All about Virtualization and Cloud Security | Recent Articles:

Small and medium businesses should shore up their defenses as allegations of rampant spying and massive security breaches cast a pall of doubt on the safety of the Internet. Here’s some advice to help SMBs cope with growing risks and keep expenses under control.

Studies show that data security can be a crucial issue of customer/client trust. In the wake of the Snowden NSA leaks, SMBs are at greater risk than huge corporations, as they have limited money for cyber-security.

From netbooks to smartphones and picture-playing devices, employees become more and more tech-savvy and bring a wide variety of Internet-connected devices to the office. To increase efficiency and mobility, they commonly access corporate data and networks on the go, while chatting with friends, posting social media messages, listening to music and sharing pictures online.

When dealing with greatness and great companies one should try to find out what it is that they are doing so outstandingly well, and what lessons are to be learned from them? What do Google, Amazon, Facebook, LinkedIn, Netflix, Intuit, Bank of America, GAP or Macy’s - just to name a few - have in common?

Apart from being very big enterprises and highly successful, they also share an IT-related approach that has become a cultural trait: they all embraced DevOps as a way of delivering their products/ services to the clients. As security practitioners, we have the duty to ask ourselves – where does security fit into this DevOps philosophy?

BITDEFENDER HQ, June 20, 2014 – Almost one in five small and medium businesses worldwide are exposed to major security risks as they are still using Windows XP after Microsoft ended support for the operating system, according to a three-month study Bitdefender conducted in countries such as the US, the UK, Australia, Germany, Spain and Brazil.

The study proved that businesses still rely on the legacy Microsoft OS despite security concerns. Millions of malware attacks target companies every month and hackers try to steal confidential data by taking advantage of the system’s vulnerabilities.

Regulatory compliance has become a way of life for many companies, especially in industries such as healthcare and financial services. The number and variety of regulations has increased in recent years - and for many organizations the process of ensuring compliance is both costly and time consuming.

Consider what the U.S. Health Insurance Portability and Accountability Act (HIPAA) has meant for IT and security departments within healthcare organizations. A portion of HIPAA defines the policies, procedures and guidelines for maintaining the security and privacy of individually identifiable health information, and creates standards for the use and dissemination of healthcare information. 

You are part of an industry leading organization with thousands of customers, but do you have a plan-B? Organizations of all budgets and sizes are looking for an efficient and reliable backup option, but without the headaches and costs of traditional disaster recovery. In this context, the cloud makes a great alternative. One of the most heavily hyped technologies of the last decade, the cloud can act as a secondary data center to help your organization recover data and systems quickly after any kind of interruption. An earthquake or an unexpected data breach might happen to you.

For the most part, corporate press releases are boring. It’s an exercise in patting oneself on the back while saying next-to-nothing of significance that IT companies are especially guilty of performing as a rote exercise. Then again, every now and then an announcement produces a reaction that stirs things up. To me, the significant parts that go unsaid in an announcement are, in exceptional cases, revealed by the reaction of others (or the lack thereof). Last week, Amazon was good enough to create an interesting example of a PR-by-reaction.

It began with an announcement from Amazon, which can be found here. The post was part of announcing the release of AWS Management Portal for vCenter. Basically, it’s a vCenter plug-in that makes it easy to lift VMs to AWS. It has some additional features, but overall, is compelling only in that it lives with vCenter. To flip that around, it’s really exciting because it’s in vCenter. It’s all in the interpretation…

As endpoints are virtualized, it is tempting to assume that everything within the endpoint is virtualized, and the job is done. Of course, performing a physical-to-virtual migration is the first step in an ongoing process of optimizing applications, the underlying infrastructure, and of course, security.

AV Storms and all the nastiness

If you have virtualized most of your servers, and are starting to optimize by raising consolidation ratios, you will have noticed that traditional antivirus software creates some nasty headaches in virtualized environments. If you have virtualized desktops, you’ll have encountered “AV storms” from the start of the project.

Desktop-as-a-service (DaaS), yet another “as-a-service” offering made possible by the cloud, continues to gain momentum in the market. As a VAR or managed services provider, you can tap into this opportunity, not only by providing DaaS offerings to your customers, but by ensuring that these platforms are as secure as possible. 

As with most buzzwords in the IT industry, DaaS can mean different things to different people. But basically this type of service involves providing remote desktop virtualization to devices via cloud computing, much like applications are delivered through software-as-a-service (SaaS) offerings.