The very nature of virtualization makes it unique in that it adds a barrier between the traditional hardware and operating system layers. By very definition, virtualization creates an operating environment on the host hardware that allows for complete customization and allocation of resources, regardless of which operating system is installed. It is not uncommon to have several different operating systems reside side by side. In fact, recently even Microsoft opened their proprietary Azure cloud platform to support Linux builds.
The other day I was asked about application whitelisting as a way to deal with endpoint issues in virtual and cloud environments. I never really thought about it in this space, as usually application whitelisting was a technique used to control rogue users who like to install anything and everything on their desktops and laptops. So how does this practice affect virtual and cloud environments, and more importantly, does it make sense? (more…)
Organizations are busy working on creating cloud migration paths for their current applications and data stores, assuming that these systems can easily be ported. What is often overlooked is that most applications weren’t created with the cloud in mind, so expecting them to scale to cloud environments isn’t realistic. Unless you have the team to rewrite these applications for running in virtualized or cloud environments, the movement to a cloud model will need to be done in several steps up a steep learning curve. (more…)
Continuing from Monday’s post, today we look into Platform as a Service, or PaaS. This is one of the lesser known service models as it is sometimes hard to picture the difference between PaaS and Infrastructure as a Service (IaaS). The key difference is really the type of users that typically work on creating the environment within PaaS, this is truly the developer’s domain. (more…)
When firewalls were first designed, their role was to control traffic between network segments and physical hardware. As we move into greater adoption of cloud and virtualized infrastructure, the physical design of the network becomes less dominant, largely due to the collapsing of physical servers into fewer virtualized servers. This means the main source of security control needs to also be adapted as the threats start to move to the individual VMs residing in servers, especially when multi-tenancy is utilized. This means that the logical barriers segregating virtual machines become the concern for firewalls, not just the network around the physical server. So how do you protect the inter-VM traffic when a traditional firewall cannot see traffic beyond the physical NIC card of the server?