Virtualization provides the opportunity for a security do-over.
The lead keynote speaker of the 2009 RSA
Conference tried to sound a note of revolutionary change, but did so mostly by
Most of RSA President Art Coviello's
remarks on April 21 were vague exhortations for greater cooperation among
security vendors and mild instructions for practitioners to make demands for
this cooperation. It wasn't until Coviello introduced the taped greetings of
fellow EMC President Paul Maritz of VMware
that the thought-provoking ideas came to the surface.
IT virtualization gives data managers a chance to build a secure computing
infrastructure from the ground up, said Maritz. The next generation of VMware
virtualization technology, announced April 21, will only add energy to the
sweeping transformation of the data center.
eWEEK Labs takes a first look at VMware's vSphere 4. Check out their findings.
There is every possibility that end-user systems-including desktops, laptops
and handheld devices-will also be picked up in the transition as they become
defined more by the ability to access data in the cloud and less as individual
As I write this column from the RSA
conference, it's clear that the industry is at the very beginning of this
virtualization turn. The expo floor is still covered with many familiar vendors
with products that are, for the most part, squarely focused on solving endpoint
security problems in the physical world.
Vendors are supplying products for virtual systems that are basically
software versions of their hardware products. But a few pioneers are making
products from the ground up to protect virtual machines.
Altor Networks, for example, is making a firewall just for the virtual
world. And Shavlik is leveraging its special relationship with VMware to
provide patch management even to systems that are dormant.
To be clear, some IT problems, such as identity management, aren't
fundamentally changed by the advent of virtualization. People are even more
likely to forget passwords as the number of virtual machines that they access
But many problems are changed by virtualization in the data center. Data leak
prevention tools and anti-virus must now gain visibility into the internal
networks used only by virtual machines. In some ways, this is a parallel of the
problem presented to these same products by SSL
Finally, advances in hypervisor technology and hardware design will, for
organizations running the latest versions of both, greatly reduce the
processing overhead usually associated with security solutions in a virtual
environment. VMware's announcement of vSphere and Intel's release of the Xeon
5500 processor family earlier this month, along with functionality that AMD
provides in its chip sets, make it possible to provide security without a
crushing performance hit.
IT managers who successfully secure their virtual environments will set the
benchmark, and lay the foundation, for business success.