Welcome to the second part of my conversation on security in our modern times. In my last article, I concluded with a mention of the US government’s court order compelling Apple to develop a solution bypassing the security on the San Bernardino terrorists’ phone.
Security focuses on end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds, the SDDC, and the secure hybrid cloud. Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)
As part of Security, we follow the user through the virtual and cloud stacks until they reach the application they wish to use for retrieving the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application, while maintaining strict control of management interfaces. As such, we explore all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.
Recently, we upgraded our cloud environment. This raises the question, “What is wrong with the environment after an upgrade?” As tools improve, we get new warnings, messages, and analytics. This often leads to a decision to ensure that after the upgrade, all monitoring, alerts, and other diagnostics show green across the board. Is this required, desirable, and even warranted? Wouldn’t it make sense to understand a change between releases first, before blanket acceptance?
Throughout all the years I have been working in information technology, security has been an area that engineers have striven to improve. As a result, we have make our environments as secure as possible. We have always looked to make the security of our systems stronger. Security has evolved over time. One example of this evolution is the concept of password management. IT professionals have helped drive the change from simple passwords to more secure passphrases to two-factor authentication added as another layer of security.
Innovation is the future of IT, but is innovation really happening? Let us look at one segment of IT: security. The RSA Conference hosts an annual Innovation Sandbox. The winner can claim to be the most innovative security company that participated in the contest. This year, there was a wide mix of companies.
RSA Conference 2016 is now done. There were about 40,000 attendees, 500+ vendors, and countless hallway conversations. Key to this year’s conference was analytics. You could not walk the show floor without hearing someone extolling the virtues of one analytics product or another. Analytics was big. Of course, that was not all there was on the show floor. There were the typical identity solutions and even a few atypical ones, firewalls, and other items we would expect. But analytics reigned.
After months of feedback and just in time for RSA 2016, I have finally finished the second version of my Secure Hybrid Cloud Reference Architecture. There are some differences between the previous version and V2, but nothing major, as we are talking mostly about semantic changes. However, we did expand storage, add in SaaS-based clouds, and rework all of the diagrams to account for distributed firewalls. Yet, the semantic changes are pretty robust, as they reflect the modern mindset with respect to the secure hybrid cloud. Those changes alone are worth considering.