Security is not compliance and compliance will not get you security. At least that is what I hear from security teams. Conversations with security focal team members from non-security focal people can be quite interesting and has its unique challenges and hurtles to overcome. You can find yourself speaking the same language but not fully understanding each other very well at all. One topic point of discussion is that “security is not compliance and compliance will not get you security.” Or does it? Continue reading Security is not compliance and compliance will not get you security. Or does it?
End User Computing security seems to be in the hands of the users not actually the IT Security department. At least not yet. So what can we do about this? IT security can be draconian and not allow EUC devices into the office, but the users will be up in arms. They use their smart phones, tablets, laptops, and services on their desktops to get their job done. Draconian IT security measures will hamper timely completion of critical projects, deals, and workplace moral, thereby impacting the bottom line. However, the bottom line will be impacted just as heavily by the lack of security by the end user devices. So how can we alleviate this problem? Continue reading Training and More Training for EUC Security
The 3/21 Virtualization Security podcast featured @MrsYisWhy who is a recovering Unix engineer most recently assigned to the network security team of financial services provider. She also hosts a podcast called Healthy Paranoia, a security feed of Packet Pushers. I asked @MrsYisWhy to join the podcast as she is from the other side of the world from virtualization and cloud security folks and has quite a different view. The rent we saw being sewn up is now a vast divide as we jump feet first into Cloud deployments, virtualization business critical workloads, and generally using more and more virtualization and cloud in our daily lives. Continue reading The Growing Divide between Security and Virtualization (Cloud)
Just entered my mailbox, there is a new rev of the vSphere 5.1 hardening guide which was spoken about on the last Virtualization Security Podcast. This version of the hardening guide adds a much needed new feature: Profiles. Profiles define the level of security requirements based on small and medium business, enterprises, and government agencies. There is a public review for the guide over the next two weeks, so if you want to comment or read the latest draft of the vSphere hardening guide please visit http://communities.vmware.com/docs/DOC-22783. Continue reading News: Public Comment for VMware Hardening Guide
VMware has added some significant meat to the bones of its Software Defined Data Center Strategy with the announcement of the VMware NSX Network Virtualization Platform. NSX represents the combination of the previous VMware network virtualization technology (VXLAN) with the technology that came from the acquisition of Nicira. Continue reading VMware Fleshes Out SDN Strategy with NSX
The 3/7 Virtualization Security Podcast featured Andi Mann, VP of Strategic Solutions at CA Technologies, and RSA Conference. The conversation was lively and I invited Andi Mann due to a previous day tweet chat about cloud security. Lately, I have had several serendipitous conversations on cloud security from TweetChat, to in face discussions with @Qthrul, and meeting @MrsYisWhy in person. Each conversation has been about Cloud or Virtualization security in some form. Let me delve into them a bit more. Continue reading Cloud Conversations: Tweetchat and Serendipity