By far, the lowest hanging fruit of virtualization and cloud environment security is the segregation of your management control from your workloads. Separation of data and control planes has been recommended for everything from storage (EMC ViPR) up to the workloads running within virtual machines. The same holds true for cloud and virtual environment management tools, tasks, and functions. Up to now there have been very few choices in how such segregation could be implemented. They have been limited to using properly placed firewalls or to using some form of proxy, and the only proxy available was HyTrust. But this has changed. There are some other tools that will help with this segregation of data from control; do they give the level of auditing we require to solve the delegate user problem?