- Never try and fake your knowledge of security. And don’t always believe the lists of “security experts”.
- Bolting on security to an existing architecture (Cloud or Non-Cloud) leads to problems down the road.
As I began to spend more time with the Virtustream development and operations teams, it became very apparent that security was deeply engrained in their DNA. The first thing that struck me was that I’ve never attended a software design or cloud deployment meeting where there wasn’t an identified “security person” in the room. In my past experiences, the various elements of security (authentication, isolation, auditing, encryption, etc.) were typically only considered at the end; “bolted on…”.
The next thing I noticed was a parallel mindset happening as it related to security. One conversation was making sure that we’d be able to keep up with the latest compliance regulations (government, industry, international, etc.) and the other discussion was making sure that we could operationally manage security. Our customers operate in a wide variety of industries and in many countries, so the former list is long and complicated. And knowing that we need to be able to transfer our best-practices to xStream customers helps us drive clarity for the latter tasks.
Lastly, I recognized that the teams took a systematic approach to security. Their design expected all the required elements to be embedded or integrated into the software, including elements such as Trusted Compute Pools (leveraging Intel TXT), Data Encryption, Continuous Monitoring, SIEM (Security Information & Event Management) and GRC (Governance, Risk, Compliance), which are often external products/services. They also realize that security is an on-going process, not just a one-time event, so their design considers the lifecycle of Cloud resources such as VM images, Data, Passwords, Keys and Audit logging. This systematic approach means that not only is your environment secure and compliant on Day 1, but it has the framework in place to continue with those security-levels as new services are added to improve the business over time.
A great example of Virtustream security viewpoints was recently provided by our own Pete Nicoletti (Director of Security and Compliance) in the webinar below.
At Virtustream, we’re an Enterprise Cloud Computing company. We take security very seriously because our customers trust us to help them run their most critical business applications. We’ve made security part of our DNA because our customers expect uptime and confidentiality to be part of their business operations. If you’d like to learn more about why our customers trust us to secure their critical applications and data, please contact us. We’d love to go into depth about how we embed and integrate throughout our xStream solutions.
And maybe we’ll even show you our latest Secure Hybrid Cloud demo that has customers with the most secret of secrets asking us when they can begin migrating to Virtustream xStream.