NeoScale exec Rosenblum told Byte and Switch that the vendor is also working with the Trusted Computing Group on an open Application Programming Interface (API) for the keys that could be used to tie an encryption key to a specific virtualization engine. "That allows you to manage keys from anybody that supports the open API."
Given the problems related to encryption and virtualization, it's not surprising that products don't combine virtualization, encryption, and storage management today. "There's no one vendor providing comprehensive encryption and virtualization -- certainly, none springs to mind," says Dan Tanner, president of the New England Chapter of the ASNP and founder of consulting firm ProgresSmart.
These sentiments are echoed by StorageIO Group analyst Greg Schulz. The big challenge, he told Byte and Switch, is how users manage virtualization, including underlying storage and encryption keys. "There is no silver bullet," he adds, explaining that IT managers must rely on a mishmash of different products.
Even VMware has made only tentative moves in this space. Indeed, VMware is only just now dealing with the encryption issue at all. It has combined virtualization and encryption on its Assured Computing Environment for the Enterprise (ACE) product for laptops. (See VMware Delivers ACE.)
"ACE encrypts the entire laptop," explains Srinivas Krishnamurti, VMwares director of product management and market development. "We use some tricky stuff that I can't go into," he says, although he confirms that VMware developed the 128-bit encryption software itself.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
