All about Virtualization and Cloud Security | Recent Articles:

The news these days in security is mostly “doom and gloom”. Just consulting a site like DatalossDB.org is enough to depress even the most hardened security professional. However, there are technology advances happening all around us - some which may lead to new security issues, and others that may help security teams out enormously.

I’m willing to argue that virtualization technology falls into the latter category on most counts. Sure, there are flaws in virtualization software, and new attack vectors (the hypervisor, management tools, etc.).

Transportation is one of those industries that affects everyone in the world just about every day of the year. It encompasses motor vehicles, roadways, bridges and tunnels; planes and airports; trains, tracks and stations; boats, ships and ports—basically any entity that helps get people and things from point A to point B or beyond.

So it goes without saying that ensuring the security of systems, networks, applications and data that support or maintain the transportation infrastructure in any way is critical to the protection of individuals and the well being of society.

As we enter the busiest and most lucrative period of the year for retailers, it’s a good time to take a look at some of the key security issues and challenges facing the industry.

Retail has certainly been in the news a lot of late when it comes to information security, and not for good reasons. One of the most recent, high-profile security breaches hit The Home Depot, with the world's largest home improvement retailer in early September disclosing a months-long attack of its payment data system.

The tech industry – and especially info security– love their acronyms and buzzwords: cloud, APT, IDS/WIPs, DLP, NAC, blended threats, “You name it”-as-a-Service, and the list goes on. One of the reasons the terms that fade away do so is because there is a real-world issue and narrative behind the term. They are real, and the term survives. Those that are the fantasy of marketing teams tend to fade away. The term Shadow IT, sometimes called Rogue IT, is a buzzphrase that is real.

When the term Shadow IT surfaced a few years ago, it was a relatively small percentage of employees who were sidestepping corporate IT and finding their cloud services.

As a reporter, I’ve covered many breaches over the years. Attacks of the magnitude we’re witnessing at Sony Pictures, a subsidiary of Sony Corp. are rare. The breach is quite bad as far as data breaches go. But other companies would be short-sighted to think their organizations are protected from, and are above, data breaches of similar magnitude.

I’ve interviewed many CIOs and CISOs on and off the record over the years – and they all believe that they are quite vulnerable. Vulnerable to determined attackers, a disgruntled insider, or a careless IT misstep that proves itself quite serious and damaging.

In last post of this series, I described what a Software-Defined Data Center (SDDC) is, and asked the question, “In a SDDC environment, should security simply be treated as another layer in a software stack? If so, where should it go?” I presented the first scenario for creating Software-Defined Security (SDS), which is basically migrating security from physical to virtual, but found it lacking. Here, I’ll cover a better approach to SDS.

The next way to look at SDDC security is on a “per layer” basis. Security tools are integrated into the hypervisor layer (or compute layer), the storage layer, the networking layer, and the operating system and application layers. This extends the idea of a virtualized control model, with multiple integration points that may be collectively more capable than a single “layer”.

In this latest installment of our series on security issues in a variety of industries, we look at the utilities and energy sectors. These companies represent a prime market for managed services providers (MSPs) and value-added resellers (VARs), because for any country, protecting the energy grid must be a high priority.

A chilling and widely reported bit of news surfaced recently when the director of the U.S. National Security Agency (NSA) warned that Chinese cyber attacks could shut down the U.S. infrastructure, including the power grid.

As reported by Reuters, China and "probably one or two" other countries have the ability to invade and possibly shut down computer systems of U.S. power utilities, aviation networks and financial companies, Admiral Mike Rogers, director of the NSA testified to the U.S. House of Representatives Intelligence Committee on cyber threats.

Based on what we’re seeing with organizations implementing heavily virtualized infrastructure, followed by private clouds, hybrid clouds, and all things in-between, it’s a logical conclusion that IT organizations are moving toward a Software-Defined Data Center (SDDC).

What exactly is a software-defined data center?

In my last two posts in this series, I’ve covered hardware abstraction and virtualization, and new technologies like software-defined networking, where data and control planes are separate. Organizations extrapolating this to represent the entirety of a data center environment; everything is virtualized and abstracted.