Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)

We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

Ready or Not, Hybrid Cloud Is Here

CloudComputingEveryone uses the cloud. It is a plain, simple fact that everyone uses at least one consumer cloud and that those consumer clouds (iCloud, Google, Dropbox, etc.) translate into cloud usage within the workplace. The workforce likes to get its job done, and part of doing that is using the tools they know, regardless of how IT feels about everything. In the past, IT would block access to those consumer-grade tools with the mistaken thought that they were not secure, that data was leaking, or that they were just plain bad to use. That is not the opinion of the workforce. IT did not substitute anything in place of those tools, so in many cases, IT became marginalized, shadow IT propagated, and we are now behind the eight ball when it comes to having a solid plan on how to handle the cloud tools. Because the workforce uses these Software as a Service (SaaS) tools, we are working within the world of the hybrid cloud. Continue reading Ready or Not, Hybrid Cloud Is Here

Fewer Than 90 Days to Security Vulnerability

ApplicationVirtualizationWhat is the significance of July 14, 2015? It is the end of extended support date for Windows Server 2003. This date is approaching faster than many administrators care to acknowledge, and the reality is that Windows Server 2003 just won’t be a viable operating system for production environments after that date.

Continue reading Fewer Than 90 Days to Security Vulnerability

Virtualization & Cloud Security Ep 1

VirtualizationSecurityWe are trying out a new format for the Virtualization & Cloud Security Podcast: video. We’ll post it up on YouTube as well as posting it via Talkshoe and iTunes. In this episode, Mike Foley (@mikefoley) of VMware Technical Marketing joins me to discuss IoT security, the RSA Conference, and hardening guides. We have spoken about the last item quite a few times and featured the RSA Conference on a previous podcast as well. IoT security is now something very interesting.

Continue reading Virtualization & Cloud Security Ep 1

GPUs, Big Data, Security, and the IoT

VirtualizationSecurityAt the GPU Technology Conference, NVIDIA CEO Jen-Hsun Huang and Tesla CEO Elon Musk talked about the security of a car. Musk stated that physical access is still required to hack most vehicles and that critical systems such as brakes and steering are segregated from the control display. This got me thinking about the security of the next generation of Internet of Things (IoT) devices.

Continue reading GPUs, Big Data, Security, and the IoT

SDN: Sadly Defined Network

Network VirtualizationIn virtual and cloud environments, network traffic often flows into a virtualization, then back out, forwarded to another device, usually security, before it re-enters the virtual environment. I call this a “sadly defined network,” not software-defined. Many of my colleagues claim that this is not true. They say that an SDN keeps east-west traffic within the hypervisor and that north-south would not need to do this. I disagree. This will happen when bad design is implemented in virtual and physical security. “Ah!” some will say, “this is solved by micro-segmentation,” but that is not always true, either.  Continue reading SDN: Sadly Defined Network