World Class Data Centers tend to get Virtualization and Cloud right - If you want to adapt your business to leverage Cloud and Virtualization, consider starting with education and training in both these areas.
EnterpriseGRC Solutions believes you should be, and likely are already working with Cloud providers. We are prepared to do the work of training your people so your business can get it right. Identified by the Cloud Security Alliance's widely adopted catalogue of security best practices, the <this will download the pdf>"Security Guidance for Critical Areas of Focus in Cloud Computing, V2.1" and the European Network and Information Security Agency (ENISA) whitepaper <this will download the pdf> "Cloud Computing: Benefits, Risks, and Recommendations for Information Security" are identified as important contribution to the cloud security body of knowledge. EntepriseGRC Solutions, Inc. organizes training content based in the intended preparation to pass the CompTIAtm Cloud Essentials and Virtualization Essentials Professional certifications, and will also align your training with preparation for the Cloud Security Alliance CCSK, Certificate of Cloud Knowledge.
ENISA Supports that the value in large-scale virtualized data centers includes:
STANDARDIZED INTERFACES FOR MANAGED SECURITY SERVICES: large cloud providers can offer a standardized, open interface to managed security services providers. This creates a more open and readily available market for security services.
RAPID, SMART SCALING OF RESOURCES: the ability of the cloud provider to dynamically reallocate resources for filtering, traffic shaping, authentication, encryption, etc, to defensive measures (e.g., against DDoS attacks) has obvious advantages for resilience.
AUDIT AND EVIDENCE-GATHERING: cloud computing (when using virtualization) can provide dedicated, pay-per-use forensic images of virtual machines which are accessible without taking infrastructure off-line, leading to less downtime for forensic analysis. It can also provide more cost-effective storage for logs allowing more comprehensive logging without compromising performance.
MORE TIMELY, EFFECTIVE AND EFFICIENT UPDATES AND DEFAULTS: default virtual machine images and software modules used by customers can be pre-hardened and updated with the latest patches and security settings according to fine-tuned processes; IaaS cloud service APIs also allow snapshots of virtual infrastructure to be taken regularly and compared with a baseline. Updates can be rolled out many times more rapidly across a homogenous platform than in traditional client-based systems that rely on the patching model.
BENEFITS OF RESOURCE CONCENTRATION: Although the concentration of resources undoubtedly has disadvantages for security [see Risks], it has the obvious advantage of cheaper physical perimeter and physical access control (per unit resource) and the easier and cheaper application of many security-related processes.
If you are planning to do this in your own data center consider that using new tools, and creating new Processes, equals responsibility to provide new RunBooks – Asset, Release, Patch, Backup Restore, and Monitor. (This graphic is based on the content delivered by ITpreneurs and CompTIA's Cloud Essentials and Virtualization Essentials curriculum. To learn more, please visit our Training and Education pages.)
New technologies are transforming the applications that run in the data center and the process by which these applications are developed.
The introduction of virtualization brings many changes that need to be reflected in the tools that administrators use to manage systems. Some examples of the types of changes that need to be addressed include:
- Servers and workstations no longer are tied to a particular, known location.
- Releasing software patches is different in a virtual environment.
- Backup and restore - central location as opposed to execution on the machine.
- Monitoring tools that are used to correlating hardware and software events may no longer understand where dependencies lie.
- In addition, each virtual platform has its own management tools, which need to be integrated into operations.
Virtualization presents new opportunities for application developers to explore:
- Virtualization features can accelerate the delivery of certain application architectures.
- Virtualization can transform the application development process.