“Security is not a product but a process“- Bruce Schneier, well renowned cryptographer and security specialist. This has been my experience. Nothing can be totally secure, it is a process of identifying and mitigating risks and of constant vigilance. The process, people and the technology are all critical elements involved with helping prevent breaches, or dramatically lower their risk, and in conducting forensic analysis after breaches to prevent them occurring again. Many are now adopting a zero trust approach to security where east west traffic (i.e. traffic between systems) as well as north south traffic (traffic between security zones or network segments) is monitored and locked down as much as possible. But security really can’t be an after thought, it really needs to be baked in from the get go, and you need tools to help constantly monitor your configuration baselines to ensure compliance, which in the end minimizes risk. This is what brings me to Nutanix and how we approach security in our products, while keeping things uncompromisingly simple.
The best place to start baking in security to any product is during product definition, product design, and early product development, and then continuously monitoring throughout the complete product lifecycle. At Nutanix this starts with every engineer, architect and product manager and also with the Nutanix Security Engineering and Research Team (nSERT). But there is always a balancing act, and part of the charter of the nSERT team is to keep security and agility in mind. Gone are the days where you simply had a NO at the door of the security team. The charter of the nSERT organization is to invoke the most agile and comprehensive security best practices into Nutanix development culture for the benefit of all customers.
There is a lot more to Nutanix Security than what I’ve described briefly here, including technical features like cluster lockdown mode, two-factor authentication, data at rest encryption etc. I would encourage you to read up more about security in a Nutanix environment, which is suitable for all customers, not just the government and large enterprise organisations. The more people that can implement secure systems easily the more benefit for everyone. Nutanix believes it has created one of the most comprehensive product security frameworks and certainly the most comprehensive of any hyper-converged vendor, whether you require STIG’s, or compliance with PCI DSS or other standards.
This post first appeared on the Long White Virtual Clouds blog at longwhiteclouds.com. By Michael Webster +. Copyright © 2012 – 2015 – IT Solutions 2000 Ltd and Michael Webster +. All rights reserved. Not to be reproduced for commercial purposes without written permission.