The VMworld 2016 conference in Las Vegas, Nevada, gave a great deal of attention to both NSX and security this year. While walking around the Solution Exchange floor, I had the opportunity to stop and talk with Tufin about its Tufin Orchestration Suite, which orchestrates security polices across complex, hybrid cloud, and physical environments.
Security focuses on end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds, the SDDC, and the secure hybrid cloud. Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)
As part of Security, we follow the user through the virtual and cloud stacks until they reach the application they wish to use for retrieving the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application, while maintaining strict control of management interfaces. As such, we explore all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.
Now that VMworld is over, it is time to digest everything we learned: to pick at the messaging for the kernel of truths and directions. Many found the VMworld keynotes to be somewhat bland and the show floor to be much of the same. However, there was gold within both. We can discuss the show floor later, as I’d like to look deeper at the messaging first. The gold was hard to put together amid all the different messages. Themes included cross-cloud, Photon, NSX, and VSAN. These may seem disjointed until you look deeper. The messaging could be better, and I expect it to improve by VMworld Barcelona. Yet, there was clearly a path forward for each of VMware’s customers.
In less than four years, Google has completely overturned the educational computing market. In 2012, Chromebook sales were less than 1% of all devices shipped within the K–12 education market. By the end of 2013, shipments had increased to 25%. In May of this year, Chrome OS device sales (Chromebook and Chromebox) passed 50% of the education market for the first time. With the education market all but sewn up, how will Chrome fare in the enterprise?
Ransomware is a major concern these days. In many cases, it is a nightmare once it hits, and not just for desktops, but also for servers. Think about it: how would your brand-new analytics package fare if all of the disk data were encrypted by ransomware? Desktops may be the way in, but the deeper into the environment the attacker gets, the more valuable the data. This is where data protection comes to the fore: not just disaster recovery or business continuity, but protection of archival data. We need all of these to survive the latest ransomware attacks by attackers who never send you working decryption keys even if you pay. Preventing a ransomware attack is one thing. Dealing with the aftermath of an attack is another. Prevention and incident response are crucial.
When VDI and DaaS were first introduced, many claims were made for their superiority over distributed desktops. They were cheaper, faster, more secure, easier to manage, etc. At the time, with few exceptions, these claims were no more than fantasy. Over the last few years, though, sufficient improvements in the core platforms and underlying infrastructure have brought some truth to most of these claims. Management tools have improved beyond measure. High-performance converged infrastructure appliances can deliver performance as good as or better than even that of the fastest desktops, and they do so at a cost that is less than that of a managed, enterprise-class desktop PC.
Secure Agile Cloud Development takes Agile and DevOps to the next level. It is about code quality, based not just on what the developers test, but also on the application of continuous testing and on dynamic and static code analysis. Most importantly, it is about a repeatable and trackable process by which we can make code quality assessments. We can find out the “who did what, when, where, how, and why” of our code. It is a useful tool in incident response. Imagine a world in which our production environments are run entirely by code.