VMworld: Security Buzz

Nearly everyone I talked to at VMworld was buzzing in some form about Virtualization Security. Everyone has picked up on the pre-show and show buzz from VMware, Trend Micro, HyTrust, and every other security vendor.  There have been announcements about security, keynote sessions that include security, and more than a few sessions about security.

This is also arguably the first VMworld where there are a large number of Virtualization Security sessions and panels have not been entirely from VMware. I find involving the industry as they have at VMworld moves forward the entire virtualization security ecosystem.

The buzz is about security, but the other aspects of going to the Cloud were also discussed. But until the security issues are solved, many are delaying their moves to the Cloud. Given the announcements Intel, VMware, Trend Micro, RSA, HyTrust and other security companies, secure multi-tenancy may be achievable soon. The advancements are there to add protection and auditing capability. So now, just maybe we can tell if the data has been modified or seen by those who do not have the rights to do so.

In the past, security had maybe a 10 second spot during the VMware keynotes. Now it is front and center with the announcement of their new vShield Zone products which not only provides firewall technology but the ability to create encrypted tunnels between multiple cloud providers. This is how VMware implemented their hands-on labs this year. 40000+ seats for the lab all tied to  the Verizon and Terremark clouds joined together through encrypted tunnels forming an single whole.

In addition, I have found that the security vendors are listening.  They have improved their products to reduce the weaknesses pointed out to them at past discussions with customers and security pundits alike. This type of responsiveness is required to aid customers moving to the cloud.

The big news is also about how many alliances have been made within the industry. We mentioned the Catbird-HyTrust alliance, but this is not all. HyTrust has teamed up with RSA, Cisco, Intel, and Catbird amoungst others. While Catbird has teamed up with HyTrust, McAfee (Intel), and others.  These alliances show up in the other companies products and provide for a stronger management and security layer.

We are close to true secure multi-tenancy. But things are now good enough to enter the cloud. By combining VMware vCenter and vCloud Director products with HyTrust, Catbird, Reflex Systems, Trend Micro, or Altor products you can gain enough of an audit trail to meet most if not all of the current compliance guidance. No one product can secure your environment or provide for the necessary audit trail.

Yet, protecting the data within the VM from being accessed from a virtualization or cloud administrator is still lacking. While I can now audit for this possibility, it is not yet possible to deny this access directly through VM encryption capabilities. That will require something like encrypted memory or other advanced mechanisms such as Multi-Level Security (MLS), SELinux, or an equivalent. For now you must TRUST your cloud and virtualization administrators.

The best of VMworld awards for Public Cloud went to Terremark, as it has the most advanced security configuration of any other cloud provider including the ability to apply forensics as necessary.

Security is definitely the buzz at VMworld 2010.

Posted in SecurityTagged , , , , , ,