The most recent Virtualization Security Podcast was on the subject of virtualization security for the SMB. Specifically cover the case where the customer wanting virtualization security could afford to purchase a hypervisor and perhaps one other security product. In the end the panelists came up with a list of suggestions for virtualization security for the SMB that are applicable to all levels of Virtualization. The panel looked at SMB security with an eye towards Availability, Integrity, and Confidentiality.
The Cisco-VMware-NetApp (CVN) was discussed on the Virtualization Security Podcast as it pertains to Secure Multi-Tenancy (SMT). This is a major concern that was also discussed at RSA Conference 2010 within the Cloud Security Alliance Summit. The question still remains how to achieve this goal however. CVN is a very good start, but as we discussed on the podcast is missing some key elements.
Brad Hedlund of Cisco asked the question, should the physical network security policy be different than the virtual network security policy? The answer is obviously no, but why are they treated separately? I and other have pushed the concept that to gain performance, redundancy, and security that you should use multiple network links to your virtualization host to separate traffic. However, does this really give you security?
I recently participated in the InformationWeek Dark Security Virtual Event as a panel member with Hoff, Craig Balding, Chris Wolf, Glenn Brunette, and Jon Oberheide. A very far ranging group of individuals from research, security organizations, analysts, and authors. What is interesting is that most of these same people have joined me on the Virtualization Security Podcast, and the others I hope to have as guests next year. There was one question that set me to thinking even more, do we need a new way of thinking about virtualization security?
The last Virtualization Security Podcast covered PCI, Kurt Roemer and Jeff Elliot who were guests represented PCI. PCI as you hopefully know is working on compliance guidance for payment systems running within virtual machines and the cloud. This early discussion …
There has been great debate of what comprises the cloud, how to bound the cloud so that its easier to understand, and how to secure the cloud. Christofer Hoff of the Rational Survivabilty blog has been spear-heading quite a bit of discussion on cloud taxonomy in his attempts to wrap some thoughts around how to properly secure the cloud and everything within it. The start of this journey is the act of defining exactly what the cloud is, and is not. NIST’s document adds some more to an existing definition by defining public and private clouds.