure passphrases to two-factor authentication added as another layer of security.
Amazon has made many changes lately to provide encryption for its Relational Database Service (RDS), adding the ability to encrypt existing RDS instances and shared data between partners. Database encryption, specifically for sharing, is very important, as is encryption at rest, which Amazon and other cloud service providers also provide. If you wish to control everything, you can use tools like HyTrust DataControl and other encrypted file systems, services, and storage appliances. So, why is there always a debate about encryption, who controls the keys, and privacy?
The premise of security is confidentiality, integrity, and availability. The premise of data protection is integrity and availability. The two go hand in hand. However, it is often the case that certain groups within organizations handle data protection (disaster recovery, business continuity, and backup) while other groups handle security. As security moves closer and closer to the data, could it perhaps be time for these two disciplines to become one? The security of data protection is becoming just as important as the security of the data within use. The management of the security of in-use data and protected data, regardless of location, is paramount. This means data stored on-premises, in the cloud, and remotely.