This years Innovation Sandbox at RSA Conference was won by a little know company to virtualization and cloud security vendors, its name is Invincea. However, it makes use of virtualization to aid in security. This years finalists once more included HyTrust for the inclusion of what appears to be complete UCS support within the HyTrust Appliance, Symplified which provides a unified identity within a cloud, CipherCloud which encrypts bits of your data before uploading, but not enough encryption to mess with sort and other algorithms. Plus other non-cloud like products: Entersect (non-repudiation in the form of PKI), Gazzang (MySQL Encryption), Incapsula (collaborative security to browsers), Pawaa (embed security metadata with files), Quaresso (secure browsing without browser/OS mods), and Silver Tail (mitigation).
TVP Tag Archives
Digging out after a Snowstorm: Similar to our virtual environments?
Sooner or later that perfect landscape of white is marred by new mounds of snow and clear-cut paths through it to the various locations on the property. When you look at these paths and the snow is high enough, they look like tunnels. The large tunnels (driveway) meet smaller and smaller ones. The perfect landscape of snow is now marred. This is just how a firewall looks when you put holes in it to let through various services. The more services, the more tunnels and paths will be cut. When speaking about the cloud or virtual environments, the increase in paths and entry points becomes a serious issue.
Virtualization Review 2010
It is the last few days of the year and time for a review of virtualization 2010. Although VMware was founded in 1998 it was not until 2001 that I first heard of VMware and played with the workstation product to be able to run different flavors of Linux. So for me, 2010 closes out a great year in virtualization as a whole as well as a decade of virtualization and what a ride it has been.
Virtualization Security: Year in Review
My conference schedule kept pace with the changes in the virtualization security ecosystem through out the year. What are those changes? This is the end of year review of the virtualization security ecosystem.
PCI DSS 2.0 discussed on The Virtualization Security Podcast
In the last Virtualization Security podcast on 12/2 we had with us members of the PCI DSS Virtualization Special Interest Group (SIG). Kurt Roemer of Citrix and Hemma Prafullchandra of HyTrust joined us to discuss the differences to the PCI DSS 2.0 with respect to virtualization. In essence, PCI DSS explicitly calls out the need to bring virtualization, people, and processes in scope.
As we discussed in a previous article, the PCI DSS 2.0 does not state exactly what needs to be assessed within the virtual environment, or even what part of the virtual environment is a concern of each aspect of the PCI DSS. What the PCI DSS 2.0 does do is change the language, however subtle, that technologies employing shared resources are now acceptable.
Getting Starting with Virtualization Security
The Virtualization Security Podcast on 11/2 was quite a change from our normal podcast. Instead of featuring a vendor as a guest panelist, Gurusimran S Khalsa (known as GS) joined us. Our topic was getting started with virtualization security with a real world twist.