Author Archives: georgegerchow


About georgegerchow

As VMware’s Cloud Security & Compliance Evangelist, George Gerchow brings 17 years of information technology and systems management expertise to the application of IT processes and disciplines that impact the security, compliance, and operational status of complex, heterogeneous, virtual & cloud computing environments. George's practical experience and insight from managing the infrastructures of some of the worlds largest corporate and government institutions makes him a highly regarded speaker and invited panelist on topics including virtualization, ITSM\ITIL, configuration management, operational security, and compliance. He holds CISSP, ITIL, Cisco, and Microsoft Certifications. Gerchow is also the co-author of CIS Quick Start Cloud Infrastructure Benchmark v1.0.0. George is also a faculty member for the Institute of Applied Network Security.

Introducing VMware’s vRealize Air Compliance (vRAC)

Hola Peeps,
It is with great pleasure that I introduce our latest and greatest Compliance solution from VMware, vRealize Air Compliance!
vRAC gives you event driven compliance checks of your virtual infrastructure and tells you WHO made a non compliant change and when it occurred in near realtime! (As fast as the Seahawk’s defense making Peyton Manning choke in another Super Bowl loss)
The vRAC solution is based on SCAP content and takes minutes to install & allows you to set exceptions on the fly. We are making it available (BETA) to our customers as the audit community is starting to inspect the virtual infrastructure on a regular basis.

Sign up for the vRAC BETA here:

Check out the Dashboard and Score Cards:


See a recent rule failure (Went from compliant to non compliant):


Drill down to see who made the change with a time stamp:


Set Exceptions on the fly:


Check out the vRAC video here:

Jump in the discussion on any of our social media channels – blogs, Twitter, Facebook, or community forum:

Cambio y Fuera!
George Gerchow
VMware vRealize Air Compliance Product Manager – CISSP, ITIL, CCNA, MCPS, SCP



VMware Security & Compliance – “News Team Assemble!”

Hola Peeps!
That’s right Ron Burgundy fans, news Team Assemble!
It is great to be back at VMware and sharing with all of you once again after a wonderful year at EMC where I was rollin with the Elite – Cloud Business Director Team.
My new role, Cloud Management Security & Compliance Evangelist. What have I been doing? Getting the Wolf Pack back together in a HUGE way at VMware with some key new additions like Tom Corn and my long time friend & colleague Dr. Dennis Moreau.
The gang is working on amazing projects like the planets first PCI Validated Cloud using OpenStack and NSX! Of course we are enlisting a little help from our fiends at Coalfire , VMware CP&C & Rich Rees. The risk and cost could be high, but we will do our best to prove it out. BTW: CP&C is still delivering great content including PCI 3.0, HIPAA and FedRamp. The team is also working on updated integrated solutions for vCOPS (vCM) and Archer (GRC).
For those of you who did not have the opportunity to attend RSA 2k14 you missed out! There were over 20k folks in attendance and the amount of new startups in the cloud space had the expo floor hyped up. (Not mention the fact that a vendor had a FULL BLOWN boxing ring with 2 pro fighters entertaining the blood thirsty crowd! I Also have to mention strong representation from BeyondTrust, HyTrust and CipherCloud)
The VMware booth also had a ton of great traffic and for ONCE, people were not asking questions like “What are you doing at RSA?”. This year it was all about our solutions like LogInsight, NSX, vCM aka vCOPS and the tremendous partner ecosystem we have put together over the last few years.
In closing, let’s turn the focus to Data Protection and how it is going to work moving forward in the cloud. We are starting to see a lot of companies wanting to hop on this bandwagon without really thinking it through or consulting their security & compliance team. The insider threat issue within a private cloud continues to be in the news and could either open the door for a provider to take over sensitive data or give the CISO more power and funding for protecting IP & keeping mission critical workloads on Prem.  BTW: The CIO is also paying the price, not just the CISO.
The CIA has made a bet on AWS, we will see how it pans out over time. Here are two points of view, one is a love fest between the two parties, the other a 3rd party opinion on privacy & potential stumbling blocks.
It would be great to hear your opinion as we continue to ramp up our private, hybrid and public cloud offerings. Check out our latest announcement as we announce vCloud Government Service for U.S. Public Sector.

Jump in the discussion on any of our social media channels – blogs, Twitter, Facebook, or community forum:

Cambio y Fuera!
George Gerchow
VMware Cloud Management Solutions Evangelist Security & Compliance – CISSP, ITIL, CCNA, MCPS, SCP