Virtualization and Cloud Security Hub

Shellshock is Shocking, According to Shellers

Posted by Shaun Donaldson

Sep 26, 2014 2:54:00 PM

Follow us on Spiceworks Spice IT

If you’ve had a few spare moments to peruse the news, and happen to do so with an eye toward IT, you’ll have heard about Shellshock. As with many a vulnerability, there are many questions, and in this post I hope to answer some.

What is the problem?

Bash (Bourne-again Shell) is a command line interpreter packaged with most Unix variants. It’s quite handy for running commands, especially when invoked from scripts. The vulnerability roughly relates to how Bash parses environment variables (used to set the context of commands). The vulnerability allows someone entering environment variables to insert arbitrary code. Instead of just setting the context of execution, Bash executes the injected commands.

Read More

Topics: Virtualization

Continuous Security Monitoring in a Continuous World

Posted by George V. Hulme

Sep 25, 2014 12:15:43 PM

Follow us on Spiceworks Spice IT

In today’s highly virtualized environments, where continuous integration and deployment are the norm - it’s just impossible to manually ensure that both security and regulatory compliance controls are adequate.

With virtualized workloads, apps, and the supporting infrastructure being persistently updated, your enterprise needs automated and constant security checks to be ran in parallel. Gone are the days of running monthly security and regulatory compliance assessments. As continuous integration and deployment pipelines rapidly become the norm, rather than the exception, a fundamental shift in the way enterprises view security is essential.

But where to start the continuous security monitoring? When looking at your environment in its entirety, with an eye toward monitoring everything all of the time, it can appear overwhelming. And the reality is that you can’t start monitoring everything all at once. Choices need to be made about where to start: endpoints, servers, and applications need the most oversight?

Read More

Topics: Virtualization

Think like a Dev, act like an Op and harness Security – Part One

Posted by Denisa Dragomir

Sep 24, 2014 12:54:00 PM

Follow us on Spiceworks Spice IT

Creating software is a perpetual journey. Just like relationships, technologies start young and reach maturity over time as they evolve through several phases of completion. Some of them don’t reach adulthood because they’re ahead of their time or simply not practical, while others refuse to go quietly due to their massive popularity in the business world.


Regardless of industry and activity field, truly ground-breaking technologies are designed with a sole intention: to transform the customer experience in ways that no one has done before. With most businesses, however, change doesn’t come naturally, just as habits (good or bad) die-hard in a long-term relationship.

Read More

Topics: Public Cloud, Cloud Security, DevOps

Home Depot, Target, and the business of being owned

Posted by Shaun Donaldson

Sep 10, 2014 11:52:02 AM

Follow us on Spiceworks Spice IT

There has recently been some interesting news. It seems that The Home Depot, both in the US and Canada, has experienced a breach. Recall that Target also suffered a breach not long ago

This begs the question; from a security perspective, does being compliant matter?

There are reports that the malware discovered on Home Depot systems is similar to that discovered on systems at Target. What is striking is that, according to Krebs on Security (who broke the Home Depot story), “On Tuesday, KrebsOnSecurity broke the news that Home Depot was working with law enforcement to investigate “unusual activity” after multiple banks said they’d traced a pattern of card fraud back to debit and credit cards that had all been used at Home Depot locations since May of this year.”

Read More

Topics: Enterprise Security, Compliance

Retail Industry Ramps Up Efforts to Boost Security - and How the Channel Can Play a Role

Posted by Shaun Donaldson

Sep 10, 2014 9:44:00 AM

Follow us on Spiceworks Spice IT

As we mentioned in the last post, over the coming months we’ll be looking at the unique security and compliance challenges for a variety of industries. For the first entry in this series we’re examining the retail sector.

It’s no secret that the retail industry has endured some high-profile information security breaches in recent months. In December 2013, Target was hit with a data breach that resulted in the theft of millions of customers’ credit card data, including payment information, names, phone numbers and email addresses. The incident has had a huge financial impact on the retailer, with Target announcing in August 2014 that its second quarter financial results were expected to include gross expenses of $148 million, partially offset by a $38 million insurance receivable, related to the data breach.

Read More

Topics: Service Provider, Reseller, Compliance, Vertical Series

When Moving to DevOps, Security Can Enhance the Ride

Posted by George V. Hulme

Sep 8, 2014 11:00:00 AM

Follow us on Spiceworks Spice IT

DevOps and continuous integration and deployment efforts boost productivity and agility, but it’s crucial that security moves along with the journey.

DevOps and continuous integration and continuous deployment methodologies are taking hold in enterprises everywhere – and those that do so are clearly more effective and efficient. If you’re not convinced of that, have a look at Puppet Labs’ State of DevOps survey for this year, and last, which found that DevOps organizations are deploying code 30 times faster and with half as many failures as non-DevOps enterprises.

Those DevOps outcomes, because of their focus on steady improvement through continuous collaboration and rapid iterations, are exactly what organizations are hoping to achieve. And from that, they reap a more agile and competitive enterprise.

Read More

Topics: Compliance, DevOps

Sex, Photos, and the Shared Security Model

Posted by Shaun Donaldson

Sep 5, 2014 12:46:00 PM

Follow us on Spiceworks Spice IT

Recently, there has been quite a bit of media coverage about some sensitive, private pictures of celebrities stolen and published. While we have seen similar incidents in the past (from celebrities to British royals’ mobiles being compromised), this incident is focused around consumer-centric cloud offerings from heavyweight companies.

When incidents like this happen, the popular knee-jerk reaction tends to be to find someone to blame. In this case, the candidates are:

   1. The attackers

   2. Consumer-centric cloud services providers (used on iOS, Android, Windows Mobile, for example)

   3. The celebrities themselves

Of course, the attackers are ultimately responsible, but it is interesting to see the service provider and the end-users sharing a piece of blame assigned by some (the Internet provides a forum for everyone who wishes to share their opinion, for better or worse).

Read More

Topics: Public Cloud, Cloud Security, Service Provider

The State of Endpoint Security in Virtual Environments

Posted by Dave Shackleford

Sep 3, 2014 11:56:43 AM

Follow us on Spiceworks Spice IT

There’s no question that the majority of organizations are virtualizing servers, and increasingly, desktops within their environments. With this shift comes a plethora of new risks. We’re getting better at porting network security platforms to a virtual format, primarily firewalls and intrusion detection and prevention systems. Encryption for virtual and cloud environments is also slowly improving. Another area that seems to be evolving is endpoint security.

In some ways, the challenges of endpoint security are more complex than some others, for a few different reasons. First, endpoint security has to scale across a larger number of systems, in many cases. In addition, traditional endpoint security products are usually agent-based, and consume significant amounts of resources (disk, memory, and CPU). This can easily throttle a shared infrastructure environment.

Read More

Topics: Enterprise Security, Virtualization

Managed Service Providers: drivers for competitive advantages? Part 1

Posted by Madalin Dobre

Sep 2, 2014 3:34:00 PM

Follow us on Spiceworks Spice IT

As mentioned in my previous blog post, the market of IT services delivered by Managed Service Providers (MSPs) is expected to grow by almost 80% by 2018, compared to 2013.

Now, what effects will this growth have on the MSP market? Here are a few:

     Number of MSPs will increase. This will happen as current ‘box movers’ will start more and more to enter the services area,

     Prices will go down as commoditization will increase. Commoditization in MSP-type of services (help desk, security management, hosting) will increase much faster than in other types of services (e.g. application management for core functionalities), and

     Margins will be smaller and smaller

Read More

Topics: Service Provider

When it comes to information security, not all industries are alike

Posted by Robert Krauss

Aug 28, 2014 10:31:00 AM

Follow us on Spiceworks Spice IT

Saying all types of companies have the same information security concerns because they face common threats and vulnerabilities is like saying all cars are alike because they have four tires.

The security - as well as regulatory compliance - issues enterprises grapple with differ dramatically based on their industry. As we’ve seen in recent years, the types of attacks companies face and the sources of those attacks can vary depending on their line of business.

Sure, there are basic security commonalities among all types of businesses. Virtually all companies are vulnerable to computer viruses and other malware. Many verticals are seeing a rapid growth in the use of mobile devices and in the security threats they represent. And internal security breaches can happen at any organization, whether it sells shoes or builds rocket ships.

Read More

Topics: Service Provider, Reseller, Compliance, Vertical Series

Subscribe to Email Updates

Connect with us