Category: Uncategorized

Why do I have work email on my personal Mac? iCloud Keychain

I have recently updated my personal MacBook Air and my work MacBook Pro to Apple’s new OSX Mavericks. All in all, the upgrade has been pretty good. In other words, easy upgrade, things continue to work and it’s mostly working fine. (Though, Mail seems a little wonky, but…)

One of the new features of OSX Mavericks is something called iCloud Keychain. With this, all your passwords and “Internet Accounts” (email, messaging, CalDav, etc) are duplicated on all the Mac’s you enable iCloud Keychain on. It works well. But maybe a little TOO well?

Why do I say this? Well, I try to keep a respectful distance between work and play. I’ll have my personal email account syncing on my work laptop but I don’t like to have work stuff on my personal laptop. I know, it’s kind of weird, but it’s just the way I am. (don’t hate) That said, I was a little annoyed that work email started showing up on my personal MacBook Air. I wanted to get rid of it. Did it mean turning off iCloud Keychain? Well, no. It was actually simpler than I thought. Just delete the account in Internet Accounts and you’ll be prompted with a dialog box similar to this.

Internet Accounts

Click on the image to see full-size

As you can see, you now have the option to delete the account from all synchronized Mac’s (and iDevices) or just from the system you are on. In my case, I removed my VMware email account from my MacBook Air. Now, if I choose to take my Air on a business trip because it’s more convenient, I need only re-enable the account and I’m good to go.

I hope this helps.

mike

There’s no silver bullet

I’m frequently asked about virtualization and cloud security. Usually it starts with a phone call from a sales guy asking “How do I secure the Vblock?” or “What can we sell to secure VMware?” I usually counter these statement with “Tell me the problem you’re trying to solve”.

Once I know what’s actually being asked, I’m usually left having to break the news. There’s no silver bullet. I can’t send you a USB key with the “Secure the Vblock” app on it so you can plug it in and “make it secure”. <\bubble burst>

“But why not Mike?” It’s because there’s just too many moving pieces and too many definitions of what “secure” means. Let’s break that down a bit.

How many moving pieces? Tons. When you think of all the settings you can change that could possibly impact security, it starts to boggle the mind. I’m reminded of two things. “The Butterfly Effect” where one change in a nonlinear system can radically change the outcome and the Mandlebrot fractals, where changing one variable can change the image displayed.

What’s your definition of “secure”? Everything encrypted? All I need is vShield? Twelve character passwords? Logging everything to a SIEM? Updating patches?

The list goes on. (and on…)

With virtualization, we’re putting a huge responsibility on the infrastructure to be secure. Unfortunately, some still treat it as an application and forego things like design. Security is still a “bolted on” construct. IT and Security are still not working together.

Because of the complexity, we need to use more tools. We need to automate and be able to work at scale. IMHO, “Cloud” is not about IaaS, PaaS, SaaS or any of the other *aaS’s. Cloud is about Scale. That means security needs to be able to scale. That means we CAN’T keep doing things the way we always have. (a better excuse for an audit I have not found!)

Some of these tools, performance monitoring, patching, updating, logging, you will find in the quiver of the IT professional.. All tools that the Security Professional should be getting a feed from and understanding how to apply that feed to security.

Hopefully, in the not too distant future, we can provide the ability to make better sense of that data in real time to help better secure the virtual environment. You can start today with using that data to ensure that compliance and visibility requirements are met. If you want a silver bullet, that’s a good place to start!