What is the significance of July 14, 2015? It is the end of extended support date for Windows Server 2003. This date is approaching faster than many administrators care to acknowledge, and the reality is that Windows Server 2003 just won’t be a viable operating system for production environments after that date.
Every new advancement in technology brings security challenges. When the Internet became popular, many people had serious concerns about exposing the enterprise to the outside world. For companies to adopt Internet technologies, they had to accept a tradeoff: taking on new vulnerabilities in return for game-changing business value creation. With the emergence of cloud computing, history is repeating itself. It no longer is feasible to resist the movement to the cloud because of security fears. There must be some acceptance of risk and an effort to minimize that risk with sound architecture, good process, and continuous monitoring. The business value of cloud is too great for businesses to sit on the sidelines.
In virtual and cloud environments, network traffic often flows into a virtualization, then back out, forwarded to another device, usually security, before it re-enters the virtual environment. I call this a “sadly defined network,” not software-defined. Many of my colleagues claim that this is not true. They say that an SDN keeps east-west traffic within the hypervisor and that north-south would not need to do this. I disagree. This will happen when bad design is implemented in virtual and physical security. “Ah!” some will say, “this is solved by micro-segmentation,” but that is not always true, either. Continue reading SDN: Sadly Defined Network
With the number of mobile devices in use now surpassing that of desktops worldwide, the application virtualization requirements of business mobile users continues to grow exponentially. Whether these users access their business apps from a smartphone, tablet, or—the latest buzzword—“phablet,” their common denominator is their demand for more and better business applications on the go.
If you’ve ever engaged the services of a penetration testing company, you know they’re not cheap. In fact, it’s not unusual to feel you’ve been slapped, thrown in a bag, and hung up to dry. These types of costs can be absorbed by larger companies and enterprises, but not smaller ones, which lack the budgets to take that kind of hit.
On the June 24, 2014 Virtualization Security Podcast, we discussed SecDevOps with Andi Mann of CA Technologies. Andi pointed out fairly early that he does not like the term or the “DevOpsSec” term. Security needs to be considered at every step of the way, he stressed: neither before nor after Dev, but marching along with DevOps and Agile methodologies. As such, the question that comes to mind is how security can get involved with DevOps and Agile methodologies. So, we came up with some practical advice. Continue reading SecDevOps: What Security Can Do Today