Christmas is over and New Years is on its way. A time to make resolutions and see the year complete. A time to review what is old and plan for the future. This is a perfect time to review your defense in depth and look to see if there are security additions needed in 2012. So what cloud and virtualization security New Years resolutions should I make for 2012?
2012 Data Protection Concerns
Data Protection is still an issue with many small businesses and smaller enterprises who virtualize; Specifically around the Data Protection Process and eventually where to store the data. When I speak to people they are struggling with whether or not to place the data on tape, blu-ray, into the cloud, or other disks. Medium and Large Enterprises already have such policies in place, but like everything else, when they virtualized the policies may have fallen by the road side and now need to be recovered, dusted off, and put into practice. The choice of where the data will ultimately reside when disaster strikes is an ongoing discussion in the virtualization community. Ultimately, Data Protection is just that, protecting the data from loss, destruction, and allowing for quick recovery.
"U There" End User Computing Security
There needs to be better Data Loss Prevention applied to Social Media than there exists today and how that will be applied globally is a huge issue. But it is a growing trend. I see on twitter from those I know many things that should not appear: from the discussion of internal only intellectual property to locations sent to 4 square. Add into this, the myriad forms of ‘U There’ requests. It is so easy to tell people anything on twitter, that it also becomes a problem with telling people too much even in 146 characters. Yet, I also see the same when using text messages, chat, and other technologies. So what is the solution?
2011 Year in Review – Data Protection
2011 saw an increase in virtualized and cloud data protection solution partnerships and advancements. One of the biggest advancements is the growing support for Microsoft Hyper-V from long-time VMware specific backup solutions. Included in the new partnerships are team ups between performance management and data protection solutions, as well as an increase in the methods for replication and other forms of data protection. 2011 was a very big year in the Data Protection arena of cloud and virtualization. This is the 2011 Year in Review for data protection.
Year in Review – Virtualization Security
2011 saw a shift in how virtualization security was viewed and it showed in the way companies teamed up to address those needs. Even so, the most basic of issues still exist: The thought that once you virtualize you are more secure, and the lack of general protection for the management constructs of a virtual or hybrid environment. These two concepts have hindered adoption of virtualization security in 2011. Even so, there has been a steady shift through out the year as more and more companies talk about virtualization security. VMware has definitely lead the pack with its vShield Product line and its unified view of virtualization security. Other hypervisor vendors are also discussing virtualization security through their ecosystem if not directly. 2011 saw many companies forging their own partnerships to augment and compete in this space. Will these partnerships continue into 2012? Will virtualization security continue to be a hot area?
On Going Conversation: PCI Compliance, Are virtual environments always Mixed-Mode?
On 10/6 was held the Virtualization Security Podcast featuring Davi Ottenheimer in his role as a QSA. Davi holds down many roles working with companies such as VMware, yet he maintains his QSA credentials and applies his knowledge of PCI Compliance. In this podcast we ask the question, is a virtual environment always mixed-mode and what to do if your QSA does not have the knowledge required to do the job?