This years Innovation Sandbox at RSA Conference was won by a little know company to virtualization and cloud security vendors, its name is Invincea. However, it makes use of virtualization to aid in security. This years finalists once more included HyTrust for the inclusion of what appears to be complete UCS support within the HyTrust Appliance, Symplified which provides a unified identity within a cloud, CipherCloud which encrypts bits of your data before uploading, but not enough encryption to mess with sort and other algorithms. Plus other non-cloud like products: Entersect (non-repudiation in the form of PKI), Gazzang (MySQL Encryption), Incapsula (collaborative security to browsers), Pawaa (embed security metadata with files), Quaresso (secure browsing without browser/OS mods), and Silver Tail (mitigation).
TVP Category Archives
Proving Identity in the Cloud
Unlike last year where there were many virtualization security vendors existed at RSA Conference, there was a noticeable lack of them within booths, yet all of them were here to talk to existing and potential customers. However, there were many vendors offering identity management in the cloud for these I asked the identity management product owners the following question:
How can you prove identity in the cloud?
Distributed Virtual Switch Failures: Failing-Safe
In my virtual environment recently, I experienced two major failures. The first was with VMware vNetwork Distributed Switch and the second was related to the use of a VMware vShield. Both led to catastrophic failures, that could have easily been avoided if these two subsystems failed-safe instead of failing-closed. VMware vSphere is all about availability, but when critical systems fail like these, not even VMware HA can assist in recovery. You have to fix the problems yourself and usually by hand. Now after, the problem has been solved, and should not recur again, I began to wonder how I missed this and this led me to the total lack of information on how these subsystems actually work. So without further todo, here is how they work and what I consider to be the definition for fail-safe.
Mobile malware reinforces need for mobile hypervisors
At last year’s VMworld in San Francisco Stephen Deasy (Director, R&D, VMware) and Srinivas Krishnamurti (Senior Director, Mobile Solutions, VMware) announced VMware’s plans for a type II mobile hypervisor platform. Three months later VMware and LG have announced a partnership to install VMware Mobile Virtualization Platform (MVP) on LG smart phones starting in 2011. While significant questions remain about the viability of this partnership, the need for a mobile virtualization solution cannot be stressed enough.
Knowing where your Data is: Backup Security
On the second Virtualization Security Podcast of 2011, we had Doug Hazelman of Veeam as our guest panelist to discuss backup security. Since most of backup security relies on the underlying storage security, we did not discuss this aspect very much other than to state that the state of the art is still to encrypt data at rest and in motion. What we did discuss is how to determine where your data has been within the virtual or cloud environment. This all important fact is important if you need to know what disks or devices touched your data. An auditing requirement for high security locations. So we can take from this podcast several GRC and Confidentiality, Integrity, and Availability elements
VNXe More than Just Storage
Given the VNXe’s expandability to include fibre channel cards in the future. This storage looks very attractive to those SMBs who have made the investment previously to move towards fibre. Making use of your existing infrastructure whether fabric or Ethernet would lower the cost of adoption for the low-end EMC product. The VNXe’s expandability is one of those items that makes it an attractive tool for other uses. What are those other uses with respect to security, DR, BC, and disaster avoidance?