Virtualisation Inspires A Security Rebirth

IT virtualisation gives data managers a chance to build a secure computing infrastructure from the ground up, according to a message EMC president Paul Maritx delivered at the RSA show in the US last week.

The show is hosted by RSA, the security division of EMC, and the lead keynote went to RSA president Art Coviello, but he only delivered vague exhortations for greater co-operation among security vendors and mild instructions for practitioners to make demands for this co-operation.

More thought-provoking ideas emerged, when Coviello handed over to taped greetings from Paul Maritz, president of VMware, the virtualisation giant majority-owned by EMC.

With IT virtualisation, data managers can build a secure computing infrastructure from the ground up, said Maritz. The next generation of VMware virtualisation technology announced 21 April, which eWEEK Labs recently took a first look at, will only add energy to the sweeping transformation of the data centre

There is every possibility that end-user systems, including desktops, laptops and handheld devices, will also be picked up in the transition as they become defined more by the ability to access data in the cloud and less as individual compute platforms.

As I write this column from the RSA conference, it’s clear that the industry is at the very beginning of this virtualisation turn. The expo floor is still covered with many familiar vendors, with products that are for the most part squarely focused on solving endpoint security problems in the physical world.

Vendors are supplying products for virtual systems that are basically software versions of their hardware products. But a few pioneers are making products from the ground up to protect virtual machines.

Altor Networks, for example, is making a firewall just for the virtual world. And Shavlik is taking advantage of its special relationship with VMware to provide patch management even to systems that are dormant.

To be clear, some IT problems, such as identity management, aren’t fundamentally changed by the advent of virtualisation. People are even more likely to forget passwords as the number of virtual machines that they access increases.

But many problems are changed by virtualisation in the data centre. Data leak prevention tools and anti-virus must now gain visibility into the internal networks used only by virtual machines. In some ways, this is a parallel of the problem presented to these same products by SSL encryption.

Finally, advances in hypervisor technology and hardware design will, for organisations running the latest versions of both, greatly reduce the processing overhead usually associated with security solutions in a virtual environment. VMware’s announcement of vSphere and Intel’s release of the Xeon 5500 processor family earlier this month, along with functionality that AMD provides in its chip sets, make it possible to provide security without a crushing performance hit.

IT managers who successfully secure their virtual environments will set the benchmark, and lay the foundation, for business success.

Cameron Sturdevant has been at the eWeek Labs since 1997 and is a data security specialist.