Posted by Ted Julian
Yesterday I recapped some ideas from the first day of Gartner’s IT Security Summit here in Washington, DC. Today, I’ll cherry-pick from Day 2 because the last session finished the day with a bang – it was the best presentation from the whole event.
Neil MacDonald gets the “big idea” award for his presentation entitled, “Radically Transforming Security in a Virtualized World.” It was one of the most thought-provoking presentations I’ve seen in my 10+ years in the security business. Yup, that’s not something you’ll hear me say too often.
Perhaps you’re like me and you thought the security challenge / opportunity had to do with securing virtual environments. Like any new technology – wireless, Web applications, etc. – virtualization introduces new security problems that need to be addressed. That may be true – but it’s not the big idea. The big idea is that virtualization offers a new way to secure IT infrastructure with major benefits over today’s approaches. It will spawn new classes of security products that will change the world and next-generation versions of today’s security solutions that will either kill today’s security vendors or save them.
Here are a few examples Neil walked through ranging from the basic to the profound.
- Virtual security appliances. Now that most security appliances run on off-the-shelf hardware, why bother shipping them, powering them, cooling them and otherwise managing them. Instead, use virtual appliances – software containers you can easily drop into your virtualized infrastructure. Way easier to try, buy, and manage.
- VM-spanning versions of existing security solutions. The hypervisor / virtual machine management layer underneath all your VMs presents a ripe opportunity to do things better in several ways. If the security function can be abstracted at the hypervisor level, a single security product VM could provide its services to all of the other VMs. No need to build, buy, or manage distinct security agents for each VM. One anti-virus VM, for example, could provide a-v services to all of the other VMs whether they are Windows, Linux, etc. This approach is not only easier to build, buy, and manage, it’s arguably faster and more secure. As these security services run below the host OS of each of your VMs, they are not rootable in the same way and should run faster with more direct access to hardware.
- New, VM-spanning security solutions. Tapping into the hypervisor / virtual machine management layer should provide a perspective on system activity that spans all the VMs. Analyzing activity at this level yields perspective that will enable an entirely new class of security and management solutions.
Comments