One thing we’ve been working on with VMware for years now is around making the virtual, cloud world more secure than the physical one. I’ve said it before, and it’s worth saying again – the view we share is that security will be need to evolve, and will be disrupted by virtualization.
policy enforcement will need to become “part of the virtual infrastructure” and become very close to the information – because the the environments will be so fluid, so elastic – “clamping devices on the network choke points” simply won’t work.
If this isn’t immediately obvious, think about someone taking a VM and the data that constitutes it and using vCloud connector to move it to a vCloud service provider as an example. If enforcement of the policy doesn’t “follow the compute/data” – you’re hosed.
The fruits of years of labor are showing up – the most recent example being the collaboration to embed data security, and checking for compliance into the vShield 5 App capabilities.
If you are a person responsible for security, or have every been audited, or have been told “we can’t virtualize this because we can’t audit” – this demo (shown in Pat Gelsinger’s supersession – SUP1006 during the “Chad’s World” bit) will knock your socks off.
That demo shows:
- How easy it is to check for compliance against global standards.
- How easy it is to catch “data leakage”
- How vShield 5, vCenter, ESX all integrate with RSA Envision to provide an end-to-end view across the datacenter (physical, virtual – everything)
- How they all can tie into RSA Archer for a Governance, Risk, and Compliance dashboard and automated workflows (to isolate/remedy/notify).
Remember – that this all is simplified by orders of magnitude as the workload is a virtual machine. The next time someone says:
“we can’t virtualize/go to cloud because of security”
…the right answer is:
“we should virtualize/go to cloud BECAUSE of security”
What do you think? What else could we improve?