Last week, I discussed taking your mastery of your virtual environment and extending its domain command. I listed a set of four skills that will allow any virtualization administrator to take flight with their career: Security, Optimization, Automation, and Reporting. This week, I’ll cover the first skill, security, and what it means to not get breached.
Security: Control and governance across the data, application and user planes.
The principle of security guides you around governance and control as 1s and 0s traverse across the IT planes. Security is a loaded term that can encompass all manners of sin committed against the IT domain. In the virtual environment, just because the resources are abstracted doesn’t mean that you’re immune to security breaches. Ultimately, the end-goal of breaches is to gain access and control to the data, application, and user planes. Accordingly, IT needs to defend multiple planes across multiple domains.
The figure below highlights the many vendors who operate in the security space and all the different entities that require securing from infrastructure to SIEM to cyber to IAM to application.
[Momentum Partners’ Security Sector Strategic Landscape (Q2 2015) http://www.slideshare.net/momentumpartners/momentum-partners-security-sector-strategic-landscape-q2-2015]
Knowing is half the battle: common security attacks
There are four common security attacks that IT administrators deal with:
- DDoS attacks – an attack designed to overwhelm servers with bogus traffic that causes websites and applications to slow down and eventually become unavailable.
- Phishing schemes – an attack that sends fraudulent email disguised as a legitimate communication that lures recipients into clicking the malware link.
- Poor patch management – leaving unpatched operating systems, browsers, applications, and databases allow hackers to access your organization’s IT assets.
- User error – human error can lead to IT nightmares like losing a work device with unencrypted, sensitive data or falling for phishing schemes or surfing to malware infested websites.
Security presents a tremendous challenge and career opportunity for IT professionals. And it's much too vast to properly cover in a single post so this is just an appetizer to future posts. As the digital transformation expands, the gap in security ops personnel is growing as well. For example from ISACA, the 2016 Cybersecurity infographic below shows the shortage of security ops professionals.
[ISACA 2016 Cybersecurity Skills Gap http://www.isaca.org/cyber/PublishingImages/Cybersecurity-Skills-Gap-1500.jpg]
Security starts with awareness of potential security threats and developing countermeasures. IT professionals looking to get a start in security should leverage the NIST Cybersecurity Framework, which covers the following risk management functions in detail:
Establishing and maintaining trust throughout the IT transaction/interaction is key to securing the any IT environment including the virtual realm.
Additional reference for security:
1. I have previously covered some tips to secure your virtual environment in my Network Computing article.
2. SolarWinds Lab Episode 27:
3. Crossing the Great Divide: Conversations between IT, Networking, and Security Ops