Dec2011

A VDI desktop is no More Secure than a Standard Desktop

Our very own Texiwill hosts a weekly Virtualization Security Round Table podcast. This round table provides an open forum to discuss all things related to Virtualization, Virtual Environment and cloud computing security. We’ve questioned before the benefits of a virtual desktop infrastructure with respect to security. Is VDI secure? Is VDI inherently more secure than “traditional desktops”? The article Virtual Desktop Security? Are They Secure? considered the VDI vendor claims that there are several big virtual desktop security

Dec2011

On Going Conversation: PCI Compliance, Are virtual environments always Mixed-Mode?

On 10/6 was held the Virtualization Security Podcast featuring Davi Ottenheimer in his role as a QSA. Davi holds down many roles working with companies such as VMware, yet he maintains his QSA credentials and applies his knowledge of PCI Compliance. In this podcast we ask the question, is a virtual environment always mixed-mode and what to do if your QSA does not have the knowledge required to do the job?

Sep2011

State of Secure Multitenancy Today

On 9/22 was held the Virtualization Security Podcast featuring Anil Karmel, Solutions Architect at Los Alamos National Library (LANL), to discuss their implementation of secure multi-tenant Cloud. LANL makes extensive use of the entire VMware product suite from vCloud Director down to the vShield components to implement their SMT cloud. They have also added into their cloud their own intellectual property to improve overall cloud security. It was a very interesting conversation about the state of SMT today.

Sep2011

Automating Cloud Security

On 9/8 was held the Virtualization Security Podcast featuring Phil Cox, Director of Security and Compliance at RightScale, to discuss the impact of and need for automation of cloud security. Given that we create clouds by automating deployment of workloads we also need to automate the security of those workloads during the same deployment. This podcast delves into that need, and touches on where over automation is also a problem.

Sep2011

Cisco VM-FEX Limitations

The week before VMworld on 8/25 was the Virtualization Security Podcast featuring Greg Ferro (@etherealmind), CCIE to discuss Cisco VM-FEX and its impact on virtualization and cloud security. VM-FEX is a method by which the fabric of a UCS top of rack switch is extended to the VM, but only if the VM is using VMDirectPath. So does this impact Virtualization and Cloud Security in any way?

Aug2011

Mitre – Two New Tools to Help with PaaS and Risk Assessment

On the 7/28 Virtualization Security Podcast, we were joined by Robert Martin of Mitre to discuss Mitre’s new CWE, CWSS, and CWRAF tools to aid in software and system security evaluation. We put a decidedly cloud based discussion around these tools to determine how they would be used by those that program within a PaaS environment, make use of SaaS, or other cloud services.