Access your Pro+ Content below.
Virtualization security dynamics get old
This article is part of the Information Security magazine issue of November 2013 Vol. 15 / No. 9
"The future is already here -- it's just not very evenly distributed." -- William Gibson In 2008 at the Black Hat security conference in Las Vegas, I presented the results of two years' worth of security research. "The Four Horsemen of the Virtualization [Security] Apocalypse" sought to educate the Black Hat audience about the past, present and future of the intersection of virtualization and security. The presentation focused rather ruthlessly on the operational realities of how virtualized compute, storage and networking were fundamentally disrupting security; hence, the "Four Horsemen" rephrased succinctly: Consolidating physical appliance functions, and reconstituting them as a monolithic virtual appliance, will yield poorly performing solutions that are incapable of scale and difficult to manage. If virtual security solutions are not properly integrated with a virtual platform's security functionality and its orchestration systems, then performance, resiliency and scalability will suffer. Complex, highly available ...
Access this PRO+ Content for Free!
Features in this issue
Companies have embraced virtualization and cloud computing, but security is still bolted-on. Here's what needs to change.
In the November 2013 Beyond the Page on virtual security, Chris Hoff examines the challenges infosec pros face in finding the right security strategy for their enterprise network.
Enterprises cannot always keep attackers out of their networks. Instead, defense-in-depth strategies aim to raise the cost to black hats -- in terms of time and money.
Software security ranks high among security executives' concerns but low in terms of time spent, according to an (ISC)2 CXO study.
Columns in this issue
If software security keeps you up at night -- and it should -- you are in good company.
Wading into the murky waters of security metrics? Jay Jacobs offers his take on data collection and incident reporting with the VERIS framework.
What's a dollar spent on security worth in terms of risk? Break-even analysis helps you decide.