Subscribe to Email Updates


All about Virtualization and Cloud Security | Recent Articles:

Context versus isolation: solving one of security’s trickiest problems

May 13 by Shaun Donaldson

Securing endpoints has always required balancing context and isolation. Context is about knowing what is happening within an endpoint, while isolation is about the security mechanism being separated from the endpoint that it is protection.

Read More

Reboot the cloud? Yes, it has happened, and here’s why.

May 13 by Shaun Donaldson

While rare, every now and then, major cloud providers such as Amazon must ponder interrupting service to reboot parts of their environments. It is a curious thing, and leads to asking, “Why?”

Read More

Ensuring Security in the VDI Environment

Apr 01 by Robert Krauss

Virtual desktop infrastructure (VDI) and the concept of desktop virtualization have become a key part of the IT strategy at a growing number of organizations, as they come to realize the many potential benefits of the technology.

Read More

Enterprises Hold High Authentication Hopes for Software-Defined Perimeters

Mar 26 by Ericka Chickowski

As we head into RSA next month, chances are high that software defined perimeter (SDP) will jockey for position there in the infosec alphabet-soup lexicon. A new piece out this week in the Wall Street Journal shows that a lot of very large enterprises have high hopes for this NIST-backed protocol as security teams struggle in the cloud era to balance management of risk with maintenance of their relevance to the business.

Read More

Security as a Business Enabler: The Long View, from the trenches

Mar 06 by Dave Shackleford

Much has been said in the last five years about how security “needs a seat at the business table”. When this is uttered by a security professional, usually among other security professionals, everyone typically nods and looks at one another knowingly, as if this is a foregone conclusion. Well, it’s not.

Most security teams are still those thankless security nerds that focus on the compliance checkbox. Why? We provide real value…right? We’re defenders of the univer….errr, enterprise! 

Read More

An Overview of Virtualization Security Guidance: Part II

Feb 13 by Dave Shackleford

In the first post of this two-part series, I described security guidance regimes and tools while focusing on VMware. In this part, I extend the conversation to include Citrix and Microsoft, and provide some advice that is applicable across platforms.

Citrix distributes a “User Security Guide” that has valuable security information for configuring the platform, but is not a benchmark suitable for audit purposes.

Read More

Cloud is Driving Shadow IT Amongst End-users and Datacenter Users

Feb 10 by Shaun Donaldson

Not long ago, I presented a webinar on BrightTalk about cloud and BYOD (Bring Your Own Device). In it I discuss how users have myriad options that are outside the control of IT groups – shadow IT. That end-users are using applications powered by public cloud computing isn’t surprising. Most of us, at one point or another, have used web mail to move a file, Evernote to jot-down thoughts, or DropBox to share files.

Read More

An Overview of Virtualization Security Guidance: Part I

Jan 28 by Dave Shackleford

As virtualization adoption grows, organizations are becoming more attuned to the need to properly configure and lock down virtualization. Virtualization is a complex technology with many facets, and there are numerous types of controls that can be implemented to secure these assets. Most security teams are still developing internal policies and processes to define how virtual infrastructure should be enabled and maintained.

Read More

5 CISO New Year's Wishes

Jan 16 by Ericka Chickowski

Back to work, people! It's time for CISOs to dust the holiday cookie crumbs from their lips and stop rubbernecking the proverbial car crash that was the Sony incident. As 2015 kicks off, it’s the perfect time to reevaluate plans and priorities, and maybe even engage in a bit of wishful thinking. As security and risk management professionals start the year, the following items are most likely to hit their wish list for the coming 12 months.

Read More

Back to Basics: Virtualization as a Security Enabler (part 2)

Jan 14 by Dave Shackleford

In my last post, I explored the idea of improving information security with virtualization technology, namely in the areas of inventory and configuration management. These are likely the most visible and applicable places for “crossover” improvement, affecting both security and IT operations.

Read More

Security and Virtualization: Adaptation is the “new normal” [INFOGRAPHIC]

Jan 05 by Shaun Donaldson

It is no secret virtualization technology is changing the datacenter landscape. The agility, flexibility, and overall operational benefits are myriad, and conversations about the return on investment in virtualization have, for the most part, long-since been concluded. However, as with many wide changes in computing, conversations about security implications tend to lag behind. For security professionals, increasing agility can also mean introducing new areas of concern; agility can create fragility.

Read More

Back to Basics: Virtualization as a Security Enabler (part 1)

Dec 29 by Dave Shackleford

The news these days in security is mostly “doom and gloom”. Just consulting a site like is enough to depress even the most hardened security professional. However, there are technology advances happening all around us - some which may lead to new security issues, and others that may help security teams out enormously.

I’m willing to argue that virtualization technology falls into the latter category on most counts. Sure, there are flaws in virtualization software, and new attack vectors (the hypervisor, management tools, etc.).

Read More

Cloud Security

Subscribe to Blog Updates

Latest Tweets