Tag Archives: HyTrust

API Security within the Hybrid Cloud

The hybrid cloud has 100s if not 1000s of APIs in use at any time. API security therefore becomes a crucial part of any hybrid cloud environment. There are only so many ways to secure an API: we can limit its access, check the commands, encrypt the data transfer, employ API-level role-based access controls, ensure we use strong authentication, etc. However, it mostly boils down to depending on the API itself to be secure, because while we can do many things on the front end, there is a chance that once the commands and actions reach the other end (cloud or datacenter), the security could be suspect. So how do we implement API security within the hybrid cloud today? Continue reading API Security within the Hybrid Cloud

Delegate User Problem and Proxies

VirtualizationSecurityBy far, the lowest hanging fruit of virtualization and cloud environment security is the segregation of your management control from your workloads. Separation of data and control planes has been recommended for everything from storage (EMC ViPR) up to the workloads running within virtual machines. The same holds true for cloud and virtual environment management tools, tasks, and functions. Up to now there have been very few choices in how such segregation could be implemented. They have been limited to using properly placed firewalls or to using some form of proxy, and the only proxy available was HyTrust. But this has changed. There are some other tools that will help with this segregation of data from control; do they give the level of auditing we require to solve the delegate user problem? Continue reading Delegate User Problem and Proxies

RSA Conference: What was Interesting

RSA Conference: What was InterestingRSA Conference: What was InterestingAs I met with people at RSA Conference last week, the common question was: What was interesting and new? My view was from the world of virtualization and cloud security, which often differs from general or mobile security. This show was more about general and mobile security than it was about virtualization and cloud security due to the confluence of VMware Partner Exchange (PEX) and RSA Conference. There were quite a few things that were new from the show floor, RSA Innovation Sandbox, and other conversations. Continue reading RSA Conference: What was Interesting

Defense in Depth: Authentication and Authorization

VirtualizationSecurityOn the 7/29 Virtualization Security podcast we continued our discussions on defense in depth. We discussed authentication and authorization with IdentityLogix. IdentityLogix provides a unique solution that correlates users and groups against VMware vSphere’s own role based access control stores. In other words, IdentityLogix can identify if a user or group within active directory has more access to VMware vSphere’s management tools than they were intended to be allowed based not only on the user’s username but on the groups in which the user belongs. Why is this important to know? Continue reading Defense in Depth: Authentication and Authorization

VMworld 2012: First Thoughts and Observations

VMworld2012150x27Now that VMworld 2012 is well under way I wanted to share some of my first thoughts and observations about the conference.  At the start of the conference, during the first General Session, the virtual passing of the torch from the outgoing CEO, Paul Maritz, to the new incoming CEO, Pat Gelsinger, took place with Mr. Gelsinger getting the opportunity to say hello to a crowd of around twenty thousand people that are present at the show. I would like to salute Mr. Maritz for the great job he has done during his tenure as CEO of VMware and I am looking forward seeing the direction Mr. Gelsinger will take now that he has the reigns.  On an interesting note, Mr. Gelsinger was one of the keynote speakers at VMworld 2007 when he was at Intel and one year before Mr. Maritz took over as VMware’s CEO. Continue reading VMworld 2012: First Thoughts and Observations

Defense in Depth: Firewalls within the Virtual Environment

VirtualizationSecurityThe 6/14 Virtualization Security Podcast we spoke about firewall placement within the virtual environment as well as storage based defense in depth. While we covered Encryption on the 5/31 podcast, in the 6/14 podcast we  covered other measures when dealing with storage (which will be part of a followup post). This conversation was slightly different than all other firewall discussions, as it was about migrating from a physical environment to a virtual environment, and keeping the same firewall placements. Spurred by a customer, we sought to come to a set of guidelines to follow for defense in depth within the virtual as well as physical and hybrid cloud environments. Continue reading Defense in Depth: Firewalls within the Virtual Environment