Security is not compliance and compliance will not get you security. At least that is what I hear from security teams. Conversations with security focal team members from non-security focal people can be quite interesting and has its unique challenges and hurtles to overcome. You can find yourself speaking the same language but not fully understanding each other very well at all. One topic point of discussion is that “security is not compliance and compliance will not get you security.” Or does it?
TVP Strategy Archives
Training and More Training for EUC Security
End User Computing security seems to be in the hands of the users not actually the IT Security department. At least not yet. So what can we do about this? IT security can be draconian and not allow EUC devices into the office, but the users will be up in arms. They use their smart …
Continue reading “Training and More Training for EUC Security”
The Growing Divide between Security and Virtualization (Cloud)
I asked @MrsYisWhy to join the podcast as she is from the other side of the world from virtualization and cloud security folks and has quite a different view. The rent we saw being sewn up is now a vast divide as we jump feet first into Cloud deployments, virtualization business critical workloads, and generally using more and more virtualization and cloud in our daily lives.
Public Cloud Reality: Support Responsibility
The Public Cloud Reality around support responsibility is not something often considered, instead we are looking at SLAs, legal documents, compliance documents, and many other items. Do we consider who is ultimately responsible when something goes wrong within the cloud? Is your Cloud provider a full partner or do they limit themselves to a small subset of the implementation? Do they have 24/7 support will be covered by the SLA, but what type of support? How qualified are the clouds support teams to help you with your application’s problems? Who is responsible?
News: Public Comment for VMware Hardening Guide
Just entered my mailbox, there is a new rev of the vSphere 5.1 hardening guide which was spoken about on the last Virtualization Security Podcast. This version of the hardening guide creates a much needed new feature: Profiles.
The Next Evolution of Virtualization
The next evolution of virtualization is the Software Defined Data Center or SDDC and it is quickly becoming the next logical step in the continued evolution of cloud technology that will give you the ability to run legacy enterprise applications as well as the other cloud services. In my opinion you could also define Software Defined Data Center as a converged datacenter so to speak. My friend and colleague, Edward Haletky wrote a great post on SDDC and data protection, which raised this question. How the heck to we recover SDDC?