Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)

We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

When to use a Virtual Firewall

The 2/9 Virtualization Security Podcast held a discussion on when would one use a virtual firewall. This was in response to being told that there are some people that would never use a virtual firewall for anything, and that got me thinking. Outside of the politics involved with using virtual vs physical firewalls, when would you use one? What are the cut offs, and best practices around using virtual firewalls. We were joined by Rob Randell of VMware to discuss this point. Continue reading When to use a Virtual Firewall

Virtualization Security is NOT Cloud Security!

I and others look at Virtualization Security constructs with an eye towards Cloud Security, but they are not necessarily the same. Granted for some clouds, virtualization security can lead to cloud security but this really depends on how the cloud’s architecture. Even so, what we know from Virtualization Security WILL apply to Cloud Security and will be the basis for best practices. But you say, my cloud does not use Virtualizaiton? Ah ha, I say, but it is still a cloud? And that implies there are similar security concerns. This was the discussion on the 1/26 Virtualization Security Podcast. Continue reading Virtualization Security is NOT Cloud Security!

Cloud Security: Is it all Jurisdictional and Audit Issues?

When you read many blogs and articles on cloud security, writers such as myself often mention jurisdictional issues as a big problem.  Nor is the ability to Audit clouds the only problem. Yet both of these are huge issues for clouds today, but fundamentally, is the cloud flawed from a security point of view or are there plenty of security mechanisms available? Continue reading Cloud Security: Is it all Jurisdictional and Audit Issues?

The SOPA and PIPA Kerfluffle

Much of the internet seems to be up in arms over the potential for a new piece of legislation designed to help US law enforcement authorities fight online piracy. In protest of this potential legislation, some sites (Wikepedia) went completely dark yesterday, and some (Google) demonstrated conspicuous concerns over the prospect of censorship by the government (with the Google logo obscured by a big black box). So what is all of the fuss about, and should we who are concerned about virtualization and cloud computing care? Continue reading The SOPA and PIPA Kerfluffle

Virtualization & Cloud Security: More Process Than Tools?

I was discussing yesterday how to use virtualization and cloud performance management tools as an early warning system for security issues. I have touched on use of New Relic, VMware vFabric APM, Quest vFoglight, and other tools that can make up such a early warning system before, but without the proper process in place, the tools will not be good enough. Continue reading Virtualization & Cloud Security: More Process Than Tools?

Cloud: More Secure Than You Think?

At the end of last year and the beginning of this year the  Virtualization Security Podcast featured two very different guest panelists to discuss cloud security, policy, and compliance: Phil Cox, Director of Security and Compliance at RightScale, joined us for the last podcast in 2011 and the George Gerchow of VMware’s Policy and Compliance Group, joined us for the first podcast of 2012.  We asked is the public cloud ready for mission critical applications. The answer was surprising. Have a listen and let us know your thoughts. Continue reading Cloud: More Secure Than You Think?