Welcome!

From the CEO and Founder of HyTrust, an Early Stage Virtualization Startup

Eric Chiu

Subscribe to Eric Chiu: eMailAlertsEmail Alerts
Get Eric Chiu via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Eric Chiu

The Payment Card Industry Security Standards Council (PCI SSC) is expected to release a new version of the PCI Data Security Standard (DSS) in October of this year. In this new version, the PCI DSS will address virtualization and cloud computing. This new guidance will be a huge win for virtualization adoption, as well as the organizations that are subject to PCI and under pressure to better manage costs. The Council, founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, developed the PCI DSS to specify how to best protect payment card information. In other words, it specifies how to best protect you and me from anyone who attempts to break into systems to steal our valuable financial information. The most recent PCI DSS, version 1.2, includes 12 requirements that describe the necessary controls that must be in ... (more)

The Machine Is Now the Data . . . How Does That Affect Compliance?

In IT terms, virtualization is cool. The rewards include cost savings, agility, and flexibility. Enterprises reap the benefits of virtualization through a much more efficient use of IT personnel and resources, faster delivery time of applications, higher availability/service levels, and additional capabilities such as high availability and disaster recovery. No wonder data centers worldwide are being transformed by going virtual. Now for the bad news: there are definitely serious drawbacks, especially around compliance. If you think about virtualization, the hypervisor is now th... (more)

Physical Is Not So Physical in a Virtualized Environment

I recently asked a CIO of a large Fortune 100 company how hard would it be for a person to pull the plug on a backbone switch in his datacenter. His answer was "Very difficult. We have lots of controls in place to ensure that level of access is protected." I then probed further and asked what type of controls he was referring to - card key access, locks on the racks, video cameras? He nodded at each one. I pulled up the virtual infrastructure management client on my computer and demonstrated how easy it is to power off the distributed virtual switch that he was planning to run ac... (more)

Trusting Cloud Computing

Cloud Security Journal on Ulitzer The company I work for, HyTrust, recently worked with Intel and VMware on a very cool project. Essentially, it was about demonstrating the ability to establish trust in the cloud, and then enforce policy based on trust. Trust. Trust is an important word in the world of security, and in cloud computing it's an even bigger deal. Cloud computing offers up the promise that an organizations will be able to run any application from anywhere at any time. But in a multi-tenant environment, a cloud application running in a virtual machine might be loca... (more)

Separation of Duties in Virtualized Environments

Virtualization has brought us another step closer to the world of Star Trek. Think back to episodes of The Next Generation where Geordi was able to control the functions of the entire ship through a single touch-screen interface. He was able to reconfigure electrical, mechanical and propulsion systems without needing anyone else or additional authorization. The only thing to prevent him from doing something risky or damaging was the computer system itself. This picture is exciting in its similarities with virtualization. Here, the hypervisor essentially becomes a datacenter in a... (more)