Android devices recently suffered a spate of attacks. Similar attacks have been made against Apple devices and nearly every other brand of smart device. Does this mean that this is the end of Android or of mobile devices? Or does this mark the rise of mobile device management (MDM) and other software specifically designed to secure end user computing (EUC) devices? EUC security has two failure points: the handheld device and further in the network. But does an insecure device imply loss of data? Perhaps. Loss of credentials? Once more, perhaps. But do we really care? That is not known. So, let us look at a typical use case. Continue reading Should We Care If the Handheld Is Secure?
The virtualization industry is growing incredibly fast, and the lack of common nomenclature and acronyms has given rise to a variety of distinct dialects. It’s no wonder that we who speak 0s and 1s don’t understand each other at times, and industry marketing often causes even more confusion.
Continue reading Nomenclature: What Exactly Is … ?
It has been thirty-one years since the first Computer Chronicles show, and that first show depicted many interesting things that were not considered new at the time. Today, we find them new and interesting, or more to the point, improved such that they are usable in ways only dreamed of then. Computer Chronicles discussed touchscreens, the importance of software over hardware, and telcos as a major source of networking. Today, we have touchscreens on EUC devices, hypervisors, and high-speed bandwidth. I wonder, would the producers of Computer Chronicles consider what we are doing today new, or just improvements on the technology of the 1970s and early ’80s? Continue reading Rewatching Computer Chronicles: Everything Old Is New Again
Have you ever wondered what was going on within a cloud regardless of type? SaaS? PaaS? IaaS? Do you need to audit these environments to ensure compliance with your security policy (not to mention the subset of your security policy that contains regulatory compliance)? To provide solutions for these issues, a number companies both new and old have put forward various tools that utilize proxies, reverse proxies, and transparent gateways to uncover what is happening within a SaaS application. The goal is to know who did what, when, where, how, and hopefully why.
What is the first step of application security? What is this step regardless of whether the process involved is DevOps or traditional silos? We have heard many answers before, such as architecture, code analysis, hardening, risk analysis, etc. But we have not really talked about the intersection of the user, application, data, and system. Perhaps this is part of architecture, but I see this as a need for all applications. Security must be able to protect the data and, simultaneously, the user. Security is about the traditional availability, confidentiality, and integrity as well as privacy these days. Continue reading Application Security: What Is the First Step?
On the May 30th Virtualization Security Podcast, Shaun Donaldson, Director of Alliances at Bitdefender Enterprise, joined us to discuss end user computing (EUC) security and how their new Gravity Zone product ties their enterprise products together under one scalable management umbrella. We had a very interesting conversation on the subject of EUC security, Bring Your Own Device (BYOD) security, and all aspects of the the EUC stack. There are quite a few moving pieces in the EUC stack. It is greater than your mobile device and the system it is accessing; there is a complete networking and political stack between the two, and perhaps many systems you have to jump through to access your data. Continue reading EUC Security: Much More Than VDI