This week kicks off VMworld, the virtualization event of the year in San Francisco sponsored by VMware. If you can get there it is a great opportunity to talk about exciting new ways of securing your business while gaining flexibility in your infrastructure. If you can't make it, expect numerous product and partnership announcements to read about. From an endpoint security perspective these areas are virtually interesting:
- Virtual workspaces isolate browsers and VPN clients from malware for securing remote and mobile users. The technology is the mirror image of HIPS - whereas HIPS operates in the kernel to keep an application from infecting the OS, virtual workspaces operate in the kernel to keep the local PC from infecting the business application. IT, instead of having to manage the security of home devices and laptops, now controls the secure access to the business without being overly invasive to the user.
- Virtual desktops, especially those that are locally hosted, contain their own OS allowing IT to centrally control compliance of endpoint configurations with hypervisor-based desktops. VDI, using remote display features, keeps applications and regulated data in the protected data center. IT has less need to deploy USB device control, DLP, and patch management agents on remote endpoints.
- Cloud access to desktops and applications is the future for virtual workspaces and virtual desktops. The explosion of computing in the last 30 years has been driven by placing applications in the hands of the users, and that trend will continue with more powerful devices and ubiquitous network bandwidth. Vendors using the cloud in innovative ways to securely store and deliver data, desktops, and applications allow IT to provide advanced services without investing in burdensome infrastructures.
- Provisioning systems automate the creation of personalized virtual desktops from golden OS and application images. Vulnerability and patch processes can be applied centrally to ensure that users always start their online sessions with pristine compliant desktops. The real value of provisioning systems that support desktops is that they allow IT to plan an orderly evolutionary path from physical environments to virtual desktop/workspace and cloud environments.
Of course, I am also dreading the assault on my senses of Software as a Service, Platform as a Service, Infrastructure as a Service, etc. I'm not really sure I want to understand all of the nuances of IaaS and PaaS - most IT folks I talk with are mostly interested in Business as a Service. Fortunately, security vendors are starting to build virtualization concepts into their product offerings allowing organizations to safely grow towards the cloud. We can compare notes on the top vendors to look for at the end of the week - including a run down of security players.