By far, the lowest hanging fruit of virtualization and cloud environment security is the segregation of your management control from your workloads. Separation of data and control planes have been recommended for everything from storage (EMC ViPR) up to the workloads running within virtual machines. The same holds true for cloud and virtual environment management tools, tasks, and functions. Up to now there have been very few choices in how such segregation could occur using properly placed firewalls or by using some form of proxy and the only proxy available was HyTrust. But this has changed. There are some other tools that will help with this segregation of data from control and do they give the level of auditing we require to solve the delegate user problem?