Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)

We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

Defense in Depth: Know Your Attack Surfaces

VirtualizationSecurityThe 6/28 Virtualization Security Podcast we spoke about attacks, defense in depth, and compliance with Davi Ottenhiemer and Matt Wallace. Davi and Matt just published a book (available on the Virtualization Bookshelf under Security) on how to defend your virtual environment against attack. Unlike other books, this approaches the problem from the point of view of well know attacks. It even gives examples of some of the more interesting attacks against any of the virtual environments, not just VMware vSphere. The discussion eventually found its way to even newer attacks and their impact on the environment. Continue reading Defense in Depth: Know Your Attack Surfaces

Defense in Depth: Storage Security in a Hybrid Cloud

StorageNetworkingStorage Security is not only about Encryption, which is just one aspect of Storage Security requirements for the virtual and cloud environments. It is also about increasing defense in depth and knowledge of what is touching your storage environment. As well as providing security around those touch points and to a great extent auditing and protecting the data residing within the storage devices regardless of where the devices live: within the virtual environment or within a cloud. Traditionally we have the following storage security capabilities:

News: Dell Transforms Virtualization Management with Quest Acquisition

Virtualization.Management.Ecosystem2-150x62On July 2nd 2012, Dell announced that it has entered into a definitive agreement to buy Quest Software. Quest will become part of the Dell Software Group, which is being run by John Swainson, formerly the CEO of CA. In “Dell a Virtualization Management Leader?” posted almost a year ago, we explored how Dell might combine the product assets that it has licensed from DynamicOps (sold by Dell as VIS Creator – see the product review here). The basic idea was the monitoring of the virtualized environment would be combined with the ability of VIS Creator to dynamically provision services so that dynamically provisioned services could be offered with performance and availability assurances. The idea that Dell could bring the entire portfolio of Quest assets to bear fundamentally transforms both the notion of automated service assurance of dynamically provisioned services, and the entire systems management business. Continue reading News: Dell Transforms Virtualization Management with Quest Acquisition

Bromium unveils micro-virtualization trustworthy security vision

VirtualizationSecurityOne year after announcing that he and XenSource co-founder Ian Pratt were leaving Citrix to launch Bromium with former Pheonix Technologies CTO Gaurav Banga; Simon Crosby was back at the GigaOM Structure conference in San Francisco today to unveil Bromium’s micro-virtualization technology together with its plans to transform enterprise endpoint security. Bromium, despite the occasional blog post calling into question the security limitations of current desktop virtualization solutions and despite today’s announcement of the Bromium Microvisor,  has very little to do with desktop virtualization. Desktop virtualization whether it be VDI, or IDV or anything in between, is a management technology, a means of getting an appropriately specified endpoint configuration in front of the user. Bromium has set itself a bigger challenge, one that is applicable to every endpoint and every operating system – the extension of the precepts of trustworthy computing to mainstream operating systems. Continue reading Bromium unveils micro-virtualization trustworthy security vision

Defense in Depth: Firewalls within the Virtual Environment

VirtualizationSecurityThe 6/14 Virtualization Security Podcast we spoke about firewall placement within the virtual environment as well as storage based defense in depth. While we covered Encryption on the 5/31 podcast, in the 6/14 podcast we  covered other measures when dealing with storage (which will be part of a followup post). This conversation was slightly different than all other firewall discussions, as it was about migrating from a physical environment to a virtual environment, and keeping the same firewall placements. Spurred by a customer, we sought to come to a set of guidelines to follow for defense in depth within the virtual as well as physical and hybrid cloud environments. Continue reading Defense in Depth: Firewalls within the Virtual Environment

Defense in Depth: Encryption within the Virtual Environment

VirtualizationSecurityThe 5/31 Virtualization Security Podcast we spoke to High Cloud Security about encryption as a defense in depth, and where to place encryption within the virtual environment. This lead to an intriguing discussion about what is actually missing from current virtual environments when it comes to encryption. We can encrypt within each VM and we can encrypt within the networking fabric, as well as within the drives themselves, but currently that leaves several vulnerabilities and unencrypted locations that can be used as attack points. While we concentrated on vSphere, what we are discussing applies equally to all hypervisors. Continue reading Defense in Depth: Encryption within the Virtual Environment