Virtual Desktop Infrastructure: (Remote) Workers of the World Unite!

With the latest announcement of Google Chrome’s remote desktop application, it’s a great time to look at when and where virtual desktop infrastructure (VDI) makes sense.  While there are significant benefits to leveraging VDI, there are still some security risks associated with these implementations.

Continue reading

Why Encryption is Still a Cloud Standard

As we see more and more organizations starting to outsource their data to services such as Amazon and Telco-based cloud environments, there is an increased importance around the security of the actual data that resides in these environments. In some cases, organizations are moving business-critical and privacy sensitive data off-site to take advantage of reduced infrastructure costs, but in some cases, to leverage the security postures of the cloud providers themselves.

Continue reading

Alright, I’ll do it. But do me one last favor, will you. Can you give me two hours? That’s all I ask man, just two hours to sleep before tomorrow. I suspect it’s going to be a very difficult day.

If Cloud adoption from a business perspective was easy, this blog wouldn’t exist.  Nor would the thousands of other tireless folks working on helping advance cloud standards from compliance to security to data and resource integrity.  But when these businesses who do bravely go into the new cloud world, if it’s anything less than perfect, they face criticism from the entire IT community.  Is this why we are seeing a resistance to move to cloud for many organizations?  And what does this mean for the future of the cloud industry?
Continue reading

Well hello Mister Fancypants!

When it comes to security and cloud, it’s no surprise that it’s a headache.  Traditional security tools focused on network and physical device connections as a way to track the flow of information and see the inner workings of the infrastructure.

So what happens when you take the physical devices out of the equation?  What happens then? Continue reading

Yeah. I got the memo. And I understand the policy. And the problem is just that I forgot the one time. And I’ve already taken care of it so it’s not even really a problem anymore.

When you ask a security professional about the biggest security threat they think exists, there is a good chance it will be related to people. After all, no matter what security controls you put in place, it really comes down to human nature as to whether they follow such controls or not. It’s like I always say, “If you don’t give your employees some flexibility, then you might as well hire more security people to deal with the increased workload. So when it comes to fostering an environment of awareness, there are several views on what is the best way to deal with high risk applications such as Dropbox. Continue reading

Well, it’s a wonderful device nonetheless, despite the poorly written instruction manual.

OK, I’ll admit it. I love cloud storage. Not huge, datacentre style stuff, just simple stuff like Dropbox. Why? Well, mostly because it makes keeping things available on all devices a lot easier, and honestly, it makes me way more productive. In fact, it makes employees as a whole way more productive. So why aren’t more organizations touting these solutions? Continue reading

It doesn’t matter what happened. What matters is what looks like what happened and what looks like what happened…is purdy nasty!

On Tuesday at the InfoSecurity Summit in Hong Kong, a very interesting point about cloud came up for discussion. While I’ll be one of the first to say cloud gives organizations of all sizes lots of great benefits and resources they might normally have access to, there is another side to cloud. A much darker, scarier side that is being used by cyber-criminals. Continue reading

Ten percent of nuthin’ is…let me do the math here…nuthin’ into nuthin’…carry the nuthin’…

One of the more recent topics around cloud and security to garner media attention is around the risks associated with inadequate patching policies as they relate to virtual machines. I know most people are thinking “Endpoint? Really? Isn’t that a simple thing to take care of in any environment?”, but the reality is that there are still nuances that are part of virtual and cloud environments that add a layer of complexity that a lot of IT professionals might not think of simply because they haven’t had to think in such terms yet. In particular, the notion of endpoint tagging as it relates to virtual snapshots or moving VMs is one of those instances. Continue reading

Your soul-suckin’ days are over, amigo!

At this year’s RSA conference, Trend Micro announced their new Deep Security 8 antivirus solution. What is revolutionary with this product is that it is the first agentless solution, and designed with virtual environments in mind. So why is this such exciting news for the cloud & virtualization world? Continue reading

It’s 106 miles to Chicago, we’ve got a full tank of gas, half a pack of cigarettes, it’s dark and we’re wearing sunglasses.

With the long weekend looming (well, technically starting today) I thought I would do a nice light post about the state of third party security and virtualization. I still have this debate once and awhile about what is better, vendor integrated solutions such as vShield, or third party solutions from security vendors. So what are the arguments for each side? Continue reading