GreasedGradient

Some tidbits while tinkering.

Month: May 2013

Verizon 2013 report, mobile and virtualisation

One of the big bugbears that used to come up, and still does, is the impact of mobile and virtualisation on security. These have been portrayed as new waves of poor security, and of massive importance to organisations.
Though in reality, and even specifically highlighted in the latest Verizon security report, is that true hacking attempts using these vectors just isn’t happening.
While a number of vendors will have you believe otherwise, the trend towards attacking the application layer, and the overall ease of phishing attacks make attacking mobile devices and virtualisation high effort, low payback.

In mobile, this is due to:
1. Overall improvement in security models – the per app security access model provides practical insulation from the most useful ‘root’ compromise.
2. Overall unreliable mobile networks make network based attacks difficult.
3. Bias towards content consumption on a mobile device makes valuable information harder to obtain
4. Basic activesync security has been available for a long time now on all mobile platforms. It’s very easy to implement, and if used half-way proactively, gives a real security boost.

As for virtualisation, VMWare has always done a decent job if protecting the infrastructure, but other vendors who aren’t as good aren’t been compromised all over the place either. Why? Because in reality, virtualisation doesn’t significantly increase the usable attack surface of the server, when your easiest targets are mid configured applications anyway.

The situation may change, and is worth watching, but right now there is no reason to invest any significant money in MDM or virtualisation security products for the enterprise.

However, there are still some things to think about, and I’ll go over a number of those in other blog posts.

Why not to use the cloud, really.

One of the key questions for many IT shops is why, and how to use the cloud.
However, what people don’t really understand is most cloud deployments are, in essence, just virtualising your hosts in a site you don’t own. This is fantastic and wonderful, but if you run your hosts ragged, or have high performance requirements, hosting in the cloud isn’t for you. A typical AWS instance will be slower than any recent dedicated hardware, and until recently, suffered from poor network performance and low potential throughput.
Unless…
You re-architect your systems.

In particular in Australia, we don’t have a great deal of developers skilled in dealing with the requirements of relatively high latency computing – databases in particular can be very slow, which is why data warehouses can be a great add-on.

If you have the opportunity to do tuning and re-architecting as part of a move to the cloud, you can start to reap the significant benefits of a pay-as-you-use, scalable environment.

New Website

After going through the WordPress setup with WPEngine, I thought it was time to check it out on my shiny new Godaddy AP region hosting account. Thought it was time to start fresh, and start doing some posting about issues, and in particular some items around creating iOS apps learned recently.