VMware's next move is to focus on improved security
Share on Twitter.
Get the most reliable SMTP service for your business. You wished you got it sooner!
September 3, 2015
Near the end of November last year, VMware's network virtualization division manager Martin Casado
suggested that his next move after getting network management apps up and running as a business could
possibly be in trying a new approach to enterprise security.
Now fast forward to today. Casado, who is credited with inventing OpenFlow and led Nicira, the company
that morphed into VMware's NSX network virtualization product, today told us what he's been up to lately,
saying that VMware's immediate efforts are under way with some code already written to help achieve that
One initiative will directly focus on encryption management. Casado thinks it's an oddity that data
in transit across an organization or the wider world is encrypted, but that data inside the data centre
isn't. And he may have a point there.
He feels that's because applying encryption to the many connections inside a data centre is just
too labor-intensive, and it is to a certain degree.
One VMware security project is therefore looking at how to greatly automate encryption technology
and its core management so that data bouncing inside the data centre get the security it deserves, thereby
making the infrastructure less vulnerable to potential network attacks coming from the outside.
VMware's thinking is that it's already good at managing automation and large-scale complexity in
the data centre. NSX can spawn, monitor and take down lots of virtual networks at speed while vSphere
can do likewise for virtual machines, etc.
Casado therefore thinks that VMware has the tools to enable cryptographic management at scale,
and he said that code is already being written to deliver that concept.
The other tool VMware is working on will make the hypervisor an application's guardian. Casado
thinks that applications are helpful to security efforts because they store data and know a lot about
users, so they could potentially offer a lot of context about what needs securing, and why.
He added that networks know very little about what needs securing, but offer useful isolation
of resources. The hypervisor, he hopes, will be the “goldilocks zone” for security because it knows
a lot more about the virtual machines running inside it.
If security applications can run inside the hypervisor, which uses the application's knowledge of
context and the network's provision of isolation, he thinks it may be possible to greatly improve
security to a new level. But he didn't offer a timeframe for the delivery of the product, however.
Get the most dependable SMTP server for your company.
Share on Twitter.