Security focuses on end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds, the SDDC, and the secure hybrid cloud. Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)

As part of Security, we follow the user through the virtual and cloud stacks until they reach the application they wish to use for retrieving the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application, while maintaining strict control of management interfaces. As such, we explore all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

You too Can Prevent Ransomware!

Ransomware is a major concern these days. In many cases, it is a nightmare once it hits, and not just for desktops, but also for servers. Think about it: how would your brand-new analytics package fare if all of the disk data were encrypted by ransomware? Desktops may be the way in, but the deeper into the environment the attacker gets, the more valuable the data. This is where data protection comes to the fore: not just disaster recovery or business continuity, but protection of archival data. We need all of these to survive the latest ransomware attacks by attackers who never send you working decryption keys even if you pay. Preventing a ransomware attack is one thing. Dealing with the aftermath of an attack is another. Prevention and incident response are crucial.

Read More

Cloud Providers Still Claiming DaaS Immune to Malware

When VDI and DaaS were first introduced, many claims were made for their superiority over distributed desktops. They were cheaper, faster, more secure, easier to manage, etc. At the time, with few exceptions, these claims were no more than fantasy. Over the last few years, though, sufficient improvements in the core platforms and underlying infrastructure have brought some truth to most of these claims. Management tools have improved beyond measure. High-performance converged infrastructure appliances can deliver performance as good as or better than even that of the fastest desktops, and they do so at a cost that is less than that of a managed, enterprise-class desktop PC.

Read More

Secure Agile Cloud Development: Metrics

Secure Agile Cloud Development takes Agile and DevOps to the next level. It is about code quality, based not just on what the developers test, but also on the application of continuous testing and on dynamic and static code analysis. Most importantly, it is about a repeatable and trackable process by which we can make code quality assessments. We can find out the “who did what, when, where, how, and why” of our code. It is a useful tool in incident response. Imagine a world in which our production environments are run entirely by code.

Read More

Continuous Integration, Deployment, and Testing

I recently gave a Bright Talk session on adding security to the Agile Cloud/DevOps Development cycle. Part of this discussion addressed adding security testing as part of the process before, during, and even after continuous deployment. In other words, if we continually deploy, we must continually test. Our testing needs to be in the multi-minded parallel process we use for modern development, not the single-minded pipeline acceptable to most DevOps or agile processes. In the past, a team of people would test, each working independently to improve our software. We need similar capabilities within our automated processes. How do we achieve this? How do we add automated, continual testing? And where can we add this to our process or pipeline?

Read More

Serverless: Business Plan or an Approach to Technology?

In a recent Twitter conversation, I asked if serverless is anything new, and if so, where are the documents expressing what is new about it. I was asked in reply if I needed a document to understand the difference between Uber and taxicabs. That got me wondering: is the serverless movement a business plan, or is it an approach to technology? If it is a business plan, then it is about how to make money; if it is an approach to technology, it is about architecture. It could also be a combination of the two. Serverless is also known as servicefull. But before we delve further, let us consider the difference between Uber and taxis.

Read More