One of the biggest questions on the minds of security folks when they start to add virtual components to their environments is “How do I even know where I stand as it relates to compliance?”. It’s a great question, as cloud and virtualization, until now, have blissfully been ignored from a compliance requirement. Until now that is, as PCI-DSS got a refresh back in November of 2010 that does include lots of verbiage around the requirements of securing virtual environments in order to meet the benchmarks of PCI. I want to spend some time this week addressing compliance and how virtualization fits in, primarily as it relates to PCI because of the familiarity with what PCI aims to accomplish, but also some of the tools and resources available. So today I want to highlight the key areas affected by PCI and what exactly is required to start down the road to full compliance. Continue reading
Continuing from Monday’s post, today we look into Platform as a Service, or PaaS. This is one of the lesser known service models as it is sometimes hard to picture the difference between PaaS and Infrastructure as a Service (IaaS). The key difference is really the type of users that typically work on creating the environment within PaaS, this is truly the developer’s domain. Continue reading
Continuing from yesterday’s post about disaster recovery (DR), today I want to highlight some of the types of DR services that are available and some of the benefits and drawbacks of each service. So without further ado, Allons-y! Continue reading
When firewalls were first designed, their role was to control traffic between network segments and physical hardware. As we move into greater adoption of cloud and virtualized infrastructure, the physical design of the network becomes less dominant, largely due to the collapsing of physical servers into fewer virtualized servers. This means the main source of security control needs to also be adapted as the threats start to move to the individual VMs residing in servers, especially when multi-tenancy is utilized. This means that the logical barriers segregating virtual machines become the concern for firewalls, not just the network around the physical server. So how do you protect the inter-VM traffic when a traditional firewall cannot see traffic beyond the physical NIC card of the server?
If you’ve been on any cloud or virtualization site lately, you’ve probably seen the picture of a bright yellow elephant staring you down. The Hadoop elephant to be precise. Apache’s Hadoop is considered to be one of the most important technologies in the transition to large scale cloud environments. In fact, Yahoo! has been the largest contributor to Hadoop and uses it across their entire organization, as does Facebook. So here is a brief introduction to this large-scale software framework. Continue reading