There are two distinct points of view when discussing cloud security: the tenant’s point of view, and the cloud service provider’s point of view. Both of these points of view are legitimate, but often one is confused for the other, as we discuss our points of view without really clarifying. However, within each of these points of view are two distinctly different approaches to cloud security.
The recent spate of news out of Home Depot and, further back, Target point to the need for better supply chain security. But really, how can we address the issue? There are several answers, but none of them seem feasible in today’s IT environments. Why? They all require open communication, constructive criticism, and willingness to work toward a solution. However, what we find is that many IT organizations feel that anyone outside their immediate organization is suspect, security is the enemy, audit is also their enemy, and developers know all. Continue reading Supply Chain Security
In my last article, EUC Use Cases: Secure Hybrid Cloud, we looked at how the user could be getting to our data. By doing this, we can place security at the union of data and the user, wherever the data resides and however the user gets there. Yet, we cannot forget where the data is presented. In order to present data, data is copied from its repository to some other device. Now, in the case of virtual desktops, that data is copied as graphical constructs derived from the data; for file servers, the data presented is a raw form of the data. So, to secure everything from end to end, what do we really need? Continue reading EUC Use Cases: What Do We Need?
Whenever I talk to security vendors and others about where security is going, or more to the point, should go, I draw out a use case I have developed over the years. It has grown and changed as the concept of the secure hybrid cloud has developed and expanded. The example I use demonstrates the need for policy not only to cover the data and systems, but also to follow the user as they access the data. The entry point to any secure hybrid cloud is the user. Where that user goes tells us how they touch and access data. We may want a security context around the data, but how that context should react depends on how, from where, with what, when, and hopefully why the data is accessed. Continue reading EUC Use Cases: Secure Hybrid Cloud
At VMworld 2014, VMware announced its easy-to-install OpenStack distribution, VMware Integrated OpenStack. This got me thinking, as normally OpenStack refers not just to the OpenStack distribution but to a specific underlying hypervisor as well, usually KVM. However, we know that OpenStack works equally well on KVM, vSphere, Hyper-V, and Xen, as it is more of a cloud management layer than a hypervisor. We should probably never lose sight of that little aspect of OpenStack: it is not a hypervisor. As an open-source management stack, it is possible for it to manage cross-hypervisor with a few modifications to its components.
If you’re reading this article, there’s a good chance that you own a smartphone and maybe a tablet or two and that you use ActiveSync to retrieve your corporate email through your personal devices. But did you know that both you and your Exchange administrator have the ability to remote wipe not only your email but your entire device? Continue reading Why Virtualized Email Is Safer than ActiveSync Email on Your Personal Devices