Sunday, May 19, 2013

Episode 105: VirtuStream

This episode's guest is Pete Nicoletti from VirtuStream. VirtuStream is a cloud solution provider with a strong focus on security and they are hosting some major customers.

One of the topics that are being discussed in episode 105 is the use of TXT technology in cloud solutions. Currently it's not possible to enable TXT across all cloud solutions because it depends on what hardware the cloud providers are using. Providers using white boxes can not support TXT as it is available in enterprise solutions.

In a cloud solution tenant specific logging is very important and a standard is still missing even though there is some work underway.

In addition to various hardening guides there is also an application called Onapsis that can check if you have setup your system in a secure way. It's an application specific security scanner.

Hosting different customers on the same platform can be a risk and most cloud providers have no evaluation on which customers should be allowed to run on the same hardware (or at all).

PCI-DSS is also something you must have in mind. Many PCI auditors may scratch their head when they come across a virtualized solution. Even though there is a virtualization special interest group for auditors, such auditors are hard to find.

Texiwill has written a bit here on How VirtuStream does Cloud Security and the podcast is available below.

Audio: Cloud Virtualization Security Roundtable, episode 105
http://www.virtualizationpractice.com/resources/virtualization-security-podcast/
http://www.talkshoe.com/talkshoe/web/talkCast.jsp?masterId=34217&cmd=t
Posted by at No comments:

Tuesday, May 7, 2013

Human technology roadblocks

Often new proposals and projects are stopped due to the lack of knowledge of others.

The security team can stop many good projects such as those involving virtualization because they don't have enough knowledge and are skeptical to new types of services that they don't have experience with.

Mrs Y once worked at a company and the networking department was skeptical to running virtualized networks. They were asking about latency and other issues that may have been a problem many years ago.

Some people are skeptical regarding VLANs. Texiwill too. That includes VXLAN and other similar technologies.

It has been said that it's a struggle for people to separate the logical from the physical. For the longest time it has been the same thing and now it's suddenly different. Both people, companies, ISVs and hardware vendors are confused by these changes and many of them will try to block these new inventions in favor of the old ones.


All this and more in episode 104.


Driving from Lycia to Fethiye.

Audio: Cloud Virtualization Security Roundtable, episode 104
http://www.virtualizationpractice.com/resources/virtualization-security-podcast/
http://www.talkshoe.com/talkshoe/web/talkCast.jsp?masterId=34217&cmd=t
Posted by at No comments:

Saturday, May 4, 2013

Boat trip

Last week I attended a boat trip from Dalyan to Iztuzu Beach. On this same truo we also attended a mud bath and turtle safari. There were one turtle near our boat for a short moment, but I didn't see it with my own eyes since it was at the front of our boat and I was sitting in the back. The beach was great and I wish we could have stayed there longer.


Posted by at No comments:

Thursday, March 21, 2013

Cloud Views

Special guest on episode 103 was Andi Mann.

Cloud View started out as a news letter. Later it moved to twitter as #cloudview with cloud security as the topic. Cloud View is hosted on http://smartenterpriseexchange.com and they have a dozen episodes available on YouTube.

Where is the firewall in a cloud environment?

Earlier you knew from where people were accessing your data since nobody outside your firewall had access. Nowadays you need to know who is accessing your data because access is not restricted by network segments anymore.

We have several layers of identity:
  • username/password
  • 2 factor
  • multiple factors
After all the breaks ins at major sites (PSN, iCkiud9,) Many think that username is not good enough anymore, but it's still the only credentials you need for 99% of the web servers on the internet.

Who is responsible for security?
- Everybody?
- The board?

News from the RSA conference.


Audio: Cloud Virtualization Security Roundtable, episode 103
http://www.virtualizationpractice.com/resources/virtualization-security-podcast/
http://www.talkshoe.com/talkshoe/web/talkCast.jsp?masterId=34217&cmd=t
Posted by at No comments:

Sunday, March 17, 2013

Episode 102




Audio: Virtualization Security Roundtable, episode 102
http://www.virtualizationpractice.com/resources/virtualization-security-podcast/
http://www.talkshoe.com/talkshoe/web/talkCast.jsp?masterId=34217&cmd=t
Posted by at No comments:

Episode 101




Audio: Virtualization Security Roundtable, episode 101
http://www.virtualizationpractice.com/resources/virtualization-security-podcast/
http://www.talkshoe.com/talkshoe/web/talkCast.jsp?masterId=34217&cmd=t
Posted by at No comments:

Episode 100


Audio: Virtualization Security Roundtable, episode 100
http://www.virtualizationpractice.com/resources/virtualization-security-podcast/
http://www.talkshoe.com/talkshoe/web/talkCast.jsp?masterId=34217&cmd=t

Posted by at No comments:
Subscribe to: Posts (Atom)