TVP Tag Archives

Where Is Data Protection?

When I write “data protection,” do you assume this means endpoint security, data security, data encryption, disaster recovery, or business continuity? Or do you think it entails just knowing where your data resides? Actually, it could mean all of the above, which in turn means that data protection comprises several overlapping technologies. There is no …

Continue reading “Where Is Data Protection?”

Container Security Podcast

There is a recent CVE (CVE-2016-9962) that directly affects container security. A patch was quickly forthcoming. This raised some interesting concerns. Specifically, how do you patch a container infrastructure? What needs to be patched? The “what” is easy; the “how” is more difficult. As we move to cloud-native applications, where we tear down apps rapidly …

Continue reading “Container Security Podcast”

Data and Metadata Everywhere

In a recent conversation, I was considering the data about data that abounds for any business, organization, or person. A great deal of data is stored and classified as public information. The metadata around that data is becoming increasingly more valuable. Is this data maintained, curated, monitored, and controlled in any fashion? The answer varies among people and organizations. Yet, the real question …

Continue reading “Data and Metadata Everywhere”

IT Transformation: Architecture Includes Security

I recently had a number of consulting conversations about IT transformation and adding new Security as a Service products to companies’ existing clouds and tenancies. This is the beginning of IT transformation in many cases. A company has realized it needs to provide security to its tenants while using clouds more securely at the same …

Continue reading “IT Transformation: Architecture Includes Security”

Threats and Risks in the Cloud

There are threats to the cloud and there are risks within the cloud. A recent article from Tech Target Search Security blog spurred several thoughts. The main claim here is that there are not enough people who can differentiate threats and risks enough to talk to business leaders who may know very little about security, but do know the business. I have been known to state that there are prominent threats to my data once stored in the cloud and that we should plan to alleviate those threats to reduce our overall risk. But what is the risk?

Risky Social Behaviors akin to Multi-Tenancy Risks

Can we use some of this Risky Social Behaviors post to aid us in finding an adequate definition for secure multi-tenancy? Perhaps more to the point it can define how we look at multi-tenancy today. On a recent VMware Communities podcast we were told two things that seem contradictory to current security thinking. The first is that going to the cloud reduces your risk, and the second was that the definition of the cloud must include multi-tenancy.