I was with a colleague at lunch a few months back and this discussion came up in excruciating detail. The issue specifically had to do with security and compliance for old or “legacy applications” that are sitting on older versions of Windows or Red Hat.
The problem is one we hear often: the application was written by either someone who has moved on to another position, doesn’t work there anymore or was written by a company that went under or decided to end-of-life (EOL) the application.
What do you do when the vulnerability scanner run by your security department detects up to 600 applications that are out of compliance? In most cases, the security organization will want these applications either upgraded or moved off your network.
This isn’t always possible due to the criticality of most of these applications. Often, they are critical to run the day-to-day operations of the company or they are critical to the well-being of the organization.
Continue Reading →
I have admired VMware’s technology for many years. I currently have a multi-node 5.5 vSphere deployment at home, and in my free time I love running benchmarks to marvel at what years of optimization by VMware has gotten us. So, it was with great interest that I followed the unfolding vision and roadmap that Martin Casado laid out on behalf of VMware two and a half years ago. This vision regarding why security applied at the virtualization layer was the true answer to building a secure infrastructure, was especially exciting for me. I had just co-founded Skyport Systems a year earlier on a dovetailed premise that we need a fundamentally new approach to security as built-in secure infrastructure, and that the virtualization layer is key component.
However based on the update at VMworld 2016 (“How Virtualization Will Transform Security”), it is clear that VMware has lost their way in execution of the eloquent vision Martin laid out for them. They have become distracted from delivering on an MVP (Minimum Viable Product) for secure virtualization that the IT industry desperately needs to secure an aging architecture that VMware introduced in a prior IT era.
Continue Reading →
Congratulations to the crew at Nutanix, who just hit the public markets in a successful IPO. I hope this marks the beginning of a tech-IPO revival. What it definitely demonstrates is that organizations are investing heavily in their hybrid enterprise infrastructure. It also highlights the huge role converged systems will have on the data centers that companies will continue to build.
Excitement continues to build regarding the growth of cloud computing, and it should. This IPO, however, underscores that the market for technology in the data center also remains robust. The difference is that companies want infrastructure solutions that are easier to manage and integrate. They want to focus less on building and managing the underlying systems so they can instead focus more on running and operating the valuable applications. The hyper-converged market —bringing networking, storage and computing together — is the new wave of this tightly integrated stack that helps organizations quickly deploy and deliver their services.
So what is the next step? We believe there are four parts that must be integrated and work in concert to deliver the infrastructure that organizations need. They are compute, networking, storage AND security. As it occurs with most exciting new platforms, the early converged entrants focused more on functionality and forgot the security. That has proven to be a painful choice for their customers.
Skyport Systems built infrastructure with security at its core to provide a safe environment to run the most important and often most vulnerable systems. We are committed to delivering secure infrastructure for your hybrid enterprise. As security captivates the minds of CIOs, CEOs and boards of directors, now is the time to invest in building security into the fabric of your infrastructure. Hyper-converged products will help to make it easier for companies to more quickly deliver services. Skyport Systems has now made it safer, too.
I feel like the first 2016 presidential debate should have been experienced over breakfast at a Waffle House. After having used a time machine to travel back to the mid-1980s. With bacon.
Because then I could have pretended that the cybersecurity discussion was just a couple of excited pensioners at a neighboring table who had good intentions but not a lot of clue: “my son is good at the computers“; “it’s probably those dastardly Russians!”
It would have fit right into the atmosphere and been almost charming. It would not have been what it actually was: alarming.
The computer genius 10-year-old aside (is he available for an internship? we are hiring!), the reality of security that companies need to care about is neither basement-dwelling thrill hackers nor state actors. This is a false dichotomy that insults and misleads everyone in order to sell expensive security shovelware toolkits that address non-existent issues. Yes, I’m afraid that I have bad news: your Splunk instance is not really going to stop GCHQ.
Continue Reading →
You’re a couple of miles underground, it’s damp, noisy and cramped, your light flickers and you have been working hard shoring up the mine. Looking over and you see the mine canary, flat on the bottom of the cage and now you have a limited amount of time to locate a source of good air, understanding that the buildup of carbon monoxide is already present in your system.
In the scenario above, a lucky miner avoided death. In some cases, the miner could revive the canary if they had a resuscitation cage that would deliver oxygen to the Canary and both would survive for another day of mining.
Canaries in mines are a real thing – there were a number of sentinel species used as biological danger detectors including rats and mice. You might be surprised that the last mine canaries used in the United Kingdom were phased out in the later part of 1986.
Whoa! I was surprised by this fact as well, and surely we were not using canaries in mines in the 80’s one would think! By 1986, I had already served three years overseas in the US Army. Imagine the internet with around 100 nodes! In 1986 MILNET had been separated from the ARPANET, severed for security reasons. It is also the year when an infamous small essay was published, known as “The Hacker’s Manifesto” – which would set the stage for years to come.
Continue Reading →
As a long-time cyber professional who began my career on the engineering side of the house, I often thought about the rapport I needed to build with my customers. As an engineer (sales engineer to be precise), my value was in connecting to our customers and leveraging the conversation from layman’s terms to technical terms and vice-versa. The ability to build that confidence and credibility with our customers was so important to our success.
As I moved my career in the direction of direct sales, it became even more important to ensure that I built this credibility with my customers. Yet, sales opened my eyes to a much bigger realization—there is something more important than the credibility and confidence in oneself and a product.
Continue Reading →