With the latest announcement of Google Chrome’s remote desktop application, it’s a great time to look at when and where virtual desktop infrastructure (VDI) makes sense. While there are significant benefits to leveraging VDI, there are still some security risks associated with these implementations.
As we see more and more organizations starting to outsource their data to services such as Amazon and Telco-based cloud environments, there is an increased importance around the security of the actual data that resides in these environments. In some cases, organizations are moving business-critical and privacy sensitive data off-site to take advantage of reduced infrastructure costs, but in some cases, to leverage the security postures of the cloud providers themselves.
Yes, before you start to wonder what ever happened with Tinder Stratus, I’ve been enjoying some well-deserved downtime. I’m going to be cutting down the blog to write as much as I can, but as cloud starts to ramp up in Canada, I am going to be working on a few other side projects. It’s been awhile since I’ve posted, and since it’s Tuesday, I am happy to get back into the swing of things with a quick update from a security company that I first came across years ago, and are still creating some great solutions, especially now for the virtualization space.
Tripwire’s ConfigCheck is a great (and free!) utility that helps organizations get a quick picture of how secure their VMware ESX 3.0/3.5 hypervisor is by measuring it against the VMware Infrastructure 3 Security Hardening guidelines. While there are some other tools that do similar types of verification, I like that Tripwire not only identifies the vulnerabilities, but since it was designed from the ground up with VMware, it provides the steps towards full remediation of the vulnerabililities.
But why is something like this so critical? Well, as organizations struggle to identify security deficiencies within their virtual environments, tools like this make it a lot easier by giving a standard baseline for which to start. While it’s not a replacement for having experienced security folks, it’s a great solution for midmarket or other organizations who don’t have such luxury.
Aside from discovering vulnerabilities, ConfigCheck helps organizations deploy virtualization in a manner that is safe and secure, increase the security posture of the entire organization, reduce configuration drift and easily implement security and compliance best practices. It’s a cheat sheet if you will, to help identify and manage vulnerabilities in your virtual environment.
One of the more recent topics around cloud and security to garner media attention is around the risks associated with inadequate patching policies as they relate to virtual machines. I know most people are thinking “Endpoint? Really? Isn’t that a simple thing to take care of in any environment?”, but the reality is that there are still nuances that are part of virtual and cloud environments that add a layer of complexity that a lot of IT professionals might not think of simply because they haven’t had to think in such terms yet. In particular, the notion of endpoint tagging as it relates to virtual snapshots or moving VMs is one of those instances. Continue reading
At this year’s RSA conference, Trend Micro announced their new Deep Security 8 antivirus solution. What is revolutionary with this product is that it is the first agentless solution, and designed with virtual environments in mind. So why is this such exciting news for the cloud & virtualization world? Continue reading
With the long weekend looming (well, technically starting today) I thought I would do a nice light post about the state of third party security and virtualization. I still have this debate once and awhile about what is better, vendor integrated solutions such as vShield, or third party solutions from security vendors. So what are the arguments for each side? Continue reading
It may come as no surprise that I read a lot about cloud and security. I mean A LOT. My Twitter feeds are rammed with representation from all things cloud. As Martha Stewart would say, “It’s a good thing.”. So when I’m not doing my day job, I’m busy writing this daily blog, writing for another awesome Canadian blog, http://cloudbestpractices.net, some vendor sites, and writing whitepapers for various conferences, doing research with the Cloud Security Alliance and the like. I do this so that I can help educate the market, particularly the Canadian market, on cloud. Continue reading
It’s been awhile since I’ve written about security, but last week I came across a really great (but frightening) example of how security is affected with virtual environments. An organization who was running a virtual environment suddenly lost access to their entire infrastructure. It wasn’t a result of a badly configured virtual environment, it was arguably one of the first examples that I have come across of an attack against a virtual environment. I don’t know if it was intentional, but it’s a very interesting story of just how the threat landscape is adapting.
Essentially what happened was that the Windows server their virtual environment was running on had suffered a malware infection. The worst thing was that it was a known exploit, but hadn’t been patched. What the exploit did was cause the server to hit the network stack with enough traffic to cause a DDoS attack against the management console. This brought not just everything down, but rendered the environment unavailable.
Can you imagine if this type of vulnerability happens in production environment, such as in a financial or e-commerce organization? Aside from the financial ramifications of not being available to customers, but if you couldn’t recover any of your data? This type of attack could theoretically cause irreparable damage to a company.
I know the whole concept of securing virtual environments is a new thing. I work with several research groups within the Cloud Security Alliance so I am aware of just how little information there is out there as it relates to best practices. But when a real-world example of how these types of attacks are starting to affect virtual environments, it makes it clear just how important these conversations are.
Now I am not sure what happened to the organization who was the unfortunate victim of the attack. I hope that the fact that they figured out it was a network issue means that once the vulnerability is patched the VMs can be restarted. But I doubt that this is a rare and isolated example, which means that it is officially time for security and infrastructure folks to step up their game.
I was recently attending a cloud conference and had the chance to talk to several of the key technology vendors that were in attendance. One of the major vendors seems to be working closely with just about everyone in the cloud and virtualization space, and it made me question what kind of benefits to solution providers and other vendors these types of relationships provide. Suddenly the main cloud players are building partnerships to develop solutions for attached security, storage, asset management, performance monitoring and other operational technologies within virtual environments. But what benefit is there to have such tight integration with one or two key cloud platform vendors? Continue reading
DLP is always a strange thing for me to talk about, since I remember the first round of solutions that ended up causing more headaches than solving the problem of data leakage. But with cloud, it’s all of a sudden a new conversation and DLP is right at the forefront in classifying the types of data that are the centre of the cloud design. All of a sudden DLP cannot be ignored anymore, it’s become a critical part of the new cloud landscape. Continue reading