Episode 2
From AstroArch
Virtualization Security Round Table Podcast Episode 2 show notes
Go to Talkshoe to download or listen to the podcast. Soon to be available also on iTunes.
Our guest panelist was Gene Kim, CTO of Tripwire Inc. Thank you for joining us Gene.
The podcast started of with each panelist answering the following question, which lead to a short but lively discussion. When someone says 'virtualization security' what is your immediate thought or response? The answers ranged from needing more clarification of is this Securing Virtualization, Virtualizing Security, or something else; Network Security; Compliance; and anything that directly or indirectly touches the virtualization hosts.
We then launched into VMware as a Service with the conversation split evenly on the lines of single tenant vs multi-tenant scenarios. We all agreed this is possible, but security 'depends', virtualization's most used word in trying to answer simple seeming, but complex questions. Mainly it depends on what you wish to expose to your customer and on what they are willing to pay. Amazon was used as an example of multi-tenant virtualization as a service, the beginnings of the cloud. Specific discussions around Amazon were the tools they used but more importantly what is allowed to run within their environment. We then discussed some cases. Questions from the chat were geared towards should we assess the environment to protect the collective or write a 500 page SLA (Thanks to Guest 14!). We all agreed some assessment was necessary but what to assess was still it 'depends'.
Last comments were about thoughts on securing VMware as a Service.
Panelist BIOs
- Gene Kim is CTO and founder of Tripwire. Since 1999, he has been studying high performing IT operations and security organizations, which led Gene to co-found the IT Process Institute (ITPI) in 2004. In conjunction with the ITPI, Gene co-authored the Visible Ops Handbook: Implementing ITIL in Four Practical And Auditable Steps which has since sold over 75,000 copies. He was a principal investigator on the IT Controls Performance Study project, and in 2008, he co-authored the Security Visible Ops, a handbook describing how to link IT security and operational objectives in four practical steps by integrating security controls into IT operational, software development and project management processes. Gene currently serves on the Advanced Technology Committee for the Institute of Internal Auditors where he is part of the GAIT task force, which has created guidance on how to scope IT general controls for SOX-404. In 2007, he was given the Outstanding Alumnus Award by the Department of Computer Sciences at Purdue University for achievement and leadership in the profession.
- James Dennis is a security industry entrepreneur and software designer. He is currently lead architect at Catbird, specializing in implementing security solutions for virtual infrastructure. Mr. Dennis was also the founder of Periscan, one of the pioneers in managed security and compliance for the PCI/retail industry. Mr. Dennis holds both Certified Information Security Systems Professional (CISSP) and VMware Certified Professional (VCP) certifications.
- Chris Hoff is Unisys Corporation’s Systems & Technology division chief security architect. Hoff has over 15 years of experience in high-profile global roles in network and information security architecture, engineering, operations and management. Prior to Unisys, he served as Crossbeam Systems' chief security strategist, was the CISO for a $25 billion financial services company and was founder/CTO of a national security consultancy and led the security engineering team of one of the first global managed network security service providers. Hoff is a prolific blogger and sought after speaker at leading security conferences.
- (Not on the recording) Iben Rodriguez is an Infrastructure Consulting Professional with over 20 years experience working in complex IT environments. Iben has an extensive knowledge of VMware-specific environments having spent 2 years working for VMware in various roles. Iben has led and delivered very complex projects for Fortune 500 companies, including Switzerland based pharmaceutical companies, one of the world's largest online auction companies and a large city government in southern California. Iben is considered one of the foremost industry experts in VMware-based security and infrastructure design.
- Edward L. Haletky is the author of VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers. Haletky owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development. Haletky is also a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions, prolific blogger, and is working on new books on Virtualization.
Podcast audio improvements by Tim Pierson of DataSentry, Inc.
