构造可信的云架构-.pptVIP

But we don’t live in a static world, especially given the dynamic nature of virtual environments Think about how many VMs are being created, or moved around between locations, or changing because of snapshot reversions. I think the recently announced VXLAN will help to ease migration of VMs between private and public clouds but there’s still the open question of how you update all of your security devices in different clouds as you are moving these VMs. What all this means, is that the static nature of security is another hindrance. Security devices may fragment the virtual network and create overly rigid topologies. This keeps the virtual environment from being as dynamic as it should be so it can’t provide the appropriate business benefits. Or the security tools may not even work properly because they can’t see inside the virtual environment or their policies are obsolete. If any of this happens then the security just won’t be put in because it gets in the way or it isn’t worth it. (Devices are chokepoints and fragment the virtual architecture; capacity is never right-sized, no intra-VM visibility, rigid topologies) You also may need lots of different boxes that each perform different functions. Integrating together is challenging Lastly, vendors may not even have virtual-specific solutions that you can use * IT security is about protecting an organization’s digital assets – the IT infrastructure such as servers, storage and network, applications and the data that lives there. Organizations want to control: who is accessing digital assets what apps and data need protection from theft or leaks what infrastructure is at risk from threats such as malware or network-based attacks ? Compliance utilizes a set of processes to determine conformance to regulatory frameworks, industry standards, internal organizational standards, or vendor best practices. IT compliance commonly includes requirements for security controls as they pertain to protecting industry-regulated a