The Iris System: Tidying Up Under the Rug

Virtualization helps conceal hardware complexity, one of its many benefits for programmers and administrators. But it’s also a rug under which security and reliability concerns can be all too easily swept. Here’s a simple example. Suppose that a file system replicates data across two storage devices to prevent data loss in the advent of a…

Thought Leadership for the Trusted Cloud

I was in Stockholm a couple of weeks ago to speak at an EMC Forum and was able to sit in on the keynote, given by Chad Sakac. As anyone who has attended EMCworld knows, Chad is a great speaker: energetic, interesting and insightful. His keynote explored the theme of transformation, including the transformation of…

Stealing Your Neighbors’ Keys with a Drinking Glass

Security experts have long speculated about whether virtualized environments, such as public clouds, exhibit dangerous side channels. A side channel is a form of information leakage that arises as a byproduct of resource exposure, such as the sharing of memory caches. A side-channel attack exploits such leakage to steal secrets, such as cryptographic keys. A…

Cherrypicking Virtual Machines in a Public Cloud

Resources in public clouds are sold on the same premise of uniform quality as apples. A virtual machine (VM) of a given type, for instance, is a fixed-sized bundle of resources—CPU, local storage, and so forth—that is rented to a tenant at a set hourly rate. Yet VMs, like apples, vary in quality. A VM’s performance depends on the CPU model in the machine on which it sits, the workloads of its neighbors (the VMs of other tenants), and a variety of other characteristics.

Learning to cook – Bake a Trusted Cloud Part 2

Proving that physical and virtual infrastructure of the cloud can be trusted can be prohibitively difficult, especially when it comes to cloud services from external service providers. Verifying secure conditions in the foundations of the cloud is important for a simple reason: If organizations can’t trust the safety of their computing infrastructure, the security of all the information, applications and services running on top of that falls into doubt.

The Forbidden City and Defense in Depth

On a recent trip to China, me and an RSA colleague couldn’t help but observe how the Forbidden City was a like an exercise in defense in depth. We had to traverse protection after protection to move from one area to the next, like firewalls insulating DMZs from the public web, isolated in turn from application servers, themselves isolated from database resources, perhaps even air-gapped from other environments such as production control systems.

Built-In Data Discovery and Classification = “Awesomesauce”

In case you missed it last week, VMware announced their latest version of vShield App with Data Security, which has RSA’s DLP technology embedded to help discover and classify sensitive data in virtual machines. One of the key points here is that data discovery and classification capabilities are now built-in to the virtual infrastructure, making the virtual infrastructure content-aware for the first time. So you may ask, what’s the big deal about being built-in instead of bolted-on?

Realizing a New Vision for DLP

EMC and VMware recently announced that RSA Data Loss Prevention will be integrated into the newest version of VMware vShield in Q3 of this year. RSA issued a press release about it titled: RSA and VMware Partner to Deliver DLP Technology for VMware vShield 5. This is a very important announcement, representing not just a valuable integration of technologies but a new vision for securing sensitive information.

Virtualization: Not the Disappearing Act it Seems

More and more organizations are deciding to “go virtual.” And why not? The benefits are numerous–optimized resources, increased efficiency and a more dynamic infrastructure, among other things. IT departments around the world are collectively champing at the bit to deliver a centralized, optimally partitioned, easily scaled (yet physically small) data center. Shutter those football-field-sized data centers and open the door to a minimalist IT operations center. Sounds perfect right?