Tag Archive: Security

Sep 27

Would you pay for the TruCoat?

Categories:

Cloud, IT Security

by

“I’m saying, that TruCoat, you don’t get it you get oxidation problems it’ll cost you a heck of a lot more than $500…”

For those of you playing along, you probably remember this line from the movie “Fargo”. William H. Macy, playing car salesman Jerry Lundgaard, is arguing with a couple about tacking on an unwanted option called “TruCoat” for $500. It’s one of those things that car dealers use to increase their margins. Watch the video here but be warned, there’s a part at the end that’s NSFW.

Jerry Lundgaard selling the TruCoat

So what’s all this got to do with virtualization and cloud security?

Well, in my talking with customers and cloud service providers, the topic of tiered offerings always comes up. You know, the “Gold, Silver & Bronze”. I’ve asked Cloud Service Providers about including security in those tiers and have been met with “Well, maybe, but it would have to re-coup the investment.” (It IS all about the Benjamin’s, isn’t it?)

That got me thinking about TruCoat. A product that Jerry Lundgaard is selling not because it adds value but because it’s got a GREAT profit margin. Not unlike doing the least amount of “security” (Checkbox Security) and charging the most for it. Not really bringing value but charging like you do. I’m not accusing anyone of doing that, but I wonder if maybe some less than reputable vendors (Joey’s Transmission and Cloud?) would head in that direction?

You see, this goes back to security being bolted on .vs. built in. If, in the Gold tier, you add in network packet monitoring and two-factor authentication, you as the cloud service provider are making a significant investment. You need to get that investment back and start to make a profit. How do you explain the TRUE value of the service you offer? Or, like Joey, you just upsell a little anti-virus and firewalling that you’d do anyways because, at scale, it’s not a big hit on the bottom line? Just like the TruCoat.

Clarification: AV and Firewalls are absolutely part of a good defense in depth story. But they are now, especially with the capabilities of vShield, a “commodity” item that is easy to set up and doesn’t impact the bottom line like other security products would.

Buying Value

Customers will pay money for something of value. I haven’t met many people who buy junk intentionally after all! That said, trying to meld security and value together in a cloud environment will be an interesting journey. Today I think it’s a bit of a chicken and egg. Many customer SAY they want secure clouds but how many are willing to pay for it? Cloud Service providers would like to offer security but, let’s face it, it’s not cheap and, as I said, how many are willing to pay for it?

What are your thoughts? Will customers start to demand things like GRC, packet inspection, two-factor authentication? Or will firewalls and anti-virus “check the box” for them?

For some, the response will be “Ya! You betcha!”

Tags: ,

Jun 28

BTOGG – Google Glass and future security implications

Categories:

Geek, Security

by

While working on some other things yesterday, I had the live feed from Google I/O running. I have to say that Google is catching up and possibly surpassing Apple in coolness. They certainly took many presentations tips from Apple! Up to and including the Jobsian “…and that was <feature>”

One of the coolest thing was Google Glass.

This is a set of eyeglasses with a built-in camera and display. It was introduced by Google by skydivers wearing the glasses and parachuting onto the Moscone Center roof!

Even though I’m an IT guy at heart, living here at RSA for the past 7 years has made me somewhat paranoid about data sensitivity. When I saw how Google Glass was capturing EVERYTHING, my first thought (after “WANT!”) was “What if I was streaming my Glass feed via a MiFi?”

That lead to the paranoia kicking in. What if I was doing that in work? And what if my work has me dealing with sensitive information or even just internal use only emails? And I forgot to turn off the live feed to my blog/website/Twitter/Facebook?

As you can now imagine, the security implications start to boggle the mind. I wish I had an answer for this. Will the BYOD Generation listen to the Graybeards when told “You can’t bring them in here? Oh, and no MiFi too!”? Do they now? No.

By the way, I think I’m a BYOD/Graybeard mashup. (as I type this from my personal Mac at work)

So, I think that right now, probably the best thing is to discuss. Consider the implications, don’t over-react and understand the tradeoffs. Just like when cameras first showed up on cell phones and the first corporate systems connected to the ARPANET, interesting and enabling technologies don’t need to be feared, just understood.

mike

Tags: ,

Feb 11

Securing Virtual Desktops with Brian Gracely & TheCloudcast.Net

Categories:

IT Security, VDI, VMware

by

On Thursday, Feb 9th, I drove from RSA HQ in Bedford, MA to EMC HQ in Hopkinton to spend some time with Brian Gracely (Twitter:@bgracely)and do a podcast and whiteboard session on security and virtual desktops.

Brian is the Director of Technology Solutions and Strategy at EMC and one of the co-hosts of TheCloudcast.(NET) along with Aaron Delp. (Twitter:@aarondelp) If you haven’t heard of The Cloudcast you’ve been missing out! It’s a wealth of knowledge sharing with some of the real leaders in the virtualization and cloud space.

This was my second time on The Cloudcast. My first time was as part of a panel at VMworld 2011 where I discussed vCloud and security with Brian, Aaron and VMware’s Chris Colotti, (Twitter:@ccolotti) a vCloud rockstar.

I really enjoy these social media opportunities! I like sharing knowledge but more than that, I like hanging out with people smarter than me. It really raises my game and gets the creative juices flowing!

Out of discussions like this I’ve come up with novel ways to solve problems, opened my eyes to a different way of thinking and even came up with a patent application that I’m hoping to be able to talk about soon.

In our discussion, Brian and I built upon some of the points I made in a previous blog posting on Virtual Desktops and Security. Take a moment to read that and then listen to the audio and check out the video whiteboard.

So, without further adieu, I’d like to redirect you over to our podcast and video on Securing Virtual Desktops and my thoughts on Bring Your Own Device (BYOD).

Securing Virtual Desktops TheCloudcast.(NET)

I hope you enjoy it as much as we did making it and that it helps you in your virtual desktop strategy. If you have questions, reach me on Twitter or send me an email.

Thanks!

mike
@mikefoley

Tags: ,

Older posts «