Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Physical Is Not So Physical in a Virtualized Environment
Things to consider when virtualizing core infrastructure

I recently asked a CIO of a large Fortune 100 company how hard would it be for a person to pull the plug on a backbone switch in his datacenter. His answer was "Very difficult. We have lots of controls in place to ensure that level of access is protected." I then probed further and asked what type of controls he was referring to - card key access, locks on the racks, video cameras? He nodded at each one. I pulled up the virtual infrastructure management client on my computer and demonstrated how easy it is to power off the distributed virtual switch that he was planning to run across his datacenter - essentially, I right-mouse-clicked on the virtual machine (VM) and selected "Power Off." I then asked, simply, "How many people within your organization have access to virtual infrastructure?" He didn't know. This scenario is more common that you might think.

Virtualization is rapidly transforming the datacenter. Organizations are virtualizing servers, networking, and storage systems to create a new, much more dynamic cloud infrastructure. Virtual appliances, introduced by the major hypervisor vendors over the course of the last few years, have become the new form-factor for delivering business services. In the beginning, application vendors offered their solutions as pre-built virtual appliances, primarily to make installation easier; today, we see core infrastructure components - switches, firewalls, and management solutions - delivered as virtual appliances. The trend is accelerating.

The story of the Fortune 100 CIO highlights the issue that physical is not so physical in a virtualized environment. Virtual appliances are simply virtual machines, and for a person with virtual infrastructure access, physical controls do little to prevent harmful actions - like powering off a critical virtual appliance, whether by accident or on purpose. Essentially, the physical controls that prevent tampering with core infrastructure components are easily bypassed when it comes to virtualization since everything can be managed over the network. This has implications with regard to security as well as compliance.

Industry and regulatory initiatives such as PCI DSS and HIPAA require adequate controls be in place to protect private data, such as payment card or patient health information (PHI). Many times, these controls include network security components such as firewalls and intrusion detection systems. When critical controls are virtualized, how do you ensure compliance if they can be manipulated or powered off through the virtualization management layer?

Follow these four guidelines when considering virtual appliances for core infrastructure to avoid being vulnerable:

  1. Determine the policies necessary for virtualized infrastructure components in your environment.
  2. Ensure strict access control and policy enforcement for management of virtual appliances.
  3. Confirm with your assessors what safeguards must be in place around virtualized controls as relates to compliance.
  4. Make sure you have all management operations logged in granular detail for security forensics and compliance.
About Eric Chiu
Eric Chiu is CEO and founder of HyTrust, an early stage startup focused on secure virtualization management and compliance. He has in-depth knowledge about what’s needed to achieve the same level of operational readiness in virtual, as in physical I.T. infrastructures. Previously Eric served in executive roles at Cemaphore, MailFrontier, mySimon, and was a venture capitalist at Brentwood/Redpoint, Pinnacle, and M&A at Robertson, Stephens and Company.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, an...
Enterprises are striving to become digital businesses for differentiated innovation and customer-centricity. Traditionally, they focused on digitizing processes and paper workflow. To be a disruptor and compete against new players, they need to gain insight into business data and...
In this presentation, you will learn first hand what works and what doesn't while architecting and deploying OpenStack. Some of the topics will include:- best practices for creating repeatable deployments of OpenStack- multi-site considerations- how to customize OpenStack to inte...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to ...
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE