Welcome to The Virtualization Practice’s week-long coverage of VMworld US 2015. Tune in all week for our daily recap of the major announcements and highlights from the world’s premier virtualization and cloud conference.
VMworld US 2015 continued yesterday, kicked off by the general session. End-User Computing’s Sanjay Poonen led the keynote, in which VMware fleshed out what it means by “any application and any device” within the “Ready for Any” theme of the conference. Beginning with the VMware Workspace Suite, VMware talked at length about the growth of mobile computing and how AirWatch, together with VMware App Volumes, enables IT to manage all Windows 10 devices (physical and virtual, mobile or not), as well as iOS and Android devices, from a single pane of glass. Foreshadowing the next speaker, Poonen wrapped up his portion by talking about the synergies between AirWatch, Horizon, and NSX, with policy settings in NSX affecting and being affected by AirWatch connectivity and data access.
The premise of security is confidentiality, integrity, and availability. The premise of data protection is integrity and availability. The two go hand in hand. However, it is often the case that certain groups within organizations handle data protection (disaster recovery, business continuity, and backup) while other groups handle security. As security moves closer and closer to the data, could it perhaps be time for these two disciplines to become one? The security of data protection is becoming just as important as the security of the data within use. The management of the security of in-use data and protected data, regardless of location, is paramount. This means data stored on-premises, in the cloud, and remotely. Continue reading Cloud Dependency: Data Protection and Security→
It is that time of year again, when we see all the new toys, tools, ideas, and processes that make up the show called VMworld. This year, quite a few changes in virtualization security will be discussed by VMware and other organizations that work with virtual and cloud environments. One of the key messages will be that everyone needs to stop treating virtualization security as something unique and different. Instead of this type of treatment, we have been seeing the extension of existing tools and techniques into virtual and cloud environments. Virtualization and cloud security is a natural progression of all organizational security. Continue reading Virtualization Security at VMworld→
There has been quite a bit written about Code Spaces and how unauthorized access to its ITaaS console granted enough permissions to delete everything out of Amazon, including backups. There are lessons here not only for tenants, but also for those vendors who create ITaaS consoles, such as VMware (vCHS, vCD, vCAC, vCenter, Orchestrator, etc.), Virtustream (xStream), OpenStack, and many others. These consoles need better controls and security so that such behavior is prevented, logged, and monitored, and the proper authorities are informed. Now, we may think this is a cloud-only attack, but we use these tools within our own environments day in and day out. For anyone using virtualization, private, or hybrid cloud consoles and automation tools, it is time to take a good long look at role-based access controls (RBAC). The steps we discussed at the end of my other lessons article still apply. Continue reading Protecting ITaaS Consoles→
As your software-defined data center (SDDC) grows, so does the quantity of privileged accounts. This was the discussion on the Virtualization Security Podcast of February 13, 2014, where we were joined by Thycotic Software. Privileged accounts are used by administrators and others to fix issues, set up new users, add new workloads, move workloads around your SDDC, harden those workloads, and perhaps even log in to just pull down logs for further use. The list of reasons to use privileged accounts is as endless as your system administrator’s stack of work. Yet today, almost always, access to these accounts is made by those who know the password. Continue reading Privileged Accounts within SDDC→
Recently I have had the pleasure of discussing security with a number of cloud providers. Specifically, we talked about what security they implement and how they inform their tenants of security-related issues. In other words, do they provide transparency? I have come to an early conclusion that there are two types of clouds out there: those that provide additional security measures and work with their tenants to improve security, and those who do not. On the Virtualization Security podcast we have discussed this many times, with the conclusion being drawn that many clouds do a better job at security than the average organization does, but that there is no way to know what is implemented, as there is no transparency. Continue reading A Tale of Two Clouds→