While at InfoSec World 2012’s summit on Cloud and Virtualization Security, the first talk was on Securing your data. The second was on penetration testing to ensure that data was secure. In essence it has always been about the data but there is a huge difference between what a tenant can do and what the cloud or virtual environment provider can do with respect to data protection and security. This gap is apparently becoming wider instead of smaller as we try to understand tenant vs cloud provider security scopes. There is a lack of transparency with respect to security, but at the same time there are movements to gain that transparency. But secret sauces, scopes, legislation, and lack of knowledge seem to be getting in the way.
TVP Tag Archives
Future Proofing Data Protection: Approaching Fast!
Quantum recently announced a ‘Flexible path to Next Generation Backup and Disaster Recovery’, which dovetails nicely with my thoughts on future proofing data protection. Quantum has created, with the help of Xerox, a way to have multi-tenant data protection at the level of the tenant and not just the cloud provider.
Application Aware Virtualization Backup
While participating in the GestaltIT Virtualization Field Day #2, I was asking Symantec about Application Aware Backups. In other words, could one backup an entire application, regardless of how the application was defined. This concept goes hand in hand with Application Aware Security measures. We can always backup VMs and their data to remote locations, but can we backup or maintain the application interactions within a multi-VM Application regardless of how it is defined.
Data Protection in the Cloud
As I was flying home recently, the gentleman beside me was talking about his need to do the “cloud thing” as a means to backup his data. He recently experienced a multi-retail shop backup failure where the local backup disk was corrupted and the backups failed to happen. I also experienced a backup failure, when my backup software was upgraded. In both cases, the backup software did not mail out, or alert the appropriate people of the failure. Even if the backups did work, the data was still corrupted. So the question is, how can cloud based backups help with either of these scenarios?
Replication Round-up
Whether you use replication as a means of disaster avoidance or disaster recovery, replication of your virtual environment between hot sites has always been a win. With current technology it is even possible to replicate to a replication receiver cloud which could provide a measure of business continuity as well. So who are the players and who provides what service, and how do they do it?
Replication Receiver Clouds: Protecting your Data
Security in the cloud and the virtual environment is ‘all about the data’ and not specifically about any other subsystem. It is about the data. As such the data has something it knows (the contents of the data), something it is (its signature), and something it has (its digital rights) and since it has these three elements, the data has all it has identity. However, protecting the data requires us to put things between the data and the real world such as firewalls, and complex role based access controls, as well as methods to replicate the data to other locations in a non-intrusive mechanism. The goal to such replication could be to ensure multiple sites have the same data (such as a hot-site) or to have the data available in another locations in case of disaster.