Innovation is the future of IT, but is innovation really happening? Let us look at one segment of IT: security. The RSA Conference hosts an annual Innovation Sandbox. The winner can claim to be the most innovative security company that participated in the contest. This year, there was a wide mix of companies.
Security focuses on end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds, the SDDC, and the secure hybrid cloud. Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)
As part of Security, we follow the user through the virtual and cloud stacks until they reach the application they wish to use for retrieving the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application, while maintaining strict control of management interfaces. As such, we explore all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.
RSA Conference 2016 is now done. There were about 40,000 attendees, 500+ vendors, and countless hallway conversations. Key to this year’s conference was analytics. You could not walk the show floor without hearing someone extolling the virtues of one analytics product or another. Analytics was big. Of course, that was not all there was on the show floor. There were the typical identity solutions and even a few atypical ones, firewalls, and other items we would expect. But analytics reigned.
After months of feedback and just in time for RSA 2016, I have finally finished the second version of my Secure Hybrid Cloud Reference Architecture. There are some differences between the previous version and V2, but nothing major, as we are talking mostly about semantic changes. However, we did expand storage, add in SaaS-based clouds, and rework all of the diagrams to account for distributed firewalls. Yet, the semantic changes are pretty robust, as they reflect the modern mindset with respect to the secure hybrid cloud. Those changes alone are worth considering.
Amazon has made many changes lately to provide encryption for its Relational Database Service (RDS), adding the ability to encrypt existing RDS instances and shared data between partners. Database encryption, specifically for sharing, is very important, as is encryption at rest, which Amazon and other cloud service providers also provide. If you wish to control everything, you can use tools like HyTrust DataControl and other encrypted file systems, services, and storage appliances. So, why is there always a debate about encryption, who controls the keys, and privacy?
Part of a security professional’s job is to do research on possible breaches and attacks. Some try to do this in a vacuum, others share data and information, and still others read reports generated by companies in the know. The granddaddy of such reports is the Verizon DBIR. Where are the reports related to our industries? Do they exist? What other reports exist?
How many of you went through your security awareness training for the year? Did it consist of a simple slide show with a quiz at the end—a slide show that covered not even a tenth of your full security requirements and was about as memorable as the rock you went by this morning? Yes, you passed the quiz (as they gave you the slide deck to review); now you are done with security training for the year. This approach to security training is a load of fecal matter, a useless waste of time that teaches no one anything. It is time for a change!