The 3/8 Virtualization Security Podcast held a discussion on the happenings as the 2012 RSA Conference in San Francisco as well as a discussion of the features of Bitdefender’s entry into the virtualization and cloud space with their SVE product. RSA Conference high lights not just those security tools for the virtualization and cloud spaces but the entire industry and each year there is always a common theme. Was there one this year? Was there any surprises at the conference?
The Virtualization Field Day delegates joined the Virtualization Security Podcast as guest panelists on 2/23 and the topic of the day was cloud security. There were questions about compliance, security of the tenant, and security of the administrators, and legal issues. There were answers from Rodney Haywood (Rodos), another Virtualization Field Day Delegate and cloud architect as well as the podcast standard panelists. So what did the questions boil down to?
The 2/9 Virtualization Security Podcast was a discussion on when would one use a virtual firewall. This was in response to being told that there are some people that would never use a virtual firewall for anything, and that got me thinking. Outside of the politics involved with using virtual vs physical firewalls, when would you use one? What are the cut offs, and best practices around using virtual firewalls. We were joined by Rob Randell of VMware to discuss this point.
I and others look at Virtualization Security constructs with an eye towards Cloud Security, but they are not necessarily the same. Granted for some clouds, virtualization security can lead to cloud security but this really depends on how the cloud’s architecture. Even so, what we know from Virtualization Security WILL apply to Cloud Security and will be the basis for best practices. But you say, my cloud does not use Virtualizaiton? Ah ha, I say, but it is still a cloud? And that implies there are similar security concerns. This was the discussion on the 1/26 Virtualization Security Podcast.
When you read many blogs and articles on cloud security, writers such as myself often mention jurisdictional issues as a big problem. Nor is the ability to Audit clouds the only problem. Yet both of these are huge issues for clouds today, but fundamentally, is the cloud flawed from a security point of view or are there plenty of security mechanisms available?
At the end of last year and the beginning of this year the Virtualization Security Podcast featured two very different guest panelists to discuss cloud security, policy, and compliance: Phil Cox, Director of Security and Compliance at RightScale, joined us for the last podcast in 2011 and the George Gerchow of VMware’s Policy and Compliance Group, joined us for the first podcast of 2012. We asked is the public cloud ready for mission critical applications. The answer was surprising. Have a listen and let us know your thoughts.