We are trying out a new format for the Virtualization & Cloud Security Podcast: video. We’ll post it up on YouTube as well as posting it via Talkshoe and iTunes. In this episode, Mike Foley (@mikefoley) of VMware Technical Marketing joins me to discuss IoT security, the RSA Conference, and hardening guides. We have spoken about the last item quite a few times and featured the RSA Conference on a previous podcast as well. IoT security is now something very interesting.
On the December 18 Virtualization Security Podcast, we were joined by Rafal Los (@Wh1t3Rabbit) to discuss whether it is time for CISOs to move on. Should CISOs start to look beyond simply the problems at hand? Should they drive security into all decisions made at the business and architecture levels? The discussion was mixed, to say the least. Continue reading In the New Year, Can CISOs Move On?
Whenever I talk to security vendors and others about where security is going, or more to the point, should go, I draw out a use case I have developed over the years. It has grown and changed as the concept of the secure hybrid cloud has developed and expanded. The example I use demonstrates the need for policy not only to cover the data and systems, but also to follow the user as they access the data. The entry point to any secure hybrid cloud is the user. Where that user goes tells us how they touch and access data. We may want a security context around the data, but how that context should react depends on how, from where, with what, when, and hopefully why the data is accessed. Continue reading EUC Use Cases: Secure Hybrid Cloud
On the August 7 Virtualization Security podcast, we discussed how people in virtualization, security, compliance, data protection, storage, and networking—and everyone else in IT—should form their own organizational communities to improve overall communication and establish easy access to experts in those fields. This thought came out of a conversation I had with @jtroyer about whether or not IT should be a community instead of seeing its various components as silos. Even to this day, we are seeing more silos and fewer communities. The lines have just been drawn differently. Continue reading Building Your Own IT Community
On the June 24, 2014 Virtualization Security Podcast, we discussed SecDevOps with Andi Mann of CA Technologies. Andi pointed out fairly early that he does not like the term or the “DevOpsSec” term. Security needs to be considered at every step of the way, he stressed: neither before nor after Dev, but marching along with DevOps and Agile methodologies. As such, the question that comes to mind is how security can get involved with DevOps and Agile methodologies. So, we came up with some practical advice. Continue reading SecDevOps: What Security Can Do Today
On the July third Virtualization Security Podcast, we discussed mobile security with Harry Labana, CPO of CloudVolumes, and Ben Goodman of VMware. Actually, it was not necessarily about mobile security as much as it was about security in accessing corporate data from mobile devices, regardless of device and location of data. What came out of this conversation was twofold: some actionable items you (the end user, security, stakeholders) can take today, and a desire for something more—a way to wrap a security context around some data accessible by any program. Continue reading Security Wrapped Data