Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Physical Is Not So Physical in a Virtualized Environment
Things to consider when virtualizing core infrastructure

I recently asked a CIO of a large Fortune 100 company how hard would it be for a person to pull the plug on a backbone switch in his datacenter. His answer was "Very difficult. We have lots of controls in place to ensure that level of access is protected." I then probed further and asked what type of controls he was referring to - card key access, locks on the racks, video cameras? He nodded at each one. I pulled up the virtual infrastructure management client on my computer and demonstrated how easy it is to power off the distributed virtual switch that he was planning to run across his datacenter - essentially, I right-mouse-clicked on the virtual machine (VM) and selected "Power Off." I then asked, simply, "How many people within your organization have access to virtual infrastructure?" He didn't know. This scenario is more common that you might think.

Virtualization is rapidly transforming the datacenter. Organizations are virtualizing servers, networking, and storage systems to create a new, much more dynamic cloud infrastructure. Virtual appliances, introduced by the major hypervisor vendors over the course of the last few years, have become the new form-factor for delivering business services. In the beginning, application vendors offered their solutions as pre-built virtual appliances, primarily to make installation easier; today, we see core infrastructure components - switches, firewalls, and management solutions - delivered as virtual appliances. The trend is accelerating.

The story of the Fortune 100 CIO highlights the issue that physical is not so physical in a virtualized environment. Virtual appliances are simply virtual machines, and for a person with virtual infrastructure access, physical controls do little to prevent harmful actions - like powering off a critical virtual appliance, whether by accident or on purpose. Essentially, the physical controls that prevent tampering with core infrastructure components are easily bypassed when it comes to virtualization since everything can be managed over the network. This has implications with regard to security as well as compliance.

Industry and regulatory initiatives such as PCI DSS and HIPAA require adequate controls be in place to protect private data, such as payment card or patient health information (PHI). Many times, these controls include network security components such as firewalls and intrusion detection systems. When critical controls are virtualized, how do you ensure compliance if they can be manipulated or powered off through the virtualization management layer?

Follow these four guidelines when considering virtual appliances for core infrastructure to avoid being vulnerable:

  1. Determine the policies necessary for virtualized infrastructure components in your environment.
  2. Ensure strict access control and policy enforcement for management of virtual appliances.
  3. Confirm with your assessors what safeguards must be in place around virtualized controls as relates to compliance.
  4. Make sure you have all management operations logged in granular detail for security forensics and compliance.
About Eric Chiu
Eric Chiu is CEO and founder of HyTrust, an early stage startup focused on secure virtualization management and compliance. He has in-depth knowledge about what’s needed to achieve the same level of operational readiness in virtual, as in physical I.T. infrastructures. Previously Eric served in executive roles at Cemaphore, MailFrontier, mySimon, and was a venture capitalist at Brentwood/Redpoint, Pinnacle, and M&A at Robertson, Stephens and Company.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
Nutanix has been named "Platinum Sponsor" of CloudEXPO | DevOpsSUMMIT | DXWorldEXPO New York, which will take place November 12-13, 2018 in New York City. Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The...
Concerns about security, downtime and latency, budgets, and general unfamiliarity with cloud technologies continue to create hesitation for many organizations that truly need to be developing a cloud strategy. Hybrid cloud solutions are helping to elevate those concerns by enabli...
Digital transformation is about embracing digital technologies into a company's culture to better connect with its customers, automate processes, create better tools, enter new markets, etc. Such a transformation requires continuous orchestration across teams and an environment b...
Wasabi is the hot cloud storage company delivering low-cost, fast, and reliable cloud storage. Wasabi is 80% cheaper and 6x faster than Amazon S3, with 100% data immutability protection and no data egress fees. Created by Carbonite co-founders and cloud storage pioneers David Fri...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build ...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
Most Read This Week
ADS BY GOOGLE