Home > Blogs > VMware Consulting Blog > Tag Archives: Richard Rees

Tag Archives: Richard Rees

The Secret to Getting Security to Say ‘Yes’

By Richard Rees, Security & Compliance Architect, VMware Professional Services

My post last week about the NSA and hybrid cloud I shared an important equation from the security world: Trust = Visibility + Control. In other words, if I’m going to trust a third party with my data assets, I need to have more visibility to make me comfortable with less control.

Today I want to highlight the different requirements that security, IT, and business have for building trust, and how improved visibility can help all three build a more successful working relationship.

Let’s start with security, the most risk-averse, and a mindset I have the best insight into. We know that business and IT are frustrated when we say no, but they need to understand our thought process. If security says “no,” and something bad happens, we get to say “I told you so.” If we say “no,” and nothing bad happens, we’re still ok. But every time we say “yes” we take a risk on getting burned. And we’ve been burned plenty before.

The business side has completely different requirements for trust. To them, risk is just the cost of doing business. You acquire a company, it doesn’t perform as you expected, you sell it off again. That’s that. Meanwhile, IT is somewhere in the middle, focused on efficiency and service delivery to the business.

When these different risk tolerances are competing (instead of collaborating), new problems arise, like the precipitous growth of “shadow IT” and the security problems it poses. Continue reading

The Snowden Leak: A Windfall for Hybrid Cloud?

By Richard ReesSecurity & Compliance Architect, VMware Professional Services

Interest in hybrid cloud has risen since Edward Snowden’s leak in May revealing vast surveillance operations by the US government, according to VMware CEO Pat Gelsinger and COO Carl Eschenbach during a VMworld Q&A last week.

That’s not surprising, since hybrid clouds allow businesses to keep their data in their own house and out of the prying eyes of government. That’s undoubtedly attractive for foreign companies doing business with or in the United States, since the US government was revealed to be focusing their monitoring efforts on emails sent to or received from another country.

Even if you aren’t worried about the NSA, I’m guessing you’d prefer the government not to have access to your business’s (or your customers’) information without your knowledge.

Hybrid: The best of both clouds

Enter the hybrid cloud. With a hybrid platform, businesses get the convenience and flexibility of a public cloud, but all access to sensitive data is handled through the organization’s private cloud. Continue reading