Security

Security focuses on end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds, the SDDC, and the secure hybrid cloud. Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)

As part of Security, we follow the user through the virtual and cloud stacks until they reach the application they wish to use for retrieving the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application, while maintaining strict control of management interfaces. As such, we explore all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

Network Virtualization

Cloud: The Great Disaggregated Everything

Network Virtualization

As I’ve thought about how to implement high-performance, very large-scale networks within a secure hybrid cloud, I have come to the conclusion that the cloud works best with disaggregated network functions. This is the goal of network function virtualization, or NFV, but the real problem is knowing what functions to virtualize and how to do so at scale. Very large scale. We need to consider the multipaths our data will take and the rates at which data can pass through the various virtual components of our system that makes up the hybrid cloud. When we think hybrid cloud, we need to think scale out, not up. Scaling up can cost lots of money, while scaling out may save dollars. This means we need to rethink networking and security as well as protection. With containers on my mind, we have a path for our journey.

Read More

Encryption Secrets

There is a growing movement to encrypt everything. I prefer encrypting specific data, not everything. However, modern CPU chipset features have sped up encryption so much that encrypting everything is a valid option. Encryption requires one to have access to the keys or the related encryption secrets. Those secrets need to be at the fingertips of your applications or management tools. Encryption secrets should be readily available to an application. How do we achieve this? The February 9, 2017 Virtualization and Cloud Security Podcast addresses this issue. In this podcast, Virtuozzo’s Chief Software Architect, Pavel Emelyanov, joins us to discuss container encryption.

Read More

Security and Data Protection: Anti-Ransomware?

Nearly every time I turn around, a company is stating it can prevent ransomware! When I research it further, I see that it is not, in fact, prevention. Rather, it is recovery. These companies all make the same assumption: that ransomware can be detected long before it becomes a major problem. This is false reasoning. Ransomware is not detected until a person cannot open a file, or a system reboots and the screen shows a lovely ransomware message. How soon after ransomware hits does this detection take place? Moments, days, or months? Whether you can detect ransomware early enough depends on your practices, policies, and capabilities, not on storage or data protection that claims to prevent ransomware. What does it take to prevent, or even detect, ransomware?

Read More

Security: Another Key Reason for Virtualization

Aside from the production benefits of virtualization, an added benefit is improving security posture, which is paramount to most IT organizations. For those that haven’t already determined that a virtualized infrastructure is a better solution than handing out laptops with a VPN connection, there are a number of eye-opening reasons to reconsider the security impact of locally stored applications and data.

Read More

Container Security Podcast

There is a recent CVE (CVE-2016-9962) that directly affects container security. A patch was quickly forthcoming. This raised some interesting concerns. Specifically, how do you patch a container infrastructure? What needs to be patched? The “what” is easy; the “how” is more difficult. As we move to cloud-native applications, where we tear down apps rapidly and restart them from whole cloth, patching is a crucial issue. There is risk here; the question is how to mitigate such risk. How do you patch for future issues? This was the subject of the virtualization and cloud security podcast this week.

Read More

The Future Perfect … Data Center

We are happy to share that we were featured yesterday on BrightTALK. We discussed data centers and what the future holds. What does the future data center look like? Is it racks and racks of computers? Is it heavily automated? Is it just a shim to the larger world of the cloud? Listen in on this dynamic panel discussion in which we delve into the future of the data center with our experts, Edward Haletky and Steve Beaver. We discussed where we are going, how the hybrid cloud fits in, and the ultimate vision of the data center.

Read More