Security

Security focuses on end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds, the SDDC, and the secure hybrid cloud. Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)

As part of Security, we follow the user through the virtual and cloud stacks until they reach the application they wish to use for retrieving the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application, while maintaining strict control of management interfaces. As such, we explore all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

VirtualizationSecurity

VMware Solves Delegate User Problem

VirtualizationSecurity

I have spoken and written quite a bit on the delegate user problem facing cloud and virtual environments. It is a growing problem, as we delegate actions from logged-in users to service accounts to implement changes on our systems. Any system, for example, that proxies administrative requests suffers from the delegate user problem. In essence, when we go to determine who did what, when, where, and how, forensics leads us to a delegate user or service account. We do not know beyond a shadow of a doubt who the user really was. We can correlate multiple log files, and based on time we may be able to come up with a set of users who could have done the deed. However, unless only one user was involved, we just end up with a set of users. Those sets of users, themselves, can be other service accounts—other delegate users, abstracting the real user.

Read More

CloudComputing

IT Transformation: Architecture Includes Security

CloudComputing

I recently had a number of consulting conversations about IT transformation and adding new Security as a Service products to companies’ existing clouds and tenancies. This is the beginning of IT transformation in many cases. A company has realized it needs to provide security to its tenants while using clouds more securely at the same time. This is a hybrid cloud. The company provides a cloud, yet uses tools from Box, Salesforce, Google, Microsoft, and the like. So, where do we start with IT transformation? With architecture that includes security.

Read More

CloudComputing

Ready or Not, Hybrid Cloud Is Here

CloudComputing

Everyone uses the cloud. It is a plain, simple fact that everyone uses at least one consumer cloud and that those consumer clouds (iCloud, Google, Dropbox, etc.) translate into cloud usage within the workplace. The workforce likes to get its job done, and part of doing that is using the tools they know, regardless of how IT feels about everything. In the past, IT would block access to those consumer-grade tools with the mistaken thought that they were not secure, that data was leaking, or that they were just plain bad to use. That is not the opinion of the workforce. IT did not substitute anything in place of those tools, so in many cases, IT became marginalized, shadow IT propagated, and we are now behind the eight ball when it comes to having a solid plan on how to handle the cloud tools. Because the workforce uses these Software as a Service (SaaS) tools, we are working within the world of the hybrid cloud.

Read More

VirtualizationSecurity

VENOM — The Hype Continues

VirtualizationSecurity

Since the early days of virtualization, people have theorized about the capability of an “escape the VM” type of attack. This is a hacker’s nirvana: to take over a running virtual guest and use it as a base from which to attack the underlying virtual host.

Read More