Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)

We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

A VDI desktop is no More Secure than a Standard Desktop

Our very own Texiwill hosts a weekly Virtualization Security Round Table podcast. This round table provides an open forum to discuss all things related to Virtualization, Virtual Environment and cloud computing security.  We’ve questioned before the benefits of a virtual desktop infrastructure with respect to security. Is VDI secure? Is VDI inherently more secure than “traditional desktops”? The article Virtual Desktop Security? Are They Secure? considered the VDI vendor claims that there are several big virtual desktop security wins such as

  • Centralized Management
  • Centralized Patching
  • Improved Availability
  • and importantly, data never leaves the data center

The article and the associated Bright talk presentation generated a good deal of interweb discussion, which in turn led to #73 in the Virtualization Security Round Table VDI desktops – are they really secure? The regular podcast team were joined by Simon Crosby (CTO @ Bromium), Tal Klein (Director Technical Marketing @ Citrix ) and Andrew Wood (Analyst @ TVP).

The discussion meandered in a lively fashion to answer the question – can VDI make your environment more secure than standard desktops?

Continue reading A VDI desktop is no More Secure than a Standard Desktop

On Going Conversation: PCI Compliance, Are virtual environments always Mixed-Mode?

On 10/6 was held the Virtualization Security Podcast featuring Davi Ottenheimer in his role as a QSA. Davi holds down many roles working with companies such as VMware, yet he maintains his QSA credentials and applies his knowledge of PCI Compliance. In this podcast we ask the question, is a virtual environment always mixed-mode and what to do if your QSA does not have the knowledge required to do the job? Continue reading On Going Conversation: PCI Compliance, Are virtual environments always Mixed-Mode?

Virtual Desktop Security? Are They Secure?

There has been quite a bit of hype on whether virtual desktops provide more security than traditional desktops. All the marketing literature I have read says that it does improve overall security, but I believe this marketing literature makes several assumptions that are just not true in most organizations, and really do not account for the myriad ways data can be accessed, by limiting our scope to just virtual desktops instead of the full desktop experience we are thereby limiting our thoughts on security. Are virtual desktops more secure? Continue reading Virtual Desktop Security? Are They Secure?

Cloud and Virtualization Security: An After Thought

The October conference schedule is now complete and it was a tough one but very rewarding. The events that happened in October were numerous and overlapping in some cases. Travel was one week here and the next week there, yet we managed to get through it. Of the mass of conferences, I attended IPexpo as a guest and The ExecEvent and Hacker Halted as a speaker. I discovered something very strange – virtualization and cloud security are merely after thoughts. I felt this should have changed by now, but alas this is not the case. Is it that our scope is incorrect, or is it that there is no Return on Investment on security tools, procedures, etc? Continue reading Cloud and Virtualization Security: An After Thought

Life without the Cloud or Reasons to use a Hybrid Cloud

The Virtualization Practice was recently offline for two days, we thank you for coming back to us after this failure. The reason, a simple fibre cut that would have taken the proper people no more than 15 minutes to fix, but we were way down on the list due to the nature of the storm that hit New England and took 3M people off the grid.  Even our backup mechanisms were out of power. While our datacenter had power, the rest of the area in our immediate vicinity did not. So not only were we isolated from reaching any clouds, but we were isolated from being reached from outside our own datacenter. The solution to such isolation is usually remote sites and location of services in other regions of a country, this gets relatively expensive for small and medium business, can the Hybrid Cloud help here? Continue reading Life without the Cloud or Reasons to use a Hybrid Cloud

Application Performance Management – Our New Relic Details

We at The Virtualization Practice, practice what we write about, as such we have been monitoring our systems using many of our sponsors tools. One that has helped quite a bit has been New Relic RPM with its End User and Application Server monitoring capabilities as well as its inherent diagnostics to track through what is the root cause of our performance problems. Since we like to keep our website snappy, we constantly monitor for issues and ways to fix them. As such we are not only looking at the application, but our network and storage environments as well.   New Relic RPM however has surprised us quite a few times in what it can tell us. This is where performance monitoring and virtualization security overlap. Continue reading Application Performance Management – Our New Relic Details