Security In A World of Virtualized IT Infrastructures

Posted by Charles King
May 11, 2009

At the recent RSA Conference, VMware and EMC's RSA division announced an expansion of their strategic alliance aiming to enable advanced information-centric security functions within VMware's vSphere 4. By doing so, the companies hope to help customers extend the benefits of virtualization across their most sensitive business information and applications.

The pair also plans to increase security beyond what is possible in physical IT environments via efforts such as enhancing VMware's VMsafe technology and developing RSA solutions that enable features like data loss prevention, authentication and security information and event management in vSphere infrastructures. At the RSA Conference, the companies demonstrated practical examples of their collaboration including a proof of concept of RSA's Data Loss Prevention Suite leveraging the capabilities of VMware's vShield Zones to deliver data loss prevention via virtual networks.

VMware and RSA's expansion of their strategic partnership comes at a significant time for the IT industry in general and security vendors in particular. The industry is weathering a continuing, serious slump in IT spending that has bruised or bloodied nearly every market, vertical industry and vendor. Despite those severe challenges, server virtualization (particularly the x86/64 variety) has been a relative bright spot primarily because of well-defined technical and cost benefits offered by solutions such as VMware's.

But while the economy has put enterprise IT projects and budgets under the gun, security has never been more important. Even as organizations leverage IT for more and more business processes, threats from highly skilled individuals and groups, including some reportedly involved in organized crime, continue to rise. At the same time, companies face a host of regulatory and compliance issues related to their business data that, given the hash that deregulated banks and unregulated hedge funds made of the economy, are likely to become ever more stringent.

Security is also an obvious issue in virtualized environments, where individual physical servers may support dozens or scores of applications with often disparate security requirements. This scenario becomes an order of magnitude more complex in cloud computing infrastructures with hundreds or thousands of virtual machines. Perhaps most importantly, cloud computing tends to confound the mechanics of traditional "perimeter" security technologies and solutions. In something as amorphous as a cloud, where exactly is the perimeter to secure?

Related Reading

More Insights