Tag Archives: In-KNOW-vation

Security Wrapped Data

VirtualizationSecurityOn the July third Virtualization Security Podcast, we discussed mobile security with Harry Labana, CPO of CloudVolumes, and Ben Goodman of VMware. Actually, it was not necessarily about mobile security as much as it was about security in accessing corporate data from mobile devices, regardless of device and location of data. What came out of this conversation was twofold: some actionable items you (the end user, security, stakeholders) can take today, and a desire for something more—a way to wrap a security context around some data accessible by any program. Continue reading Security Wrapped Data

Security DevOps (SecDevOps)

At InfoSec World a few weeks ago, I was in a talk with Rich Mogull (@rmogull) of Securosis. Rich spoke on the concept of SecDevOps while demonstrating how he applies this concept to workloads running within Amazon. Now, some would argue that DevOps already contains security practices within the workflows. The unfortunate reality is that, in many cases, security is overlooked in the rush to get product out the door. So, how does SecDevOps differ from DevOps? Not a lot, except that it has a higher degree of security focus. The goal of SecDevOps is not to change the developers, but to get the security team involved as a part of development at carefully planned locations within the DevOps workflow.  Continue reading Security DevOps (SecDevOps)