It was all over the web on June 18: Code Spaces went off the air, as we discussed during the Virtualization Security Podcast on 6/19. The reasons are fairly normal in the world of IT and the cloud. They were hacked. Not by subverting the Amazon cloud, but in ways considered more traditional—even mundane. An account password was discovered, either by hacking using one of the seven SSL attacks that exist today or by guessing with the help of inside knowledge gained through social engineering. However the account was hacked, the damage was total. While we may all ask why Code Spaces was attacked, we may never know the answer. Nevertheless, in general such attacks are all about the Benjamins. What lessons can we learn about this attack? How can we improve our usage of clouds to protect our own data, systems, and more from similar attacks? Continue reading Lessons We Can Learn from the Code Spaces Attack
During the last two Virtualization Security Podcasts, the panel discussed backups as well as scripting related to backups and in general. We went further to discuss the security implications surrounding backups, including whether or not a recovery is required when a site is hacked. The latter raises an important question: what constitutes a disaster that requires recovery? Is recovery needed only for catastrophic failure (which TVP has experienced)? Is it required in response to malfeasance from a disgruntled employee? To an external cyber-attack? Do you classify cyber-attacks as disasters requiring restoration from known-good sources and restoration of data from a backup, or do you use some other means to recover?
Secure multi-tenancy is not just about ensuring security and segregation between tenants. It is also about limiting, auditing, and tracking the activities of a cloud service provider within a tenancy or that touches upon more than one tenant, which of course includes any activity that occurs within the hypervisor, storage, or other layers of the cloud. In the past, I referred to this as the delegate user problem. We were joined by Skyfence (now Imperva) on the April 24 Virtualization Security Podcast to discuss its transparent gateway solution for cloud access, and I had another thought on usage. Perhaps now we can solve the delegate user problem. Continue reading Securing Clouds from Service Providers
It has now been a few weeks since RSA Conference 2014. A number of very disparate items to consider were announced at the conference. We covered some of them on the Virtualization Security Podcast held at the NSS Labs hospitality suite at the conference. Yet there is still more to consider. The impact of the solutions presented and the conversations held at the conference are still being worked out. While RSA Conference seemed about one-third mobile, one-third analytics, and one-third everything else, the products below were chosen due to their impact on virtual and cloud environments. Continue reading RSA Conference Roundup
Tal Klein of Adallom joined us on the January 16 Virtualization Security Podcast to discuss Adallom’s approach to logging, auditing, and generally gaining visibility within most SaaS applications. Adallom solves two longstanding problems: how can we as tenants obtain appropriate tenant-only logs of actions within a SaaS application, and how do we determine abnormal behavior within a SaaS application? Before Adallom, we had to ask the SaaS provider for log information, and this process would take quite a while, or, if it was readily available, it was not in real-time. Continue reading Adallom: Visibility into Your SaaS Provider Instance
On the January 2, 2014, the Virtualization Security Podcast was joined on the spur of the moment by @Josh_Atwell, who works for VCE, to discuss the security of converged infrastructures. This was of particular interest to me due to my current research on the security of a VCE Vblock. The research got me thinking about converged infrastructures in general. Before the podcast, I posed two questions on Twitter:
- Are converged infrastructures more secure than traditional implementations?
- Can converged infrastructures be more secure than traditional implementations?