Threat Modelling: The Now of IT

Threat modelling was the subject of the latest Virtualization Security Podcast (which I am still trying to upload, so time for a new service). Threat modelling is what every security person does, but not necessarily formally. Threat modelling in many ways takes an architecture and looks for well-known threats. One such threat that could come …

No Need for Independent Clusters for Security or Compliance

On the latest Virtualization and Cloud Security Podcast (11/09/2017), senior technical marketing architect for vSphere Security Mike Foley and I discussed security and compliance, and segregated or independent clusters for each. This has been one of my personal hot topics for a while. The issue is that many folks think, rightly or wrongly, that a …

Unplanned Obsolescence – Digital Lifespan

Recently, the xkcd comic (https://xkcd.com/1909/) mentioned digital lifespan with a pithy comment about digital resources disappearing quickly. This is quite prevalent in the project to restore NASA records from Apollo missions, such as LOIRP. NASA participated in unplanned obsolescence as well as misunderstanding the value of its data. It picked data formats that were not …

Process, People, Ptechnology, and Politics

The four Ps of security, DevOps, Agile Cloud Development, and cloud migration are Process, People, Ptechnology, and Politics. In that order. The Ptechnology piece is by far the easiest piece, though it is often considered to be critical. Without Process and People, at this time, technology is just a bunch of 1s and 0s. Unfortunately, …

Reduced Complexity: The Reality

The goal and driver of many tools is reduced complexity. There are many IT as a Service products that claim they reduce complexity—but is that what they really do? IT has gotten inherently complex, yet we are claiming to reduce complexity by adding in more layers, such as automation, platforms, containers, etc. Do these technologies …