About

This blog is dedicated to the discussion of securing and proving compliance in virtual and private cloud infrastructure.  Nobody is more passionate about this topic than we are. We consider topics ranging from network, security, and compliance operations responsibilities to the implications of regulatory requirements in cloud environments to current events -- all with the goal of providing best practices for our readers to safely move to virtual and cloud infrastructure. We invite you to join in the dialogue. 

Receive Periodic Updates

Your email:

Follow Catbird

Catbird Virtualization Security & Compliance Blog

Current Articles | RSS Feed RSS Feed

Jumping Into the SDDC Revolution

  
  
  

Data center architectures, both private and hybrid cloud, are rapidly evolving. With this evolution it’s become apparent that end-to-end virtualization is the way to go, and VMware, Cisco and OpenStack ecosystem vendors are leading the initiative. 

Results from Private Cloud Security Survey

  
  
  

In an industry that’s fast-paced and constantly evolving, the security of companies’ data communications ultimately rests squarely on the shoulders of IT professionals.  It’s probably a shock to no one that this stress could keep you up at night, and a recent study has proven it.

Four Questions to Ask Before Adopting NSX

  
  
  

When VMware released NSX it seemed like an obvious choice as a platform to move to. We all know how VMware ESX has transformed business. ESX freed IT departments from the one application on one server paradigm. In fact, server virtualization has proven so powerful that in a little over 10 years server virtualization has gone from effectively zero to today where an estimated 77% of data centers use some form of virtualization. VMware NSX promised to bring the same kind of benefits to the network that ESX brought to the server. 

Is Your Cloud HIPAA-Ready?

  
  
  

5 Critical Questions to Ask Your HIPAA Hoster

A lot of cloud hosting providers claim that they’re HIPAA compliant, but what do they actually provide?  Before you make a decision, here are some key questions to ask.

Software-defined Network Challenges

  
  
  

Five Key Considerations When Adopting SDN

As organizations plan to move to virtualized systems and software-defined networks (SDN), it is helpful to review the realistic challenges that they will face. To be able to take advantage of the benefits of a software-defined environment, architects should consider the following: 

Hacking Is Not that Hard

  
  
  

Three Risk Management Strategies

You know that data breaches and attacks are common, but did you know that hacking is actually very easy? According to a recent CSIS report, hacking is not that hard. For me, some of the most interesting data points in this report include:

Shifting Roles in the SDDC

  
  
  

Three Things You Can Do to Transition Effectively

Changes in data center architecture have also led to shifting roles within the organization. The software-defined data center and SDN present an opportunity for existing IT personnel to embrace change and expand their portfolio. For IT to function efficiently, System, Network, and Security teams should recognize that they have the opportunity to take on a larger scope, as the days of IT siloes are over.

Are Your Vendors Your Weakest Links?

  
  
  

The Target Breach Backlash

It’s a situation that strikes fear into the heart of every CIO and CISO—a breach caused by a vendor relationship. The Target debacle was apparently due to just that and affected millions of customers.  Will this incident create a deluge of headaches for Target’s vendors? Will other corporations follow suit? Most importantly, what can you do?

ACI Meets PCI, HIPAA, FISMA, SOX

  
  
  

Catbird Joins Cisco ACI Ecosystem

It’s fantastic news for Catbird and for you as well.  With Cisco Application Centric Infrastructure (ACI) adding Catbird to its expanding ecosystem, the next iteration of network security is within grasp. 

Target Breach Update

  
  
  

More Bad News from Target

It has now been reported that the Target data breach effected somewhere between 70 to 110 million of their customers. These customers face an even darker threat than just financial distress as it has also come to light that addresses, phone numbers, and personal identifiable information (PII) was stolen, leaving them vulnerable to multiple fraudulent activities. 
So what can you do to avoid this type of disastrous situation? To start, realize that PCI compliance is only a small piece of the security posture puzzle that is essential to protecting customer data. This data breach reaches far beyond PCI scope and dives head first into the deep ends of HIPAA and PII policy management. Securing data based on classification needs to be sophisticated enough that assets have layers of security, ultimately protecting and securing the asset based on the workloads of that asset. Sensitive data needs to be encapsulated by its security policy.

Second, and just as important, continuous monitoring of activity is critical. These 70M+ records had to be accessed and transmitted out of Target's network in some fashion. With proper visibility at the right levels of the network, anomalies like this can be detected, prevented, logged, and reported in real time. Active enforcement of policies is necessary to mitigate the severity of breaches.
I encourage you to take a proactive approach to security and understand the advanced technologies available today to protect credit card information. Advancements in virtual and cloud technologies are enabling retailers to provide stronger, more secure transactions, strengthening the credibility and reputation of their organizations at the same time.

Author Bio:


All Posts