In virtual and cloud environments, network traffic often flows into a virtualization, then back out, forwarded to another device, usually security, before it re-enters the virtual environment. I call this a “sadly defined network,” not software-defined. Many of my colleagues claim that this is not true. They say that an SDN keeps east-west traffic within the hypervisor and that north-south would not need to do this. I disagree. This will happen when bad design is implemented in virtual and physical security. “Ah!” some will say, “this is solved by micro-segmentation,” but that is not always true, either.
Security focuses on end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds, the SDDC, and the secure hybrid cloud. Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)
As part of Security, we follow the user through the virtual and cloud stacks until they reach the application they wish to use for retrieving the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application, while maintaining strict control of management interfaces. As such, we explore all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.
There is a growing movement to abstract hardware completely away, as we have discussed previously. Docker with SocketPlane and other application virtualization technologies are abstracting hardware away from the developer. Or are they? The hardware is not an issue, that is, until it becomes one. Virtualization may require specific versions of hardware, but these are commonplace components. Advanced security requires other bits of hardware, and those are uncommon; many servers do not ship with some of this necessary hardware. Older hardware may not deliver the chipset features needed to do security well. This doesn’t mean it can’t be done, but the overhead is greater. Hardware is dead to some, but not to others. This dichotomy drives decisions when buying systems for clouds or other virtual environments of any size. The hardware does not matter, until it does!
No, this is not an article about changing jobs or anything like that. This is an article about the changing directions we have been seeing within the community and companies surrounding cloud and virtualization: a change that signals a new round of innovation and a fundamental shift in thinking. Before, we thought of cloud + virtualization as the bees’ knees. We now realize that cloud + virtualization is just the starting point. Virtualization can safely be ignored within the confines of the cloud.
With the number of mobile devices in use now surpassing that of desktops worldwide, the application virtualization requirements of business mobile users continues to grow exponentially. Whether these users access their business apps from a smartphone, tablet, or—the latest buzzword—“phablet,” their common denominator is their demand for more and better business applications on the go.
If you’ve ever engaged the services of a penetration testing company, you know they’re not cheap. In fact, it’s not unusual to feel you’ve been slapped, thrown in a bag, and hung up to dry. These types of costs can be absorbed by larger companies and enterprises, but not smaller ones, which lack the budgets to take that kind of hit.
I have written many times about hybrid cloud security, but there’s a fundamental security requirement that happens as you access the hybrid cloud. In our previous back to basics article we wrote about the need for situational awareness. We’re going to expand on that topic some more. The real success to hybrid cloud security is understanding how the users access the hybrid cloud: where they access it from, why they access it, and what is accessed or used. From a security standpoint, it starts with one organizational item: people.