After the end of a year, we often pause and reflect to celebrate our successes and to try and gain closure for our failures and tragedies. For many, 2016 has been a horrible year. I am not going to talk about politics, as that is far too contentious, but the world seems a little darker today than it did in January of 2016. We lost music icons like David Bowie, Prince, Rick Parfitt from Status Quo, and George Michael. Comedians Victoria Wood, Caroline Aherne, and Gene Wilder passed away. For the fantasy and science fiction geeks, we lost Alan Rickman (Harry Potter and Galaxy Quest), Carrie Fisher (Star Wars) on Christmas day, and Anton Yelchin (Star Trek) in June. The sporting world lost Muhammad Ali, Arnold Palmer, Johann Cruyff (the founder of Sexy Football—the proper sort with a round ball that is kicked by a foot). We also lost John Glenn, former US senator and astronaut. In the technology world, we lost Intel founding father Andy Grove, email inventor Ray Tomlinson, and AOL co-founder Jim Kimsey.
Security focuses on end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds, the SDDC, and the secure hybrid cloud. Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)
As part of Security, we follow the user through the virtual and cloud stacks until they reach the application they wish to use for retrieving the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application, while maintaining strict control of management interfaces. As such, we explore all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.
On January 5, 2016, I was joined by Mike Foley, senior technical marketing architect for VMware vSphere Security, and Kapil Raina, HyTrust VP of product marketing, on the Virtualization and Cloud Security Podcast to discuss moving to a hybrid cloud IaaS model. As always, we strive to provide actionable advice. The key question we tried to answer was “Can you just extend your security into your cloud?” The answer was not as simple as one would expect. Have a listen and let us know what you think. In the meantime, here are our thoughts.
Too many times, virtualization and cloud security folks hear that VM Escape is the main worry of security teams. This is far harder to do than most people realize, and requires the attacker to bust through multiple layers of defense in depth! If security teams are worried about VM Escape, then they really do not trust their own defense in depth. They may not even be able to articulate their defense in depth. They may even be confusing VM Escape with Admin Escape. They may just be using this to produce FUD so that they can say no to change. Well, the latter never works. We need to get over this obsession with VM Escape.
Recently, we recorded two virtualization and cloud security podcasts. These podcasts covered what to do after Black Friday and, more recently, what to do before the holiday break. What do you do before and after events? While targeted to specific events, the actionable advice is valid for all events that impact your business. Above all, it is about the business. Security’s goal during these events and breaks is to ensure the business stays running. Much of the advice in these podcasts covers people and process. Technology is there to augment the process. Unfortunately, there is no technology that covers every case. Therefore, you need a good, well-thought-out process.
Symantec has expanded its portfolio by acquiring identity protection firm LifeLock with a $2.3 billion dip into its pockets. Since Symantec divested itself of Veritas at a loss to the Carlyle Group in 2015, it has been looking to move into new markets. It acquired Blue Coat in August for $4.65 billion, a move that was seen to enhance its enterprise offerings.
When investigating the security of various products used on-site, in the cloud, or for clouds, I tend to ask the same set of questions. These focus on identity, compliance, logging, and the like. Specifically, I want to know how the product will integrate with security policy and requirements, as well as with other tools and services in use. Unfortunately, not many pass muster even with regard to these basic questions. Because of this, it is time to define why I ask them, why they are needed, and why you need to consider them as you move forward with your own hybrid cloud products.