Can there be a single absolute answer to the question of where security should sit within an organization? Take the following as a perfect example of how opinions can sway.
VMware is not a security or networking company and ignoring the fact that big companies with decades of security and networking products are not simply going to fade away is silly.
He seems to say that security is not just going to move away from where it has been established.
Second, you have an expert tweeting the “biggest change” is that security will move away from security organizations.
Want an example of the biggest change in security that is making the most impact? Moving security away from security orgs. See virt/cloud
This could be an interesting debate if only it were not the same person saying both things.
The answer to the question of where security fits for virtualization is really that it depends. I see security run from many different organizations and there has never been a single best-fit for everyone. Some companies I work with have never moved security to a security organization and probably never will.
Those who chose to create a dedicated security group cited things like the complexity of work as well as the need for operational and investigative independence. Complexity can be a lesser concern through the initial phases of emerging technology (fewer capabilities, fewer products for virtualization control) but conflict-of-interest and independence always remain a factor.
Now that we have identified the particular event we are interested in, we simply just create a new custom alarm that monitors for this event and ensure that “userName” property matches “root” as the user we are trying to alarm on. I wrote a vSphere SDK for Perl script called monitorUserLoginAlarm.pl that can be used to create an alarm on any particular user login.
The script requires only two parameters: alarmname (name of the vCenter alarm) and user (username to alarm on).
[…]
Note: The alarm action is currently to alert within vCenter, if you would like it to perform other operations such as sending an email or an SNMP trap, you can edit the alarm after it has been created by the script.
Title: Cooking Security into the Cloud
Scheduled Time: Wednesday November 2, 15:50 – 16:40
Room: Conference Hall B+C
Breaches of confidentiality, loss of data integrity, and downtime are no stranger to virtual environments. Based on a new book with a companion CD of tools and scripts, attendees will see new ways to mix and measure security ingredients in order to achieve requirements and compliance even in large multi-tenant, multi-layer security situations.
This should really be titled why I did not do what everyone said to do. My pursuit of the Nokia N9 went something like this:
Store #1
Me: I’d like to buy a Nokia N9
Them: You should buy an Apple iPhone, much better
Me: Thank you, no, I’d like the Nokia
Them: Why would anyone want to buy anything other than Apple?
Me: Do you sell Nokia?
Them: No, but if you go to Store 2, tell them I sent you and you’ll get a discount
Store #2
Me: Store #1 sent me to you
Them: Never heard of them
Me: They said you give discounts…
Them: (interrupting) No idea what you are talking about
Me: I’d like to buy a Nokia N9
Them: It’s slow. Why would you want to buy that?
Me: Do you sell Nokia?
Them: Yes, but you should go about ten blocks to Store #3 where they are less expensive
Me: Ok, you don’t match their price but you’ll send me there?
Them: Yes, go buy it from them not from us
Store #3
Me: Take this pile of money in my hand for a Nokia N9 and nobody gets hurt
Them: Ok, let me just get one from inventory…oh, look at that. We’re all sold out of them
Me: When can I get one from you?
Them: Come back tomorrow at 10am and ask me
Me: I can’t do that. Schedule conflict. Can I call you?
Them: Yes, call us.
Me: And how long to get it to the store?
Them: A few hours to a few days
Me: So it could be a while even after they hit the warehouse?
Them: Talk to you tomorrow
Back to Store #2
Me: They are out of stock
Them: You sure you want this instead of an iPhone? We have iPhones
Me: Yes, Nokia N9. The one with DRM-free media, open source software and industry-standard interfaces. A brilliant clear screen, the best in the mobile industry, 64GB…yes, the N9. Give it to me now.
Them: We can’t sell you a plan. You don’t have a registered identity in our country.
Me: You say that like it’s a bad thing
Them: You sure you really want to buy it? It costs money
Me: Give it to me
Them: You mean this? You want to buy this?
Me: Yes, yes, I want to buy it
Them: Ok, if you really want it…
Me: Fine, you win. Give me a 64GB Apple iPhone with a 4 inch AMOLED, Dolby audio and 8-megapixel Carl Zeiss camera that’s open source…
Them: That’s impossible, no such iPhone is made
Me: Bingo, I’ll take my Nokia now
…and thus, I acquired a Nokia N9.
The last time I had this much trouble buying a computer was in 1990 when my mother and friends scolded me for buying an Apple Macintosh Duo 230 instead of something made for Microsoft. Now I don’t buy anything made by Apple. Funny how things change.
Why do I buy things against so much resistance? Why do I leave the herd?
First, the screen. The quality of image is unbelievable. It is without a doubt the easiest of any of my screens on any device to read email and type on. I am far more productive on it than any other interface right now. It’s the go-to device for communication on every channel.
Nokia N9 is probably easiest phone to root in the world that is available to buy. All you need to do is go to Settings > Security > Developer Mod > Click On and confirm it. Simple as that :D
If you want to allow installation from non-store services go to Settings > Applications > Installation > And simply allow it.
Now just click to install a repository, you don’t need to do anything more.
Third, it’s already end-of-life. Talk about appreciation in value. This thing should be worth ten times more in just a year…kidding. I really don’t care about Meego dying and all the “long support life” nonsense since my phones seem to get only two or three years before I’m upgrading anyway. Data migration is over open protocols so no worries about future path. This is the most resilient and most powerful technology I have found for now.
Fourth, the apps included are exactly what I need and the interface is clean. The four-way swipe is simple and fast. The menus are obvious (unlike the circular logic of S60). The account manager is centralized and straightforward. The network manager is flexible and easy to secure. My one complaint is that I have to tap about four times to make a call, but some might call this a good way to prevent butt-dial. The camera images are beautiful and the shutter is the fastest I have ever seen on a phone.
After a week of intensive use I still find it to be a great phone; it’s the best interface I have ever used or owned even including the time when I had access to every phone manufactured.
