Recently I have had the pleasure of discussing security with a number of cloud providers. Specifically, we talked about what security they implement and how they inform their tenants of security-related issues. In other words, do they provide transparency? I have come to an early conclusion that there are two types of clouds out there: those that provide additional security measures and work with their tenants to improve security, and those who do not. On the Virtualization Security podcast we have discussed this many times, with the conclusion being drawn that many clouds do a better job at security than the average organization does, but that there is no way to know what is implemented, as there is no transparency.
Articles Tagged with Symantec
HyTrust released version 3.5 of their virtualization security proxy and compliance tool. This tool is core to a growing ecosystem of partners and systems. HyTrust has also expanded its role within the secure hybrid cloud by covering more of what is traditionally part of the data center. HyTrust is a proxy that sits between an administrator and sensitive systems by providing both advanced role-based access controls and advanced logging. With HyTrust fronting your VMware vSphere environment, HP ILO, Cisco UCS UIM, and Nexus Switches, administrators gain a fine-grained level of control over actions, improved logging in these environments, and the ability to vault critical passwords. With HyTrust there is no need to share passwords, but there is a need for robust control of an Active Directory environment.
When we look at the secure hybrid cloud, the entry point to the hybrid cloud is the end user computing device, whether that device is a tablet, smart phone, desktop, laptop, google glass, watch, etc. We enter our hybrid cloud from this device. From there we spread out to other clouds within our control, clouds outside our control, or to data centers. How these devices authenticate and access the data within these various places within the hybrid cloud becomes a matter of great importance and has been a concentration for many companies. How we protect the data that ends up on the end user computing device is also of great importance.
In many cases, when we mention Data Protection for the Hybrid Cloud, we are usually talking about backing up to the cloud. The cloud becomes a repository of our backup images and in some cases those backup images can be launched within clouds that use the same technology. Being able to send data to the cloud is becoming table stakes for infrastructure as a service (IaaS) data protection. However, once we move outside the realm of IaaS to Platform or Software as a Service (PaaS or SaaS), data protection is hit or miss.
The secure hybrid cloud encompasses a complex environment with a complex set of security requirements spanning the data center (or data closet), end user computing devices, and various cloud services. The entry point to the entire hybrid cloud is some form of End User Computing device whether that is a smart phone, tablet, laptop, or even a desktop computer. Once you enter the hybrid cloud, you may be taken to a cloud service or to your data center. The goal is to understand how the data flows through out this environment in order to properly secure it and therefore secure the hybrid cloud, but since it is a complex environment, we need a simpler way to view this environment.
As I met with people at RSA Conference last week, the common question was: What was interesting and new? My view was from the world of virtualization and cloud security, which often differs from general or mobile security. This show was more about general and mobile security than it was about virtualization and cloud security due to the confluence of VMware Partner Exchange (PEX) and RSA Conference. There were quite a few things that were new from the show floor, RSA Innovation Sandbox, and other conversations.