So it’s Tuesday, and keeping in our theme of “Compliance: things that keep me up at night”, I am happy to highlight a great company that sadly not a lot of people outside us die-hard virtualization security fans know about, Catbird Networks. When it comes to compliance, Catbird is a pretty good place to start, and makes it really quite easy to get an ongoing idea of where your environment stands as it relates to compliance requirements. This is important, because the earlier you can start to see how your environment is shaping up in meeting compliance requirements, the easier it is down the road to ensure that as new systems are deployed, they don’t negatively affect your compliance posture. Continue reading
Cloud Infrastructure Design
Oooh right, it’s actually quite a funny story once you get past all the tragic elements and the over-riding sense of doom.
One of the biggest questions on the minds of security folks when they start to add virtual components to their environments is “How do I even know where I stand as it relates to compliance?”. It’s a great question, as cloud and virtualization, until now, have blissfully been ignored from a compliance requirement. Until now that is, as PCI-DSS got a refresh back in November of 2010 that does include lots of verbiage around the requirements of securing virtual environments in order to meet the benchmarks of PCI. I want to spend some time this week addressing compliance and how virtualization fits in, primarily as it relates to PCI because of the familiarity with what PCI aims to accomplish, but also some of the tools and resources available. So today I want to highlight the key areas affected by PCI and what exactly is required to start down the road to full compliance. Continue reading
It Might Help to Beef up Security Around The W.O.P.R.
It’s Thursday, and keeping up with this week’s theme, we are climbing further up the service model stack and looking at Software as a Service. I’ve already covered some of the key security issues with using a cloud service, but SaaS is a little bit different. So grab a coffee, and learn about the favorite service of organizations which also happens to be one of the favorite models for hackers. Continue reading
Normality? We can talk about normality until the cows come home.
Continuing from Monday’s post, today we look into Platform as a Service, or PaaS. This is one of the lesser known service models as it is sometimes hard to picture the difference between PaaS and Infrastructure as a Service (IaaS). The key difference is really the type of users that typically work on creating the environment within PaaS, this is truly the developer’s domain. Continue reading
If there’s anything around here more important than my ego, I want it caught and shot now!
This week I decided to take a step back and dedicate the entire week (with the exception of my Technology Tuesday post) to highlighting the latest and greatest in each of the different cloud service models, starting with today’s post dedicated to Infrastructure as a Service or IaaS. Throughout the week I will be exploring aside from IaaS, Platform as a Service (PaaS), Software as a Service (SaaS) and Desktop as a Service (DaaS).
So let’s just right in, shall we? Today we look at the bottom level of our service model, Infrastructure as a Service, or IaaS as it’s usually called. Continue reading
All right, look, there’s only one “Return,” okay, and it ain’t “of the King,” it’s “of the Jedi.”
Continuing from yesterday’s post about disaster recovery (DR), today I want to highlight some of the types of DR services that are available and some of the benefits and drawbacks of each service. So without further ado, Allons-y! Continue reading
It must be Thursday. I never could get the hang of Thursdays.
One of the most frustrating things for me personally is the hype that surrounds cloud and the way it overshadows the true benefits and issues of a cloud model. I am sure I am not the only one who is greeted with so much eye rolling when I mention the word cloud that it feels like I stepped into bad movie about exorcism.
But that doesn’t mean that no one cares about cloud, I wouldn’t have a blog if that were true. Disaster Recovery is a perfect example of where people start to listen to talk about cloud models, after all, if you subscribe to only one cloud-based service, there is a good chance its a DR one. Disaster Recovery is one of those services that highlights the reasons that cloud isn’t going anywhere, but it also puts the complicated learning curve of cloud in the spotlight. Continue reading
I Shouldn’t Have Written All Of Those Tank Programs
When firewalls were first designed, their role was to control traffic between network segments and physical hardware. As we move into greater adoption of cloud and virtualized infrastructure, the physical design of the network becomes less dominant, largely due to the collapsing of physical servers into fewer virtualized servers. This means the main source of security control needs to also be adapted as the threats start to move to the individual VMs residing in servers, especially when multi-tenancy is utilized. This means that the logical barriers segregating virtual machines become the concern for firewalls, not just the network around the physical server. So how do you protect the inter-VM traffic when a traditional firewall cannot see traffic beyond the physical NIC card of the server?
It’s In That Place I Put That Thing That Time
If you’ve been on any cloud or virtualization site lately, you’ve probably seen the picture of a bright yellow elephant staring you down. The Hadoop elephant to be precise. Apache’s Hadoop is considered to be one of the most important technologies in the transition to large scale cloud environments. In fact, Yahoo! has been the largest contributor to Hadoop and uses it across their entire organization, as does Facebook. So here is a brief introduction to this large-scale software framework. Continue reading