The Virtualization Security Podcast on 11/2 was quite a change from our normal podcast. Instead of featuring a vendor as a guest panelist, Gurusimran S Khalsa (known as GS) joined us. Our topic was getting started with virtualization security with a real world twist.
GS told us his story on how he got started with virtualization security which was in response to a series of breaches within the physical environment of his organization. This is normally when people start to get serious about virtualization security. But, this cautionary tale was tempered, with the knowledge that the virtual environment was not breached in any way but still, it was at risk. So the decision was made to improve the overall security, funds were allocated, and GS was sent out to determine what to buy.
In this podcast GS goes through his decision process and limited time scope to get everything. He freely admits he needed more time but, like everyone else, just did not have it. In the end he decided on a combination of products: HyTrust and Altor Networks. Why these?
HyTrust provides auditing and ability to manage authentication and authorization.
Altor Networks appliance provides insight into the virtual environment and defense in depth
This was not the end of GS’ virtualization security journey but yet, just the beginning. He often listens to the podcast, reads the recommended blogs, and books (Top Virtualization Security Links). In essence, it is a continual learning process.
For GS’ organization Auditing was a very important first step. So the rest of the panelists ran with this, raising our questions, and answering them with an eye towards getting started with virtualization security. We will have GS back on the podcast once he is near the end of the journey, to see what else he implemented within the environment.