Home > Blogs > VMware Security & Compliance Blog


Security in the New Virtualized World…..The “Cloud”

Hi fellow security gurus….Ana Seijas from Security & Compliance Specialist team here at VMware. I wanted to bring you up to speed on some exciting things happening with virtual security and getting you on the Virtual Security Journey……

It’s been a few months since VMworld 2011 but security made a big splash!  So much so that I've been talking to a lot of customers about what they heard there.  With all the talk about cloud, virtual desktops and agility come new concerns for everyone on how are we going to secure these things we can no longer see or touch.  

I see the security industry as a whole still very immature when it comes to understanding virtualization and how it can be used to provide agility, better processes, more control and overall better security.  

I've been in security for well over 20 years and although security, compliance and governance have become critical to organizations, little has been done with it to take advantage of the new agile infrastructures customers are building.

Every company out there has some virtualization…and IT as a whole is changing to support the Facebook generation.  So IT has to move fast to provide the apps that customers want to consume instantly while still making sure to meet the security policies and requirements of so many regulations, while also keeping the hackers out and their brand intact.

VMware has lead the change in how we consume IT….servers, memory, storage and now desktops can all be virtualized.  So what about security!  

Well I believe VMware is leading the way there as well.   Last year at VMworld 2010, VMware announced the vShield suite of products and APIs and the beginning of a new way to consume security.   In the last year, not only have the vShield products been enhanced but 3rd party security vendors are now taking their products and not only making them virtualization aware but also taking advantage of the automation that this new infrastructure provides.   VMware has shaken the security industry and security vendors are hurrying to have the best products for the cloud era.

So what does that mean to customers and specifically to security teams in their organizations.  

For most customers, sometimes security is an afterthought, a burden to maintain…inflexible and the list goes on…. Why not build security right into the platform and make it transparent by automating it.  Security as a Service!

As customers begin to virtualize more of their tier 1 apps, security is beginning to get more involved.  As a security person I urge other security practitioners to get on the virtualization journey and learn how to do better security through virtualization.

Let me give you the top advantages of virtualization and how they can help with security:

1. Built in HA (High Availability) and FT (Fault Tolerance) for VMs and VMs running 3rd party security solutions
2. Isolation in ESX and ESXi is built in by design along with memory protection
3. Ability to automate disaster recovery with tools like SRM (Site Recovery Manager)
4. Ability to automate moving VMs causing malicious activity to a quarantined area using REST API's available in vShield products
5. Ability to automatic security processes with vCO (vCenter Orchestrator) plugins available for Active Directory, UCS, NetApp, SOAP and REST.
6. Automated compliance using vCM (vCenter Configuration Manager) to continuously monitor and remediate both physical and virtual environments.

At this year's VMworld, a slew of 3rd party security vendors were on hand showcasing their new virtually aware technologies….never mind the enormous amount of backup and availability products.

McAfee, Symantec, Trend, BitDefender, Kaspersky, and Sophos all made announcements or showcased their support for vShield Endpoint and agentless AV.

Lumension is also using vShield Endpoint for their whitelisting and blacklisting product.

Hytrust, CA, Catbird, all showcased virtualizaton aware security and compliance tools.

Sourcefire, NetOptics, McAfee, HP Tipping Point, are inspecting inter-VM traffic and showcasing network security solutions.

LogLogic, Splunk, and Envision showcased event management and correlation of vSphere events.

And the list continues to grow!  I suggest taking a look at these products that are bringing the same level of security to the virtual world.  Challenge the security vendors you have today to take the virtualization journey that the rest of your organization is on.

One thought on “Security in the New Virtualized World…..The “Cloud”

  1. Kate Brew

    Hi Ana, nice blog. Any thoughts on how the two worlds, virtual and physical, will be viewed holistically from a security standpoint?

Comments are closed.