On the January 2, 2014, the Virtualization Security Podcast was joined on the spur of the moment by @Josh_Atwell, who works for VCE, to discuss the security of converged infrastructures. This was of particular interest to me due to my current research on the security of a VCE Vblock. The research got me thinking about converged infrastructures in general. Before the podcast, I posed two questions on Twitter:
- Are converged infrastructures more secure than traditional implementations?
- Can converged infrastructures be more secure than traditional implementations?
Security is not compliance and compliance will not get you security. At least that is what I hear from security teams. Conversations with security focal team members from non-security focal people can be quite interesting and has its unique challenges and hurtles to overcome. You can find yourself speaking the same language but not fully understanding each other very well at all. One topic point of discussion is that “security is not compliance and compliance will not get you security.” Or does it?
The most recent Virtualization Security Podcast was on Rethinking vNetwork Security and featured Brad Hedlund of Cisco as the guest. The conversation started on twitter two weeks ago and lead to Brad posting a write-up of his discovery’s on his InterNetorkExpert blog titled The vSwitch Illusion and DMZ Virtualization. The podcast went even deeper into the technology and may have come up with a solution to what is becoming a sticky vNetwork problem with some organization’s security policy. However, what it all boils down to is Trust. Where do we place our Trust, but without full knowledge of how the vNetwork stack operates, this trust could be misplaced.
Brad asked the question, should the physical network security policy be different than the virtual network security policy? The answer is obviously no, but why are they treated separately? I and other have pushed the concept that to gain performance, redundancy, and security that you should use multiple network links to your virtualization host to separate traffic. However, does this really give you security?