« The Virtualization War | Main | VMware Acquiring SpringSource »

September 10, 2009

Virtualization and Security (Redoux)

Up until now, VMware treated security by saying as little as possible about it, knowing that arguing that virtualization didn't open up new security surface area just gave credibility to the thought that maybe it did (let sleeping dogs lie) which could only impede sales. Now that VMware is looking beyond the individual virtual machine, and thinking about the Cloud, they have started to talk (credibly) about how virtualization actually helps security. The issues are ultimately complicated (thank goodness there are bright analysts to think about them J ) but here's the basic story line. (1) If you want to talk seriously about the Cloud or even utility computing you need to talk about entire applications — virtual applications or Vapps — that include all the bits needed to get the job done, not about single virtual machines. (2) In order to deploy a Vapp to the Cloud (or even to a private utility or DR data center) you need to specify how it is to be protected. At first blush, a good answer is "just like you did before" except now the security can be largely provided by virtual appliances rather than the physical appliances used previously. (3)When specified on a Vapp by Vapp basis, and implemented by virtual appliances, the security can be as specific and customized as desired. For example, you can think about offering data leakage protection (DLP) tailored to the function and specifics of the application. You need to bind these security specifications in with the other application details so you know what else needs to be provisioned when the application is provisioned and you know where you can and cannot run the application (e.g., what other applications you can co-mingle with). Where it makes sense, part or all of the security can be specified parametrically (e.g., "PCI protection") so that as the regulations change, the specifics of the protection change automatically. VMW's observation is that binding security to the application and assuring it is provisioned as specified is a lot better than what we have now, where in most cases this is partially a manual process, and often requires coordination between multiple teams, all of which is complex, expensive, and prone to errors. The automation also makes it possible (and reasonable) to be much more specific about each application which is also good. Thus, virtualization makes security easier and better.

Posted at 12:40 AM in Cloud, Virtualization, VMWare |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83455e7aa69e20120a5e6240f970b

Listed below are links to weblogs that reference Virtualization and Security (Redoux) :

Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

About

Our Book

Search

Archives

More...

Categories

Newsletter Archives

Infrastructure2.1 Feeds

  • Subcribe to John's Feed
  • Subscribe to Peter's feed

Email Updates

IRG-Intl