Every day, IT professionals live and breathe applications, yet our focus for operational tools is a single container, virtual machine, database, etc. How do these items map to the application in use? Even the monolithic-looking applications of yesterday were actually made up of services. Those services will be reborn as microservices within the applications of tomorrow. How do we make this transition? Is it possible with a container as a service model? Or should we scratch the past and start over?
Security focuses on end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds, the SDDC, and the secure hybrid cloud. Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)
As part of Security, we follow the user through the virtual and cloud stacks until they reach the application they wish to use for retrieving the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application, while maintaining strict control of management interfaces. As such, we explore all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.
This is a continuation of my Security in Our Modern Times series, which can be found here and here. The story of the San Bernardino iPhone has gotten to the point where you just cannot make this stuff up. Let me give you a Reader’s Digest–type review of the story and then offer my opinion on the latest twist.
With the myriad cases of cyber-theft and security breaches that headline the news every day, it’s no wonder that system improvements are taking a back seat to security items within most IT organizations. While many vendors highlight new products or features as being better, cheaper, and/or faster, those items are having limited success compared to those that address being secure.
Recently, we upgraded our cloud environment. This raises the question, “What is wrong with the environment after an upgrade?” As tools improve, we get new warnings, messages, and analytics. This often leads to a decision to ensure that after the upgrade, all monitoring, alerts, and other diagnostics show green across the board. Is this required, desirable, and even warranted? Wouldn’t it make sense to understand a change between releases first, before blanket acceptance?
Throughout all the years I have been working in information technology, security has been an area that engineers have striven to improve. As a result, we have make our environments as secure as possible. We have always looked to make the security of our systems stronger. Security has evolved over time. One example of this evolution is the concept of password management. IT professionals have helped drive the change from simple passwords to more secure passphrases to two-factor authentication added as another layer of security.