Monthly Archives: February 2012

February 25, 2012

RSA Conference 2012 … the Before

By erinkbanks

The RSA Conference 2012 officially starts February 27th, 2012. For me, Monday starts with the CSA Summit and booth duty. This is one of my favorite conferences. It is important to understand that the RSA Conference is not like EMC World or VMworld. This is a security conference… and one, if not the largest security conference. This is not a conference about RSA. For example, Symantec’s President and CEO is scheduled to appear Tuesday as part of the Keynote schedule. What a great concept… a conference not just about a company BUT about companies… no a conference about PEOPLE that are together for a common purpose. People that understand that a world without security is a world without air and water. Security changes everything, not being able to protect oneself from those that want to get us is a risky situation. Users and organizations have a right to understand what options are out there and what is needed to protect their organizations and the ability to see them all at once is a great opportunity. I am excited to see what is out there and even more excited to talk to the customers at the booth. I promise to get back with a recap. What will I be talking about? What I love to talk about everyday. I will be talking about security and virtualization at the RSA booth (make sure you stop by and say hi) and I can not wait to hear the battles that customers are experiencing directly from the customer. To be able to understand what challenges they are experiencing is so exciting to me.

The theme for this year is “The Great Cipher, Mightier than the Sword”. I love this theme. The RSA Conference Events group always have great themes but I really love this one because it is based on the beginning. Where did the idea come from? The theme originates in 17th Century France. A religious war was occurring between the Roman Catholic French and the French Protestants. The Roman Catholics were ruling and battling the Protestants in a small town. The Catholics intercepted an encrypted letter from the Protestants. The letter could not be broken until a mathematician Antoine Rossignol deciphered it. The French Protestants were lacking supplies and ammunition and soon surrendered. Rossignol and his son Bonaventure were noticed for the work by Louis XIII’s chief minister, Cardinal Richelieu who determined secure ciphers and codes to be of incredible value.

Leave a comment   |  tags: | posted in RSA

February 15, 2012

VSI (virtual storage integrator) is a Security feature

By erinkbanks

Recently I was doing a breakdown of the FREE VSI plugin for VMware. It is available from EMC for EMC storage. It is a plugin that provides a single management interface to manage EMC storage within the vSphere environment. There are a lot of components of it and a lot of great capabilities. As I was digging further and further and explaining this technology to customers more and more, I realized that the technology is actually a SECURITY technology. I know, it may be hard to understand but it is true!!! Hear me out….

First let me break down the individual components of the VSI plugin (and may I do a shameless plug for my fellow vSpecialist Tommy Trogden (better known as vTexan) for VSI’ing the VSI plug-in. You have to check out his website… it has a plethora of information…

The VSI plugin has 5 components of it. You don’t need all of them, you can pick and choose. Together and separately they can help you out drastically. I have listed them below and added a synopsis of the capability…

VSI Storage Viewer : Discovers and identifies EMC Symmetrix, CLARiiON, Celerra, VPLEX, VNX, and VNXe storage that has been allocated to VMware hosts and vm’s. The storage viewer presents the storage details to the virtual administrator.
VSI Unified Storage Management : Provisions Network File System (NFS) datastores on NAS storage and Virtual Machine File System (VMFS) datastores and Raw Device Mapping (RDM) volumes on block storage. It performs array-based compression and array-based cloning of vm’s in NFS datastores. Both full clones/copies and fast clones/snaps of vm virtual machine disk (VMDK) files. This plugin allows you to manage NAS and block storage in VMware environments.
VSI Storage Pool Management : Simplifies the provisioning of Symmetrix storage in VMware environments. VSI and Symmetrix Management Console (SMC) together can manage storage as a shared resource pool.
VSI Symmetrix SRA Utilities : Helps users to manage vCenter Site Recovery Manager (SRM) configurations in Symmetrix Remote Data Facility (SRDF) environments. It will allow you to view and create consistency groups and provides SRM diagnostic tools that help users to identify configuration errors.
VSI Path Management : Allows you to change the multipath policy for Symmetrix systems and allows the VSI user to manage multiple paths from within the vSphere client. This plugin supports VMware Native Multipathing plugin (NMP) and PowerPath/VE.

Now how could I possibly pull this all together into security. As I have stated in previous posts… security is about visibility, policies, and trust (remember the triangle of trust). Yes, I know that security is more than that, if we keep with my definition for today, the items line up. The plugin certainly allows you to create policies and you trust the information regarding the storage environment that your virtual environment is running on. But when it comes down to it… the number one aspect that really drives the theory home is VISIBILITY. It should be the VISIBILITY storage integrator. Knowing the information regarding your underlying storage provides the ability to understand your virtual environment like never before. Developing your virtual environment with blinders on is an incredibly risky situation. It could impact your entire environment. Loss of availability to vm’s or hosts is not security. The VSI plugin helps you to make the right decision. It helps you reduce risk. It makes sure the policies are working correctly. It is security.

Leave a comment   |  tags: , , , | posted in EMC, security, virtualization, virtualization

February 9, 2012

NIST SP800-144 “Guidelines on Security and Privacy in Public Cloud Computing” – A Relationship Manual

By erinkbanks

Participating in a public cloud means that there are two independent parties involved. When two parties are involved, a relationship is formed. Just like every kind of relationship… it is hard. Each party has their own expectations and often times these expectations are not met and feelings get hurt. There are arguments and frustrations and maybe you feel like you are not getting out of the relationship what you have put in… When starting a relationship with your cloud provider it is important to understand where they are coming from, what their goals are, and you must think of an exit strategy.

NIST has put out a relationship manual called “SP800-144 : Guidelines on Security and Privacy in Public Cloud Computing”. It was developed to help you (the client) with some of the expectations that you should have with the cloud provider. It is kind of like counseling. They are guidelines to help you determine whether this relationship is going to last or fall on it’s face. It was official developed for Federal Agencies but they agree that it can be used for other relationships as well.
It was important that NIST released this document. They are the ones that I find most reference when talking about Cloud Computing. Their definition is the one most of us go by. There are so many definitions and you might as well pick one. Just a reminder… NIST’s definition is : “A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned  and released with minimal management effort or cloud provider interaction”

Below are the key attributes or guidelines and MY short interpretation of them:

A) Carefully plan the security and privacy aspects of cloud computing solutions before engaging them
[ME] Make sure you set up security objectives of your organization and that everyone understands them, especially when planning for outsourcing. Make sure you plan your security based on the sensitivity of the data. In relationship terms… what is your partner’s intention? Is this a serious relationship or something they take lightly?

B) Understand the public cloud computing environment offered by the cloud provider
[ME] Understand the cloud provider. What are their policies, what are their guidelines. Don’t take this outsourcing lightly and make sure you do your due diligence when it comes to the cloud provider. IN relationship terms… determine the good parts and the bad parts of your partner and what it is that you can “put up with”

C) Ensure that a cloud computing solution satisfies organizational security and privacy requirement
[ME] Interesting section… It is somewhat the same as the section B BUT it recognizes the fact that maybe a public cloud may not work for you. It is possible that the terms of the cloud provider just do not fit your needs. It is possible that your needs can only be supplied by a private cloud. In relationship terms… prepare for other options. Understand that the partner may not be right for you in the long run and you need an “exit” strategy (One note… don’t have an “exit” strategy in your personal relationship until you really need it. :) … I am just saying…)

D) Ensure that the client-side computing environment meets organizational security and privacy requirements for cloud computing
[ME] So how are you, the client, accessing the data at the provider site? It is important to understand that accessing data that is located remotely can have security risks associated with it. These risks are inherent to any organization, whether you are a client of any type of cloud. In relationship terms: communication… communication… communication. Is it safe to tell them everything? Are the communication lines completely open or do some things get said under the breathe?

E) Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environment
[ME] Continuous monitoring is the main thread in this section. Of course it is important to monitor with the understanding of the security policies and    controls. You must be aware of all the aspects associated with the environment. Confidence in your provider can only be done through visibility and provisioning. Best line out of this section… “Cloud Computing is based on the security of many individual components”. In relationship terms…. relationships are hard and you need to work at them. If the pairing is right and you want to continue to move forward with them… work with them and show it. When it comes down to it, actions speak louder than words

If you want to review this document yourself…. click here

2 comments   |  tags: , , , , | posted in cloud security

Follow

Get every new post delivered to your Inbox.