Home > Virtualization > Attack Of the Virtualization Hacking Hyperbole…Whiskey Tango Foxtrot, Over.

Attack Of the Virtualization Hacking Hyperbole…Whiskey Tango Foxtrot, Over.

October 22nd, 2008 Leave a comment Go to comments

BabyhangerI'm literally emulating a bobble head doll at this point.  In a fit of snarky confusion,  I'm simultaneously trying to nod-shake-shrug my oversize gourd to arrive at some commonsensical conclusion about this piece.  I can't, so my head just flops about like the headpiece on a 4-axis CNC machine.

Tarry Singh from the Avastu Blog spends his time as an independent analyst covering virtualization and cloud computing. His latest post regarding security left me scratching my head.

I had a bunch of folks ping me asking me for my interpretation of Tarry's latest work but I thought I'd turn it over to you lot since the more eyeballs the merrier.

Tarry's post is titled "Good News! Hackers Focus On Virtualization."

I read it.  I read it again.  I had something to drink.  I read half of it.

I think what Tarry's trying to say is that with more attention being paid to virtualization platforms by "hackers" that we ought to see increased pressure for more secure environments due to impending carnage from mounting exploits and regulators amassing mad virtualization audit skillz.  I could be wrong as it was really, really good wine.

Despite abusing the term "hackers," it's not an unreasonable assertion despite being dusty.  The rest of the post (or the wine) still leaves me a bit dizzy.

Pay attention now, I'll highlight the interesting bits in bold…

So why is this good news? We need the endorsement of those hackers of
understanding that it's not the OS where all the energy will be spilled
but on the Virtual Data Center OS, as VMware puts it.

So again why it's good news?
  • This is a validation of the fact that Virtualization is going mainstream
  • Security and Compliance will be core focus of all organizations
  • Virtual Infrastructures are easier to battendown and secure due to its uniformity
  • Regulators
    will increasingly ask for audits, where as in traditional environments
    (I've seen such audits by the like of KPMG etc) and always wondered
    like "wow–so are so prepared, dude, NOT!", Virtual environments
    suddenly enables auditors to ask the right questions and get or not get the expected results.
  • Focus on security would mean that we will have to work harder to provide a secure and compliant platforms.
So
I welcome this shift. Virtualization platform are secure and have been
secured, the ones that aren't, should start doing it right away. I'll
be personally speaking in an event in November on security and why a
"secure and complaint practice will enhance your competitive edge", its
not just about securing, your customers want to know if they are secure
with you. Feel free to mail me if you need more information.

I'd be very interested to understand what a "secure and compliant practice" within the scope of a virtualized environment means, especially in light of some of the statements above. 

Tarry, you've got mail.

/Hoff

Categories: Virtualization Tags:
  1. Michael Janke
    October 22nd, 2008 at 19:11 | #1
    Reply | Quote

    "Virtual Infrastructures are easier to battendown and secure due to its uniformity"
    I fail to see how vm's are any more or less uniform or hardened than hardware servers. 'Golden Images' and 'OS Clones' have been around a half decade longer than VM's. If you aren't cloning your real servers from hardened master images, why would I think that you are smart enough to figure out how to clone your VM's?
    "Virtual environments suddenly enables auditors to ask the right questions and get or not get the expected results."
    Auditor are either smart enough to ask the right questions or they are not. I see both types every few months. If they aren't, they won't figure out how to audit VM's. If they are, they will.
    Maybe 'cause I'm on my second glass?

  2. Adrian Lane
    October 22nd, 2008 at 21:37 | #2
    Reply | Quote

    Ouch … stop it … don't cross post stuff like this … I hurt my neck.

  3. Tarry Singh
    October 23rd, 2008 at 03:39 | #3
    Reply | Quote

    Hey Chris,
    You're drinking too much (but I knew that all along) but your assumption on what I was implying by (partly) sensationalizing the post (with some typos from my end- do remember in Europe we drink really very good wines as well) is pretty much correct.
    My post says:
    Virtualization is going mainstream and obviously security concerns are popping up in every discussion I hold.
    And I haven't got your mail yet. You can call me as well and we can do a second call with other security vendors as well. Do you want me to set it up with Melissa?

  4. LonerVamp
    October 23rd, 2008 at 06:22 | #4
    Reply | Quote

    I think this is the sort of stuff that sounds good to people who don't otherwise understand Virtualization and need an advisor. But to anyone in the know, well, they can see it for the mess of statements it is.
    But hey, I'm feeling nice today since it is raining out and maybe I'll just chalk this up to a professional blogger not communicating very well in English. 🙂

  1. No trackbacks yet.