Subscribe to Email Updates

Subscribe

All about Virtualization and Cloud Security | Recent Articles:

In Demand: Managed Security Services

Mar 23 by Shaun Donaldson

This is a good time to be a managed security services provider—if you believe industry reports about the robust growth of the market. Even if you don’t believe the research, there is plenty of evidence that many organizations are looking for expert help when it comes to strengthening their security posture against a host of potential threats. And service providers can provide that needed assistance.

Read More

Reboot the cloud? Yes, it has happened, and here’s why.

May 13 by Shaun Donaldson

While rare, every now and then, major cloud providers such as Amazon must ponder interrupting service to reboot parts of their environments. It is a curious thing, and leads to asking, “Why?”

Read More

3 Cloud Security Truths For CISOs

May 07 by Ericka Chickowski

As cloud initiatives shift from cost savings efforts to strategic transformations of IT and the business, CISOs are finding that in many ways they need to completely reimagine their security controls to keep up.

Read More

Why Aurora is more than a sunrise

Nov 25 by Shaun Donaldson

A short while ago, Amazon announced a new offering called Aurora. In a nutshell, Aurora is a MySQL database engine wrapped as a service. It’s relatively cheap, and Amazon handles the nitty-gritty of the thing.

It begs the question, why does it matter? As Amazon declares, it’s the fifth SQL database engine that they have made available. So, why the big deal? It is a big deal because it says quite a bit about how Amazon operates.

First, let’s have a look at the product page:

 

Amazon Aurora provides up to five times better performance than MySQL at a price point one tenth that of a commercial database while delivering similar performance and availability.”

 

Read More

Identity and Access Management as a Service (IDaaS) – mastering the fine art of juggling

Aug 22 by Denisa Dragomir

In my previous post I raised a flag around the importance of identity and access management (IAM), and how this should be embedded in your overall security planning.

What does identity and access governance stand for?

According to Gartner, it represents "a combination of administration and account provisioning, authentication and authorization, and reporting functions" which is either served from the cloud (IDaaS) as a utility, or implemented internally in a more silo’d approach.

Companies may choose to run a combination of the two in their hybrid environment, where they bring up a secondary IAM system to handle their hosted apps, while continuing to rely on standard IAM for internal applications.

Read More

Who is Getting Cloudy?

Aug 13 by Shaun Donaldson

There are many questions about cloud; what is it, where is it, and who’s using it?

The answer to the last one is: “most everyone”. Analysts are a bit short on data because they too are still trying to figure-out this cloud stuff. The straightforward answer is that you are likely already using it.

Does your organization use a service provider for software-as-a-service, platform-as-a-service, or infrastructure-as-a-service? If your first answer is an absolute, “No”, you’re probably wrong.

If you’re a start-up, you’re likely using a Google or Microsoft service, perhaps a hosted customer relationship management system (Salesforce.com, for example), and myriad other cloud-based services.

Read More

Distributed Denial of Service in the Cloud or the ‘New Black’ of cyber-criminals

Aug 05 by Denisa Dragomir

Distributed Denial of Service (DDoS) attacks have started to grow in intensity and sophistication as more companies rely on web-based applications for their daily business operations. In the past few months, such attacks have become the weapon-of-choice for cyber criminals in every corner of the world because they hardly ever miss their target(s). Taking the analogy further, I would say that these insidious attacks are as precise and merciless as a DSR-50 riffle is for a trained sniper.

What makes DDoS attacks a bad dream for even the most experienced of IT admins is their distributed nature, as the very name suggests. This means that not only one, but a multitude of compromised systems (also known as botnets or bots) seize the target host with simultaneous requests through a breach in the system, which thereby becomes saturated and unavailable to user access.

Read More

The advantages of “Baking in” antivirus in your model on Amazon Web Services (AWS)

Jul 30 by Kathryn Schwab

As an AWS customer, chances are you made a great business decision to move to that model for some or all the following reasons:

  •      Flexibility
  •      Capacity
  •      Agility
  •      Speed
  •      Accessibility
  •      Ease of use
  •      Scalability
  •      Continuous Delivery

Whether you’re a startup or a DevOp in a large enterprise, some of the most compelling reasons to move a business model or develop a business process on AWS is that incredible and versatile infrastructure.

The power and productivity is second to none (well except in the case of the odd outage here and there – but that’s another story). When all is running smoothly, so is your business or your project. The ability to scale and spend according to your delivery model, timelines and needs, while delivering world-class applications and business processes is like no other time in history.

Read More

The ‘Near Future’ and Business Alignment of Security for Managed Services

Jul 17 by Robert Krauss

In the most recent post, I described both the challenges and the opportunities that are facing Managed Services Providers (MSPs) looking to expand their portfolios to include information security offerings.

To quickly summarize: It’s a whole new world for MSPs, many of whom are seeing their entire business model being turned upside-down by the fast growth of cloud computing and the “as-a-service” trend.

While offering cloud-based information security technology and services presents a big opportunity for revenue growth and competitive advantage, MSPs face a host of challenges and potential revenue risks, not the least of which is managing the way licensing models are presented.

Read More

DevOps and SecOps – the Impossible Conciliation?

Jun 23 by Horatiu Bandoiu

When dealing with greatness and great companies one should try to find out what it is that they are doing so outstandingly well, and what lessons are to be learned from them? What do Google, Amazon, Facebook, LinkedIn, Netflix, Intuit, Bank of America, GAP or Macy’s - just to name a few - have in common?

Apart from being very big enterprises and highly successful, they also share an IT-related approach that has become a cultural trait: they all embraced DevOps as a way of delivering their products/ services to the clients. As security practitioners, we have the duty to ask ourselves – where does security fit into this DevOps philosophy?

Read More

When Amazon Zigs, Everyone Else Zigs and Zags

Jun 12 by Shaun Donaldson

For the most part, corporate press releases are boring. It’s an exercise in patting oneself on the back while saying next-to-nothing of significance that IT companies are especially guilty of performing as a rote exercise. Then again, every now and then an announcement produces a reaction that stirs things up. To me, the significant parts that go unsaid in an announcement are, in exceptional cases, revealed by the reaction of others (or the lack thereof). Last week, Amazon was good enough to create an interesting example of a PR-by-reaction.

It began with an announcement from Amazon, which can be found here. The post was part of announcing the release of AWS Management Portal for vCenter. Basically, it’s a vCenter plug-in that makes it easy to lift VMs to AWS. It has some additional features, but overall, is compelling only in that it lives with vCenter. To flip that around, it’s really exciting because it’s in vCenter. It’s all in the interpretation…

Read More

Desktop-as-a-Service: New Opportunities for the Channel

Jun 03 by Robert Krauss

Desktop-as-a-service (DaaS), yet another “as-a-service” offering made possible by the cloud, continues to gain momentum in the market. As a VAR or managed services provider, you can tap into this opportunity, not only by providing DaaS offerings to your customers, but by ensuring that these platforms are as secure as possible. 

As with most buzzwords in the IT industry, DaaS can mean different things to different people. But basically this type of service involves providing remote desktop virtualization to devices via cloud computing, much like applications are delivered through software-as-a-service (SaaS) offerings. 

Read More