Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Physical Is Not So Physical in a Virtualized Environment
Things to consider when virtualizing core infrastructure

I recently asked a CIO of a large Fortune 100 company how hard would it be for a person to pull the plug on a backbone switch in his datacenter. His answer was "Very difficult. We have lots of controls in place to ensure that level of access is protected." I then probed further and asked what type of controls he was referring to - card key access, locks on the racks, video cameras? He nodded at each one. I pulled up the virtual infrastructure management client on my computer and demonstrated how easy it is to power off the distributed virtual switch that he was planning to run across his datacenter - essentially, I right-mouse-clicked on the virtual machine (VM) and selected "Power Off." I then asked, simply, "How many people within your organization have access to virtual infrastructure?" He didn't know. This scenario is more common that you might think.

Virtualization is rapidly transforming the datacenter. Organizations are virtualizing servers, networking, and storage systems to create a new, much more dynamic cloud infrastructure. Virtual appliances, introduced by the major hypervisor vendors over the course of the last few years, have become the new form-factor for delivering business services. In the beginning, application vendors offered their solutions as pre-built virtual appliances, primarily to make installation easier; today, we see core infrastructure components - switches, firewalls, and management solutions - delivered as virtual appliances. The trend is accelerating.

The story of the Fortune 100 CIO highlights the issue that physical is not so physical in a virtualized environment. Virtual appliances are simply virtual machines, and for a person with virtual infrastructure access, physical controls do little to prevent harmful actions - like powering off a critical virtual appliance, whether by accident or on purpose. Essentially, the physical controls that prevent tampering with core infrastructure components are easily bypassed when it comes to virtualization since everything can be managed over the network. This has implications with regard to security as well as compliance.

Industry and regulatory initiatives such as PCI DSS and HIPAA require adequate controls be in place to protect private data, such as payment card or patient health information (PHI). Many times, these controls include network security components such as firewalls and intrusion detection systems. When critical controls are virtualized, how do you ensure compliance if they can be manipulated or powered off through the virtualization management layer?

Follow these four guidelines when considering virtual appliances for core infrastructure to avoid being vulnerable:

  1. Determine the policies necessary for virtualized infrastructure components in your environment.
  2. Ensure strict access control and policy enforcement for management of virtual appliances.
  3. Confirm with your assessors what safeguards must be in place around virtualized controls as relates to compliance.
  4. Make sure you have all management operations logged in granular detail for security forensics and compliance.
About Eric Chiu
Eric Chiu is CEO and founder of HyTrust, an early stage startup focused on secure virtualization management and compliance. He has in-depth knowledge about what’s needed to achieve the same level of operational readiness in virtual, as in physical I.T. infrastructures. Previously Eric served in executive roles at Cemaphore, MailFrontier, mySimon, and was a venture capitalist at Brentwood/Redpoint, Pinnacle, and M&A at Robertson, Stephens and Company.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
SYS-CON Events announced today that Evatronix will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Evatronix SA offers comprehensive solutions in the design and implement...
SYS-CON Events announced today that Synametrics Technologies will exhibit at SYS-CON's 22nd International Cloud Expo®, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. Synametrics Technologies is a privately held company based in Plainsboro, New Jers...
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitiga...
DevOps promotes continuous improvement through a culture of collaboration. But in real terms, how do you: Integrate activities across diverse teams and services? Make objective decisions with system-wide visibility? Use feedback loops to enable learning and improvement? With tec...
"Digital transformation - what we knew about it in the past has been redefined. Automation is going to play such a huge role in that because the culture, the technology, and the business operations are being shifted now," stated Brian Boeggeman, VP of Alliances & Partnerships at ...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE