Disqus - Latest Comments for mversace

Re: Changing the Security Model for Virtualized Cloud Systems

mversace — Fri, 22 Jan 2010 11:35:22 -0000

Something has to change, but is it the model or the emphasis. For virtual environments security integration is the emphasis. Security integration is needed through the virtual stack - from an encapsulation of the Hypervisior, O/S, VM, and application meta data, and out through the infrastructure [servers, storage, networks). Policy automation is one important part of this integration.

And significant application workloads will require more complete, end-to-end, security integration. There's no silver security bullet on the horizon, so despite the potential benefits offered through virtualization, executives will trust existing internal systems over virtual stacks for mission critical and real-time workloads due to fear about security threats, complexity, and completeness, until a better level of integration is achieved.

Re: The Dark Side of Security…by Art Coviello

mversace — Fri, 04 Dec 2009 16:17:11 -0000

Couldn't agree more. But "hope" won't get us there, or at least it hasn't yet. We need Focus, and Unrelenting Determination (the new "FUD" in security) to address and overcome security challenges that lay ahead.

Re: Emulex Helps Data Protection and Privacy Through Encryption

mversace — Sat, 14 Nov 2009 09:38:21 -0000

Would be nice to do a deep dive into HBA encryption and put together an end-to-end encryption scenario using a hypothetical application running in a private cloud on a set of vBlock. We could look at encryption using:

- SED
- channel encryption
- data tokenization at the database level
- SSL to get data to the end user
- whole disk encryption for data at rest on the desktop.

Issues to consider
- overall application performance
- key management
- where's the white space
- alternative scenarios using a data-centric model for encryption.

Mike

Re: Researcher Publishes Valid Wildcard SSL Certificate

mversace — Wed, 30 Sep 2009 21:41:26 -0000

Could this hack be defeated if EV certs were required in the browser?

Re: Opportunity Knocks for EMC: Will Slootman Answer?

mversace — Mon, 28 Sep 2009 09:49:29 -0000

Couldn't agree with you more. But some effort toward integrated solution offerings in a market that relies on the most prestigious and qualified vendors to address the growing security challenge would be well worth it. Security continues to be a big, big question in most enterprises, virtual or not, and end-users more than ever are looking for straight through, end-to-end security solutions that I think EMC can deliver on.

Re: The Seven Key Attributes that Define Effective SMB Storage

mversace — Fri, 25 Sep 2009 15:05:29 -0000

Great post Bill. My seven would be, using your list - 1, 1, 2, 2, 2, and 2, and 5 of course. Hopefully they get the rest.

Re: Opportunity Knocks for EMC: Will Slootman Answer?

mversace — Fri, 25 Sep 2009 13:40:22 -0000

Option 1 is the approach EMC took when they acquired RSA (the largest security company acquisition in history). And I think the market is still waiting for a story about solution integration. Now might be the time. It's a new world of data protection, and the capabilities, technologies, and customers of RSA create a real power trio in data protection for EMC. Where is RSA in EMCs data protection play? In a recent discussion between Wikibon and Sam Curry,VP Product Development and Strategy for RSA, Sam spoke about security resources and a focus on the 3 "I"s of data protection - Infrastructure, Information, and Identity. Maybe it's time to dot these "i's and get in tune with more complete data protection message including RSA.

Re: 14 Key Points in Computer Development Since 1940

mversace — Mon, 21 Sep 2009 13:29:01 -0000

Well done - but what about 1992 and beyond, and internet as the computer..