Dell has announced it will spin off its SecureWorks product portfolio. SecureWorks is very late to the cloud and virtualization security market, and it may never get there. EMC RSA ignored the cloud and virtualization security market and now is struggling to find a footing in the larger IoT market. VCE has no security reference architecture other than a growing list of products. When everyone is hailing Dell plus EMC as one of the largest mergers (which it is), how is security going to play as a part of the combined portfolio?
Andy Jassy, SVP of AWS, made a ton of new announcements in his keynote speech yesterday at the 4th annual AWS re:Invent conference in Las Vegas. The conference has grown to nearly 20,000 attendees with around 38,000 watching the live streaming event. Continue reading AWS re:Invent Keynote: 7 Basic Freedoms
I have been following containers for quite some time now. A year ago it was safe to say that container technologies like Docker were far from production ready when it came to security. What I have seen over the past year is a ton of development towards closing that gap. For this post, I’ll focus on Docker. Continue reading The Container Security Gap is Rapidly Closing
What is the significance of July 14, 2015? It is the end of extended support date for Windows Server 2003. This date is approaching faster than many administrators care to acknowledge, and the reality is that Windows Server 2003 just won’t be a viable operating system for production environments after that date.
Every new advancement in technology brings security challenges. When the Internet became popular, many people had serious concerns about exposing the enterprise to the outside world. For companies to adopt Internet technologies, they had to accept a tradeoff: taking on new vulnerabilities in return for game-changing business value creation. With the emergence of cloud computing, history is repeating itself. It no longer is feasible to resist the movement to the cloud because of security fears. There must be some acceptance of risk and an effort to minimize that risk with sound architecture, good process, and continuous monitoring. The business value of cloud is too great for businesses to sit on the sidelines.
In virtual and cloud environments, network traffic often flows into a virtualization, then back out, forwarded to another device, usually security, before it re-enters the virtual environment. I call this a “sadly defined network,” not software-defined. Many of my colleagues claim that this is not true. They say that an SDN keeps east-west traffic within the hypervisor and that north-south would not need to do this. I disagree. This will happen when bad design is implemented in virtual and physical security. “Ah!” some will say, “this is solved by micro-segmentation,” but that is not always true, either. Continue reading SDN: Sadly Defined Network