Security In A World of Virtualized IT Infrastructures

At the recent RSA Conference, VMware and EMC's RSA division announced an expansion of their strategic alliance aiming to enable advanced information-centric security functions within VMware's vSphere 4. By doing so, the companies hope to help customers extend the benefits of virtualization across their most sensitive business information and applications.

The pair also plans to increase security beyond what is possible in physical IT environments via efforts such as enhancing VMware's VMsafe technology and developing RSA solutions that enable features like data loss prevention, authentication and security information and event management in vSphere infrastructures. At the RSA Conference, the companies demonstrated practical examples of their collaboration including a proof of concept of RSA's Data Loss Prevention Suite leveraging the capabilities of VMware's vShield Zones to deliver data loss prevention via virtual networks.

VMware and RSA's expansion of their strategic partnership comes at a significant time for the IT industry in general and security vendors in particular. The industry is weathering a continuing, serious slump in IT spending that has bruised or bloodied nearly every market, vertical industry and vendor. Despite those severe challenges, server virtualization (particularly the x86/64 variety) has been a relative bright spot primarily because of well-defined technical and cost benefits offered by solutions such as VMware's.

But while the economy has put enterprise IT projects and budgets under the gun, security has never been more important. Even as organizations leverage IT for more and more business processes, threats from highly skilled individuals and groups, including some reportedly involved in organized crime, continue to rise. At the same time, companies face a host of regulatory and compliance issues related to their business data that, given the hash that deregulated banks and unregulated hedge funds made of the economy, are likely to become ever more stringent.

Security is also an obvious issue in virtualized environments, where individual physical servers may support dozens or scores of applications with often disparate security requirements. This scenario becomes an order of magnitude more complex in cloud computing infrastructures with hundreds or thousands of virtual machines. Perhaps most importantly, cloud computing tends to confound the mechanics of traditional "perimeter" security technologies and solutions. In something as amorphous as a cloud, where exactly is the perimeter to secure?

In essence, this is the challenge that VMware and EMC's RSA division intend to confront. As such, the pair's efforts are aimed directly at securing enterprise's internal clouds, external clouds hosted by traditional service providers and "private" clouds that blend internal and external IT resources. Almost by definition, this vision of the future of cloud computing (with VMware's vSphere as its foundation) will require highly robust, flexible and scalable security solutions in order to succeed.

That said, is this expanded collaboration worth taking seriously? We believe so. Make no mistake, the effort is definitely in embryonic stages, but VMware's vSphere is likewise a work in progress. Even as the vSphere "cloud OS" continues to grow and mature, we expect to see a similar expansion and maturation of RSA's complementary technologies and solutions. We also expect the pair will experience bumps along the road, in some cases due to the efforts of formidable competitors, including Microsoft and Citrix.

But if VMware and EMC's RSA division can stay focused and deliver on the vision of secure cloud computing, their mutual enterprise clients stand to reap huge benefits. In addition, key EMC and VMware partners, including Dell Computer (which has been ahead of the curve in its commercial cloud efforts) and newcomers like Cisco Systems are likely to play significant roles in helping these solutions find a place in the market. Overall, while the challenges facing VMware and EMC's RSA division are large, we believe the potential opportunities the pair could find in safely securing virtualized and cloud computing infrastructures are enormous.