In my last article, EUC Use Cases: Secure Hybrid Cloud, we looked at how the user could be getting to our data. By doing this, we can place security at the union of data and the user, wherever the data resides and however the user gets there. Yet, we cannot forget where the data is presented. In order to present data, data is copied from its repository to some other device. Now, in the case of virtual desktops, that data is copied as graphical constructs derived from the data; for file servers, the data presented is a raw form of the data. So, to secure everything from end to end, what do we really need? Continue reading EUC Use Cases: What Do We Need?
When we look at the secure hybrid cloud, there seems to be a missing piece, a piece that is used to validate identity via role based access controls assigned to applications, data, and systems. An identity that allows control of dynamic instead of the normal static firewall rules that are part and parcel of most environments. The software defined data center needs security to move with it and not remain static. Yes we could manipulate the rules on the fly, but those manipulations require that we know who is using a particular VM at a given time and in the case of a server, the VM could be used by more than one user at a time, so we need something more dynamic. Privileged access to data needs to be enforced throughout the stack and not just within an application or by encrypting data. Validating against an identity is a key component of the secure software defined data center and secure hybrid cloud.