Sunday, May 19, 2013

Episode 105: VirtuStream

This episode's guest is Pete Nicoletti from VirtuStream. VirtuStream is a cloud solution provider with a strong focus on security and they are hosting some major customers.

One of the topics that are being discussed in episode 105 is the use of TXT technology in cloud solutions. Currently it's not possible to enable TXT across all cloud solutions because it depends on what hardware the cloud providers are using. Providers using white boxes can not support TXT as it is available in enterprise solutions.

In a cloud solution tenant specific logging is very important and a standard is still missing even though there is some work underway.

In addition to various hardening guides there is also an application called Onapsis that can check if you have setup your system in a secure way. It's an application specific security scanner.

Hosting different customers on the same platform can be a risk and most cloud providers have no evaluation on which customers should be allowed to run on the same hardware (or at all).

PCI-DSS is also something you must have in mind. Many PCI auditors may scratch their head when they come across a virtualized solution. Even though there is a virtualization special interest group for auditors, such auditors are hard to find.

Texiwill has written a bit here on How VirtuStream does Cloud Security and the podcast is available below.

Audio: Cloud Virtualization Security Roundtable, episode 105