Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)

We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

SaaS Auditing: Knowing who did what

CloudComputingWe opened this years virtualization security podcast with Phil Cox, the “Security Guy” at Rightscale, who is working through a tangled problem to meet compliance and auditing goals within the cloud. Rightscale is a 100% cloud based company delivering a solution that is also SaaS based. As such they often run directly into SaaS related issues. Rightscale has been running into a problem with the simplest of auditing requirements: how to know when someone has logged in. This problem spans nearly all their 100s of SaaS providers used to run their business. Continue reading SaaS Auditing: Knowing who did what

Virtualizing Business Critical Applications – Security and Compliance

VirtualizationSecurityVirtualizing Business Critical Applications is often stopped either by the sudden involvement of security and compliance, a need to better understand, or a need to gain visibility into the underlying security of the virtual environment in order to build new security and compliance models. As we have commented on the Virtualization Security podcast many times, security and compliance teams need to be involved from the beginning. However, this is not a discussion about involvement but about the tools that will help security and compliance to gain the necessary visibility into the security of their virtual environments and therefore allow for the virtualizing of business critical applications. Continue reading Virtualizing Business Critical Applications – Security and Compliance

Cloud Security: On Moats

VirtualizationSecurityAfter a recent snowstorm, and due to pending work on our generator, I had to dig out paths to the generator, the propane tank, etc. We normally dig out a few paths for moving wood around our yard, access to oil, the driveway, etc. But when we finished, we dug a moat around our entire house. This got me thinking about cloud security. The ongoing desire to put moats between us and the attackers. But what is us, in the cloud? Can we prevent the attacks? What are the current moat style technologies in play today? Continue reading Cloud Security: On Moats

End User Computing: Using just a Tablet

DesktopVirtualizationRecently I have been trying to lighten my conference going load. To do that, I have been thinking about ways to do without my laptop and all the accessories for it, which got me thinking about what it takes to completely use such a device; to fully embrace the next generation of end-user computing using gesture computing and smaller devices. Other than the technical hurdles, there are also training hurdles as full tablet computing, today, has some serious limitations with respect to security, functionality, and in some ways capability.  So how does one embrace tablet computing as their next-gen end user computing?

Continue reading End User Computing: Using just a Tablet

Cloud API: In-Security?

VirtualizationSecurityThe 12/13 Virtualization Security Podcast featured George Reese, CTO on enStratus, as our guest panelist. We discussed Cloud API security or more to the point the lack of real cloud API security. To paraphrase George: Some got it, others do not. So what makes up a good cloud API? how can we fix broken cloud APIs? Continue reading Cloud API: In-Security?