David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco.
Edward Haletky (@texiwill) is a virtualization security analyst and author. And as Haletky points out, security in the virtualization space requires a whole new way of thinking about security. Last year at the VMWorld conference, they had 14,000 machines on 15 512 servers (NOTE: heard Edward wrong in the video and it sounded like 15 initially to me. Edward mentioned it’s physically impossible to put that many virtual machines on 15 servers). How do you protect 14,000 machines from each other, asked Haletky? And when you put that in the cloud you have hundreds of thousands of machines that are always moving. Your data may never be at rest in the cloud. All these new virtualization variables make security a far more complex issue.
Joining Haletky in the discussion is Anton Chuvakin (@anton_chuvakin), author of PCI Compliance. Make sure you watch my video interview with him as well (Haletky’s in that one too) entitled “If you’re going for PCI compliance, just shut up and log.”
Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.