Moving Up the Stack — Security Take

Moving up the stack, our security posture changes. The concepts stay the same, but the posture changes. The concepts of least privilege, limited access, etc. all apply. How we implement those controls changes. In the past, we could rely on a firewall at the edge. Yet, as we move up the stack, the edge has …

Tis All about Audit: HyTrust + DataGravity

HyTrust recently announced that it is purchasing DataGravity. While I do not know the details, the purchase is a pretty savvy one. Why? HyTrust is launching into the cloud, and DataGravity works in any cloud. A win-win, if you ask me. HyTrust has three major products, and with DataGravity, it will have a fourth, but …

VMware Solves Delegate User Problem

I have spoken and written quite a bit on the delegate user problem facing cloud and virtual environments. It is a growing problem, as we delegate actions from logged-in users to service accounts to implement changes on our systems. Any system, for example, that proxies administrative requests suffers from the delegate user problem. In essence, …

Scope: It Is All about Scope

When to implement security and data protection practices, or even change existing ones, is all about timing, knowledge, and scope. Deciding what to implement at any particular time requires knowledge of what needs to be fixed, and also of what the future could hold. To do this properly, you need to pay close attention to …

Gaining Visibility into The Cloud: Migration and Security

On many a Virtualization Security Podcast I tend to mention that we need greater visibility into the cloud to judge whether Cloud Service Provider security measures are good enough. But why should we bother? I am not saying we should not be concerned about a cloud’s security but that we should as tenants be concerned with clouds meeting our security, compliance, and data protection policies and requirements. Will a cloud service provider ever be able to meet a specific organizations requirements as well as the cloud service providers policies and compliance?