If there was any take-a-way from TakeDownCon related to virtualization, it was that the virtualization host is not the primary attack point but all the ancillary systems that touch it. These systems may not even be considered part of the virtual environment but they certainly can impact the security of the environment.
VMware Buys Shavlik
VMware has acquired one more company: Shavlik. This acquisition did not come as much of a surprise to me but is an interesting purchase for VMware. There are quite a few Security as a Service vendors that would make sense for VMware to purchase and Shavlik is one of them. The difference between the other vendors and Shavlik is that VMware has a existing track record with Shavlik as Shavlik is integral in two of VMware’s existing products: VMware Go and VMware Update Manager. Shavlik provides a very important patch management system for these existing products and is one line of defense in the security space. Are there other plans for Shavlik? Or this is a way to lock in one set of tools?
Cloud Applications are 3-5 years Out: Underlying Layers are Evolving
These announcements and ideas paint a better direction for cloud development and creation than there existed even one week ago. These announcements also concentrate on the data, not the computer engine(s) within the cloud. It has alwys been about the data.
Security of Performance and Management tools within the Virtual Environment
The problem is that not everything is as black and white as security folks desire. If we implement performance and other management tools, we often need to expose part of our all important virtualization management network to others. But how do we do this safely, securely, with minimal impact to usability? Why do we need to this is also another question. You just have to take one look at the Virtualization ASsessment TOolkit (Vasto) to realize the importance of this security requirement. But the question still exists, how do you implement other necessary tools within your virtual environment without impacting usability?
Federated Clouds? Possible?
Mike DiPetrillo’s post entitled VMware is Building Clouds sparked some interesting thoughts and discussion about what it means to have federated clouds and how do you define such federation? Is federated required to make ‘cloud’ ubiquitous or are we already there? But is the discussion really about federated clouds or simplistic data object movement between the VMs or about cloud management?
Cloud Outages or What I learned at Disney/InfoSec World
At the InfoSec World 2011 conference, in the sessions I attended, there was quite a bit of discussion about moving to the cloud as well as cloud outages.