Virtualization — Security Is Still a Concern

Virtualization — Security Is Still a Concern

SAN FRANCISCO — Customers and analysts attending VMware’s annual VMworld conference here this week wondered repeatedly about how secure virtualization is, although they seem enthusiastic about VMware’s technology.

Over 17,000 people are crowded into the conference — which stretches across all three parts of the Moscone Convention Center — and the lines for sessions on new tools and techniques are especially long.

VMware is moving to address security, both through new products and partnerships announced this week and an acquisition — TriCipher, a venture-backed startup in Los Gatos, California, about 30 miles from VMware — that offers strong authentication and single sign-on for cloud-based and software-as-a-service-based applications, including Google Apps and Salesforce.

[login]”I loved the TriCipher acquisition,” says Chris Wolf, an analyst at Gartner. “TriCipher completes the picture — you can connect to SAAS apps, Xen apps and local apps. It’s a big deal for virtual desktops, and obviously other vendors like Microsoft and Citrix will offer similar capabilities — and I imagine they’ll be more transparent in this space. A lot of folks know there’s not a complete solution that does everything for a virtual desktop, but they want to place a bet on a vendor.”

Still, doubts about both security and compliance with regulations, in industries where they apply, prevent customers from jumping into virtualization with both feet.

“It’s not just about the infrastructure and the apps,” said VMware CEO Paul Maritz, stressing the importance of working with partners and customers to hammer out the technology. “The bad guys aren’t standing still either. Increasingly, there are problems with behavioral security. That’s the biggest fear you all have now — is somebody going bad?”

In a session comparing VMware’s security technology with its chief rivals’ — Citrix and Microsoft — Wolf said that all the vendors are still missing security features, although nothing that Gartner considers critical.

He said customers need to be more aware. They should do a better job of auditing for “rogue” virtual machines — untrusted virtual machines on a trusted system, especially a desktop – and should store all their virtual machines in a data center so they can control them better and patch them more easily.

They should also know that hardware can affect the performance and security of a virtual machine, and they should ask tough questions of anti-virus vendors, especially if those vendors are redesigning their products to be virtual.

“Ask specific questions — what can you do on my product?” Wolf said. “Each hypervisor has different capabilities, and the ecosystem (security) vendors can’t do everything they say.”

But some customers pointed out that virtualization can also make security better. There’s more information to work with to determine compliance and analyze threats, and in some situations data can be more easily protected.

“We’re in the inner city, and people steal desktops with patient information,” said James Philbin, senior director of medical imaging and bioinformatics research at Johns Hopkins. “That’s one of our biggest drivers for a virtual desktop – the data never leaves the data center once it hits there.”

IT staffs have a toolkit to fight breaches that they’ve never had before, others said, and CIOs are paying more attention because the penalties for data breaches are bigger than they used to be. “They want to know how to reduce their footprint and the surface area of the exposed data and control who’s getting access, whether it’s locally on the server or client or in the cloud,” said David Ting, the CTO of Imprivata, a VMware partner. “Unattended workstations are locked down.”

Ultimately, Maritz said, customers are still getting used to virtualization, and its risks. “A couple years back I was involved with a deal where a technology company wanted to sell service to a telco in Europe, storing that telco customer’s information, and the customer wanted unlimited liability. The provider had to swallow deeply and commit. There needs to be a gradation (in these situations) — no liability and unlimited liability are both wrong answers,” he said.

Share the Post:
Heading photo, Metadata.

What is Metadata?

What is metadata? Well, It’s an odd concept to wrap your head around. Metadata is essentially the secondary layer of data that tracks details about the “regular” data. The regular

XDR solutions

The Benefits of Using XDR Solutions

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of

kubernetes logging

Kubernetes Logging: What You Need to Know

Kubernetes from Google is one of the most popular open-source and free container management solutions made to make managing and deploying applications easier. It has a solid architecture that makes

ransomware cyber attack

Why Is Ransomware Such a Major Threat?

One of the most significant cyber threats faced by modern organizations is a ransomware attack. Ransomware attacks have grown in both sophistication and frequency over the past few years, forcing