VMware on AWS – You’re doing it wrong

This is going to be a controversial post I am almost certain.  Basically, I am going to argue that the whole premise behind running VMware on AWS is fundamentally flawed and not a viable strategy for those who are currently running VMware or for VMware itself as a company.  Get your angry comments ready, here we go!

Continue reading “VMware on AWS – You’re doing it wrong”

What’s in a Name?

As the raging dumpster fire that is the Equifax breach continues to unfold, I find that I am thinking about identity and the way we use it in our modern life.  Equifax was criminally negligent with information that was incredibly valuable to individuals.  They should be penalized as an organization with fines and levies, and some of the individuals within the company who were responsible for the security of our data should face possible jail time.  But when you step back for a moment, it becomes readily apparent that this is just the latest in a series of data breaches over the past decade, and despite fines, levies, and jail time; this is the sort of thing that is likely to happen again.  Why?  First, the monetary value of the information is high, meaning that criminal elements are willing to spend the resources to steal the information.  Second, organizations are rarely incentivized to take the necessary precautions to secure data.  As Greg Ferro likes to point out, as long as the cost of true security is higher than the cost of a breach, organizations are unlikely to adopt true security practices.  Third, even if an organization tries to embrace true security, human beings are fallible.  Applications have undiscovered exploits, misconfigurations happen, and hackers are always stepping up their game.

Continue reading “What’s in a Name?”