All about Virtualization and Cloud Security | Recent Articles:

As an AWS customer, chances are you made a great business decision to move to that model for some or all the following reasons:

•      Flexibility
•      Capacity
•      Agility
•      Speed
•      Accessibility
•      Ease of use
•      Scalability
•      Continuous Delivery

Whether you’re a startup or a DevOp in a large enterprise, some of the most compelling reasons to move a business model or develop a business process on AWS is that incredible and versatile infrastructure.

The power and productivity is second to none (well except in the case of the odd outage here and there – but that’s another story). When all is running smoothly, so is your business or your project. The ability to scale and spend according to your delivery model, timelines and needs, while delivering world-class applications and business processes is like no other time in history.

It can be difficult to find relevant estimates for niche market segments, such as managed security services, in such a volatile context. The volatility is mainly generated by the amount of consolidation and business model transformation processes that are currently taking place among managed service providers (MSPs).

In this July, 2014 article from MSPmentor, the author cites forecasts the market values of managed security services, while Research and Markets makes claims for the overall MSP market. If we compare the share of managed security services within overall MSP market, in the two scenarios below, we can easily conclude that the revenue contribution of security services for MSP will grow.

There has been quite a bit of marketing effort put into declaring that AV is dead. It is difficult to make sense of it because the term ‘Anti-Virus’ means so many different things. Much of what it means depends on who you ask.

What is AV? It’s a short-cut. It’s not a short-cut from a technology perspective, but rather, in language. Just as a single-use facial tissue is a “Kleenex”, so does ‘AV’ mean ‘endpoint security’ to many folks, while ‘AV’ is scoffed-at by others.

To generalize, there are two audiences; those who work in IT, and those who do other things. To a person outside of IT, ‘AV’ equals security.

When a family member asks me about ‘AV for smartphone’, I don’t go into depth about it being less an AV than about application reputation, as determined by running applications in emulated environments to assess the quality (from a security perspective), and on and on. That’s because I’m being asked about security for a phone.

This is the second post from a series we thought necessary to dedicate to APTs (Advanced Persistent Threats) and the new wave of security technologies claiming that they replace or complement antimalware solutions to help organizations defeat this new threat.

In the most recent post, I described both the challenges and the opportunities that are facing Managed Services Providers (MSPs) looking to expand their portfolios to include information security offerings.

To quickly summarize: It’s a whole new world for MSPs, many of whom are seeing their entire business model being turned upside-down by the fast growth of cloud computing and the “as-a-service” trend.

While offering cloud-based information security technology and services presents a big opportunity for revenue growth and competitive advantage, MSPs face a host of challenges and potential revenue risks, not the least of which is managing the way licensing models are presented.

In the endpoint security world, specifically antimalware (or antivirus, depending on your definition, but more on that in another post) vendors are offering different features and architectures to address performance in virtualized datacenters. A simple question that organizations have is, “When, where, and why do I need this stuff?” Of course, as a vendor, the tempting answer is, “Always, everywhere, and just because”. However, reality is always more nuanced than the average PowerPoint presentation.

This is the first post in a series dedicated to the trendiest, most disputed and most used acronym in the recent history of information security. My purpose for this series of three posts is to define the phenomenon (as we see it), to take a look at possible counter-measures – a review of the self-denominated “next generation security solutions” – and finally to try to come up with an effective response that shouldn’t cost you a fortune. 

I. The WHY

Why have I decided to dedicate a series of posts to APTs (Advanced Persistent Threats), in context?

The answer is simple; after having seen and read a lot of literature on this topic and after directly observing, first-hand, several APTs, the worry is that the more this is written about, the more it is adding to the confusion of notions or the intentional or unintentional misclassifications and the marketing veils that create further confusion.

Managed services providers (MSPs) are experiencing a world of change these days, as cloud computing and the “as-a-service” trend continues to grow and have a huge impact on virtually every aspect of IT.

Consider the impact that the growth of public cloud services from Amazon Web Services and other providers has had on IT operations. And think about how much virtualization technologies from vendors such as VMware has changed the way data centers are designed and operated.

As research firm Forrester Research pointed out in a 2013 report, entitled “The Shape-Shifting Tech Industry Channel Ecosystem”, while cloud computing has been a boon for the technology industry in general, channel partners “have to deal with shrinking product margins, skills shortages, and new competitor types”.