If Cloud adoption from a business perspective was easy, this blog wouldn’t exist. Nor would the thousands of other tireless folks working on helping advance cloud standards from compliance to security to data and resource integrity. But when these businesses who do bravely go into the new cloud world, if it’s anything less than perfect, they face criticism from the entire IT community. Is this why we are seeing a resistance to move to cloud for many organizations? And what does this mean for the future of the cloud industry?
When it comes to security and cloud, it’s no surprise that it’s a headache. Traditional security tools focused on network and physical device connections as a way to track the flow of information and see the inner workings of the infrastructure.
So what happens when you take the physical devices out of the equation? What happens then? Continue reading
As someone who spends a lot of time perusing both Reddit and the now sadly defunct Google Reader (RIP!), I’m not personally surprised to start seeing a lot of discussions around whether corporations who outsource cloud storage or other services to third parties should be worried about privacy risks.
For example, an article this morning from the folks over at ZD brings up some great points about both the pros and cons about the great cloud race and how it could ultimately affect how data ownership is perceived. Continue reading
It’s rare that I get excited about solutions. Yeah, we can say it’s the geeky side of me that can appreciate how good technology operates, but there are very few things that I come across that I think have a huge potential to change (read: simplify) next generation network visibility. Meet Centerity Monitor, a next generation tool to give you visibility into all types of environments. Continue reading
As someone who is a huge fan of cloud-storage as a way to access files across multiple devices, it’s always been a tricky conversation knowing that these types of services are also a huge back-door from a security perspective. Cloud-storage services like iCloud and Dropbox fill a need in the marketplace and are a great tool for sharing files across multiple devices, but since they leverage cloud storage, aren’t very secure and pose a huge DLP risk for corporations. So I was a little skeptical when I came across a new solution called Polkast, but I think it is exactly the type of solution that might address the security aspect of the conversation. Continue reading
Yes, before you start to wonder what ever happened with Tinder Stratus, I’ve been enjoying some well-deserved downtime. I’m going to be cutting down the blog to write as much as I can, but as cloud starts to ramp up in Canada, I am going to be working on a few other side projects. It’s been awhile since I’ve posted, and since it’s Tuesday, I am happy to get back into the swing of things with a quick update from a security company that I first came across years ago, and are still creating some great solutions, especially now for the virtualization space.
Tripwire’s ConfigCheck is a great (and free!) utility that helps organizations get a quick picture of how secure their VMware ESX 3.0/3.5 hypervisor is by measuring it against the VMware Infrastructure 3 Security Hardening guidelines. While there are some other tools that do similar types of verification, I like that Tripwire not only identifies the vulnerabilities, but since it was designed from the ground up with VMware, it provides the steps towards full remediation of the vulnerabililities.
But why is something like this so critical? Well, as organizations struggle to identify security deficiencies within their virtual environments, tools like this make it a lot easier by giving a standard baseline for which to start. While it’s not a replacement for having experienced security folks, it’s a great solution for midmarket or other organizations who don’t have such luxury.
Aside from discovering vulnerabilities, ConfigCheck helps organizations deploy virtualization in a manner that is safe and secure, increase the security posture of the entire organization, reduce configuration drift and easily implement security and compliance best practices. It’s a cheat sheet if you will, to help identify and manage vulnerabilities in your virtual environment.
When you ask a security professional about the biggest security threat they think exists, there is a good chance it will be related to people. After all, no matter what security controls you put in place, it really comes down to human nature as to whether they follow such controls or not. It’s like I always say, “If you don’t give your employees some flexibility, then you might as well hire more security people to deal with the increased workload. So when it comes to fostering an environment of awareness, there are several views on what is the best way to deal with high risk applications such as Dropbox. Continue reading