The premise of security is confidentiality, integrity, and availability. The premise of data protection is integrity and availability. The two go hand in hand. However, it is often the case that certain groups within organizations handle data protection (disaster recovery, business continuity, and backup) while other groups handle security. As security moves closer and closer …
Continue reading “Cloud Dependency: Data Protection and Security”
It is that time of year again, when we see all the new toys, tools, ideas, and processes that make up the show called VMworld. This year, quite a few changes in virtualization security will be discussed by VMware and other organizations that work with virtual and cloud environments. One of the key messages will …
There has been quite a bit written about Code Spaces and how unauthorized access to its ITaaS console granted enough permissions to delete everything out of Amazon, including backups. There are lessons here not only for tenants, but also for those vendors who create ITaaS consoles, such as VMware (vCHS, vCD, vCAC, vCenter, Orchestrator, etc.), …
As your software-defined data center (SDDC) grows, so does the quantity of privileged accounts. This was the discussion on the Virtualization Security Podcast of February 13, 2014, where we were joined by Thycotic Software. Privileged accounts are used by administrators and others to fix issues, set up new users, add new workloads, move workloads around …
Recently I have had the pleasure of discussing security with a number of cloud providers. Specifically, we talked about what security they implement and how they inform their tenants of security-related issues. In other words, do they provide transparency? I have come to an early conclusion that there are two types of clouds out there: …
The Hybrid Cloud has 100s if not 1000s of APIs in use at any time. API security therefore becomes a crucial part of any hybrid cloud environment. There are only so many ways to secure an API, we can limit its access, check the commands, encrypt the data transfer, employ API level role based access controls, ensure we use strong authentication, etc. However, it mostly boils down to depending on the API itself to be secure because while we can do many things on the front end, there is a chance that once the commands and actions reach the other end (cloud or datacenter) that the security could be suspect. So how do we implement API security within the hybrid cloud today?
