I recently read the book Project Phoenix by Gene Kim, Kevin Behr, and George Spafford. If you are in development, IT, or security it should be #1 on your reading list. In this book the authors discuss all the horrors we hear about in IT with a clear direction on how to fix them. There is politics, shadow IT, overzealous security professionals, overworked critical employees, lots of finger pointing. But there is a clear solution, at least as far as the story goes. We also know that DevOps works, most of the time. Continue reading DevOps and Security
The software defined data center has the potential to expand the control plane well outside of anyone’s control by the simple fact that we do not yet have a unified control mechanism for disparate hardware (networking, storage, and compute), for disparate hypervisors (vSphere, KVM, Xen, Hyper-V), new types of hypervisors (storage and networking), and new ideas at managing SDDC at scale. These all end up on the control plane of a software defined data center. In addition, we cross multiple trust zones while in that control plane such as going from user controlled portals to hypervisor management constructs. Add to this the ever increasing number of APIs and we have a very hard to secure environment. Continue reading SDDC and the Ever Expanding Control Plane
We recently moved workloads to the public cloud and the public cloud reality does not match the hype, nor does it match the application security requirements of a small or even large organization. There are two sides to the public cloud security discussion, the one that covers management access and the other that covers application security. For the former, you must trust the cloud, however for the later, you basically get the security you bring to the cloud. The public cloud reality is that you do not magically gain application security when using a cloud. Continue reading Public Cloud Reality: Application Security is in your Hands
Bromium have released vSentry 1.1 which will brings Bromium’s benefits of micro-virtualization and hardware based security to a far wider range of enterprise desktops. This is the release you’ve been waiting for: and if you’ve not been waiting, this is definitely the release to consider.
We’ve spoken before about Bromium when they unveiled their micro-virtualization trustworthy security vision. Bromium’s message and focus was simple “standard workspace security is reactive, not proactive“. Whatever you have in terms of anti-virus or malware detection is only good once a new threat is found, understood, a patch created and deployed. This poses the very important question “what is the impact of the time delay between threat found and threat contained?”. Bromium’s goal was to dramatically reduce that “and”.
You may contest, “ah, but I can solve this workspace threat issue by making physical desktops, virtual desktops”. This is not the case. We evidenced this in Virtual desktops (VDI) are different, but not hugely better in terms of security, than physical desktops. You do not deliver better security by simply virtualizing the desktop.
So what does vSentry v1.1 bring? How is it better than v1? What can this mean for your organisation?
Desktop security start-up Bromium announced the general availability of vSentry, at the Gartner Security and Risk Management management Summit in London today. Their first product to be based on the Bromium Microvisor designed to protect from advanced malware that attacks the enterprise through poisoned attachments, documents and websites.
One year after announcing that he and XenSource co-founder Ian Pratt were leaving Citrix to launch Bromium with former Pheonix Technologies CTO Gaurav Banga; Simon Crosby was back at the GigaOM Structure conference in San Francisco today to unveil Bromium’s micro-virtualization technology together with its plans to transform enterprise endpoint security. Bromium, despite the occasional blog post calling into question the security limitations of current desktop virtualization solutions and despite today’s announcement of the Bromium Microvisor, has very little to do with desktop virtualization. Desktop virtualization whether it be VDI, or IDV or anything in between, is a management technology, a means of getting an appropriately specified endpoint configuration in front of the user. Bromium has set itself a bigger challenge, one that is applicable to every endpoint and every operating system – the extension of the precepts of trustworthy computing to mainstream operating systems. Continue reading Bromium unveils micro-virtualization trustworthy security vision