In the new year, security is going to move from the organization itself to protecting the individuals who make up the organization. Or more to the point, educating the individual as consumers about operational security with an eye toward family, finances, and self. Without this focus, breaches will continue and become worse before they become better. While governments try to ensure privacy while protecting the country from outside attack, it behooves the individual to protect their family, finances, and self. Without this security, privacy does not truly exist. In World War II, one catchphrase was “loose lips sink ships.” It is as apropos today as it was back then.
Articles Tagged with Virtualization Security Podcast
We are trying out a new format for the Virtualization & Cloud Security Podcast: video. We’ll post it up on YouTube as well as posting it via Talkshoe and iTunes. In this episode, Mike Foley (@mikefoley) of VMware Technical Marketing joins me to discuss IoT security, the RSA Conference, and hardening guides. We have spoken about the last item quite a few times and featured the RSA Conference on a previous podcast as well. IoT security is now something very interesting.
On the December 18 Virtualization Security Podcast, we were joined by Rafal Los (@Wh1t3Rabbit) to discuss whether it is time for CISOs to move on. Should CISOs start to look beyond simply the problems at hand? Should they drive security into all decisions made at the business and architecture levels? The discussion was mixed, to say the least.
Whenever I talk to security vendors and others about where security is going, or more to the point, should go, I draw out a use case I have developed over the years. It has grown and changed as the concept of the secure hybrid cloud has developed and expanded. The example I use demonstrates the need for policy not only to cover the data and systems, but also to follow the user as they access the data. The entry point to any secure hybrid cloud is the user. Where that user goes tells us how they touch and access data. We may want a security context around the data, but how that context should react depends on how, from where, with what, when, and hopefully why the data is accessed.
On the August 7 Virtualization Security podcast, we discussed how people in virtualization, security, compliance, data protection, storage, and networking—and everyone else in IT—should form their own organizational communities to improve overall communication and establish easy access to experts in those fields. This thought came out of a conversation I had with @jtroyer about whether or not IT should be a community instead of seeing its various components as silos. Even to this day, we are seeing more silos and fewer communities. The lines have just been drawn differently.
On the June 24, 2014 Virtualization Security Podcast, we discussed SecDevOps with Andi Mann of CA Technologies. Andi pointed out fairly early that he does not like the term or the “DevOpsSec” term. Security needs to be considered at every step of the way, he stressed: neither before nor after Dev, but marching along with DevOps and Agile methodologies. As such, the question that comes to mind is how security can get involved with DevOps and Agile methodologies. So, we came up with some practical advice.