Amazon has made many changes lately to provide encryption for its Relational Database Service (RDS), adding the ability to encrypt existing RDS instances and shared data between partners. Database encryption, specifically for sharing, is very important, as is encryption at rest, which Amazon and other cloud service providers also provide. If you wish to control everything, you can use tools like HyTrust DataControl and other encrypted file systems, services, and storage appliances. So, why is there always a debate about encryption, who controls the keys, and privacy?
Security focuses on end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds, the SDDC, and the secure hybrid cloud. Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)
As part of Security, we follow the user through the virtual and cloud stacks until they reach the application they wish to use for retrieving the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application, while maintaining strict control of management interfaces. As such, we explore all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.
Part of a security professional’s job is to do research on possible breaches and attacks. Some try to do this in a vacuum, others share data and information, and still others read reports generated by companies in the know. The granddaddy of such reports is the Verizon DBIR. Where are the reports related to our industries? Do they exist? What other reports exist?
How many of you went through your security awareness training for the year? Did it consist of a simple slide show with a quiz at the end—a slide show that covered not even a tenth of your full security requirements and was about as memorable as the rock you went by this morning? Yes, you passed the quiz (as they gave you the slide deck to review); now you are done with security training for the year. This approach to security training is a load of fecal matter, a useless waste of time that teaches no one anything. It is time for a change!
After the Apollo 1 disaster, astronaut Frank Borman told Congress that the tragedy had not been caused by any one company or organization, but by the entirety of all those involved with the Mercury, Gemini, and Apollo missions. The problem had been a failure of imagination. They knew that at some point there would be a fire in a space capsule. However, they assumed it would take place in space somewhere. They just did not think about the possibility of fire while the capsule was still on earth. We call this failure of imagination “unknown unknowns” within the security world, but it boils down to the same thing. We just do not think about some things. Even with all the tools out there to help us, we have failures of imagination.
In the new year, security is going to move from the organization itself to protecting the individuals who make up the organization. Or more to the point, educating the individual as consumers about operational security with an eye toward family, finances, and self. Without this focus, breaches will continue and become worse before they become better. While governments try to ensure privacy while protecting the country from outside attack, it behooves the individual to protect their family, finances, and self. Without this security, privacy does not truly exist. In World War II, one catchphrase was “loose lips sink ships.” It is as apropos today as it was back then.
It is that time of year again, when we look to buying gifts online and offline for family, friends, and associates. When holiday cheer imbues us with brotherly love—well, at least most folks feel that way. There is, however, a group of folks waiting for mistakes to be made so they can capitalize on them. Mike Foley is a senior technical marketing manager at VMware, where he focuses on vSphere security. He and I recently discussed how you, as a consumer, can protect your family, money, and self from digital and other thieves.