Secure multi-tenancy is not just about ensuring security and segregation between tenants. It is also about limiting, auditing, and tracking the activities of a cloud service provider within a tenancy or that touches upon more than one tenant, which of course includes any activity that occurs within the hypervisor, storage, or other layers of the cloud. In the past, I referred to this as the delegate user problem. We were joined by Skyfence (now Imperva) on the April 24 Virtualization Security Podcast to discuss its transparent gateway solution for cloud access, and I had another thought on usage. Perhaps now we can solve the delegate user problem.
Articles Tagged with Virtualization Security Podcast
It has now been a few weeks since RSA Conference 2014. A number of very disparate items to consider were announced at the conference. We covered some of them on the Virtualization Security Podcast held at the NSS Labs hospitality suite at the conference. Yet there is still more to consider. The impact of the solutions presented and the conversations held at the conference are still being worked out. While RSA Conference seemed about one-third mobile, one-third analytics, and one-third everything else, the products below were chosen due to their impact on virtual and cloud environments.
Tal Klein of Adallom joined us on the January 16 Virtualization Security Podcast to discuss Adallom’s approach to logging, auditing, and generally gaining visibility within most SaaS applications. Adallom solves two longstanding problems: how can we as tenants obtain appropriate tenant-only logs of actions within a SaaS application, and how do we determine abnormal behavior within a SaaS application? Before Adallom, we had to ask the SaaS provider for log information, and this process would take quite a while, or, if it was readily available, it was not in real-time.
On the January 2, 2014, the Virtualization Security Podcast was joined on the spur of the moment by @Josh_Atwell, who works for VCE, to discuss the security of converged infrastructures. This was of particular interest to me due to my current research on the security of a VCE Vblock. The research got me thinking about converged infrastructures in general. Before the podcast, I posed two questions on Twitter:
- Are converged infrastructures more secure than traditional implementations?
- Can converged infrastructures be more secure than traditional implementations?
At nearly every conference, we talk about the lowest-hanging fruit of virtualization security, but we often miss the discussion about the lowest-hanging fruit of cloud security. They are not the same. Are we talking about good SSL hygiene? That is a part of it, but there is something even more basic than that. John Dickson, principal of the Denim Group, joined us on The Virtualization Security Podcast to talk about how people are moving to the cloud and the things they miss.
On the 9/5 Virtualization Security Podcast we discussed Hyper-V Security and were joined by Alex Kibkalo, a former senior architect at Microsoft who works as a Director of Product Management in 5nine Software. 5nine Software has developed the first introspective virtualization security device for Hyper-V. Introspective security has been missing from Hyper-V for a number of years, while it was possible to implement, the market has been so small that is was not feasible until now. Which implies Hyper-V is gaining adherents so has a need for better security measures.