After the Apollo 1 disaster, astronaut Frank Borman told Congress that the tragedy had not been caused by any one company or organization, but by the entirety of all those involved with the Mercury, Gemini, and Apollo missions. The problem had been a failure of imagination. They knew that at some point there would be a fire in a space capsule. However, they assumed it would take place in space somewhere. They just did not think about the possibility of fire while the capsule was still on earth. We call this failure of imagination “unknown unknowns” within the security world, but it boils down to the same thing. We just do not think about some things. Even with all the tools out there to help us, we have failures of imagination.
Security focuses on end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds, the SDDC, and the secure hybrid cloud. Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)
As part of Security, we follow the user through the virtual and cloud stacks until they reach the application they wish to use for retrieving the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application, while maintaining strict control of management interfaces. As such, we explore all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.
In the new year, security is going to move from the organization itself to protecting the individuals who make up the organization. Or more to the point, educating the individual as consumers about operational security with an eye toward family, finances, and self. Without this focus, breaches will continue and become worse before they become better. While governments try to ensure privacy while protecting the country from outside attack, it behooves the individual to protect their family, finances, and self. Without this security, privacy does not truly exist. In World War II, one catchphrase was “loose lips sink ships.” It is as apropos today as it was back then.
It is that time of year again, when we look to buying gifts online and offline for family, friends, and associates. When holiday cheer imbues us with brotherly love—well, at least most folks feel that way. There is, however, a group of folks waiting for mistakes to be made so they can capitalize on them. Mike Foley is a senior technical marketing manager at VMware, where he focuses on vSphere security. He and I recently discussed how you, as a consumer, can protect your family, money, and self from digital and other thieves.
For the last eighteen months, VMware has been pushing NSX as the third pillar of its software-defined data center (SDDC). NSX has three big selling points that VMware promotes: taking control of the network, automation and orchestration, and microsegmentation. The first two are standard SDDC fare: first, pull the function into software, abstract where necessary, and orchestrate to bring operational advantage; second, break down silos and allow a more agile approach. But the last, microsegmentation, is a good place to focus for a moment.
Dell has announced it will spin off its SecureWorks product portfolio. SecureWorks is very late to the cloud and virtualization security market, and it may never get there. EMC RSA ignored the cloud and virtualization security market and now is struggling to find a footing in the larger IoT market. VCE has no security reference architecture other than a growing list of products. When everyone is hailing Dell plus EMC as one of the largest mergers (which it is), how is security going to play as a part of the combined portfolio?
In this ever-changing world of IT, the legacy of today was once the future of yesterday: namely, hypervisors. Hypervisors are now considered legacy, even though they are seriously underutilized due to issues with fear, uncertainty, and doubt around using these resources to their fullest. The new technology is containers. However, where are the operational tools to support containers? Where are the procedures? Where are the developers who understand distributed systems? We are moving toward containers at lightning speed without answers to those questions and many more. To move to containers today, we need a strategy.