At the recent Misti Big Data Security conference many forms of securing big data were discussed from encrypting the entire big data pool to just encrypting the critical bits of data within the pool. On several of the talks there was general discussion on securing Hadoop as well as access to the pool of data. These security measures include RBAC, encryption of data in motion between hadoop nodes as well as tokenization or encryption on ingest of data. What was missing was greater control of who can access specific data once that data was in the pool. How could role based access controls by datum be put into effect? Is such protection too expensive given the time critical nature of analytics or are there other ways to implement datum security? Continue reading Big Data Security
Is the cloud too much of a good thing? Virtualization and cloud computing have been one of the biggest technological advancements of the twenty-first century and they continue to grow at an amazing pace. Cloud computing has started to obtain mass appeal in corporate data centers as it enables the data center to operate like the Internet through the process of enabling computing resources to be accessed and shared as virtual resources in a scalable manner. Each day there seems to be a new announcement or press release about a new product or service that has been released utilizing some form of cloud computing, and I do not see this trend changing anytime soon. Continue reading Is the Cloud Too Much of a Good Thing?
On the May 30th Virtualization Security Podcast, Michael Webster (@vcdxnz001) joined us Live from HP Discover to discuss what we found at the show and other similar tools around the industry. The big data security news was a loosely coupled product named HAVEn which is derived from several products: Hadoop, Autonomy, Vertica, Enterprise Security, and any number of Apps. HAVEn’s main goal is to provide a platform on top of which HP and others can produce big data applications using Autonomy for unstructured data, Vertica for structured data, Enterprise Security for data governance and hadoop. HP has already built several security tools upon HAVEn, and I expect more. Even so, HAVEn is not the only tools to provide this functionality, but it may be the only one to include data governance in from the beginning. Continue reading Big Data Security Tools
I recently read the book Project Phoenix by Gene Kim, Kevin Behr, and George Spafford. If you are in development, IT, or security it should be #1 on your reading list. In this book the authors discuss all the horrors we hear about in IT with a clear direction on how to fix them. There is politics, shadow IT, overzealous security professionals, overworked critical employees, lots of finger pointing. But there is a clear solution, at least as far as the story goes. We also know that DevOps works, most of the time. Continue reading DevOps and Security
The software defined data center has the potential to expand the control plane well outside of anyone’s control by the simple fact that we do not yet have a unified control mechanism for disparate hardware (networking, storage, and compute), for disparate hypervisors (vSphere, KVM, Xen, Hyper-V), new types of hypervisors (storage and networking), and new ideas at managing SDDC at scale. These all end up on the control plane of a software defined data center. In addition, we cross multiple trust zones while in that control plane such as going from user controlled portals to hypervisor management constructs. Add to this the ever increasing number of APIs and we have a very hard to secure environment. Continue reading SDDC and the Ever Expanding Control Plane
We recently moved workloads to the public cloud and the public cloud reality does not match the hype, nor does it match the application security requirements of a small or even large organization. There are two sides to the public cloud security discussion, the one that covers management access and the other that covers application security. For the former, you must trust the cloud, however for the later, you basically get the security you bring to the cloud. The public cloud reality is that you do not magically gain application security when using a cloud. Continue reading Public Cloud Reality: Application Security is in your Hands