VMware and RSA team up over vSphere security
Embedding encryption into the data centre.
By Ellen Messmer, Network World (US) | Published: 11:37, 24 April 2009
VMware and RSA have announced a strategic plan to embed RSA's data-loss prevention (DLP) and encryption technologies into VMware's new vSphere 4, virtualisation software for the data centre that will soon ship.
The trend toward software virtualisation is well under way "but we're not waiting until the entire transformation is done before embedding security," said RSA president Art Coviello in making the strategic-partnership announcement. RSA is the security division of EMC and VMware is majority-owned by EMC. The first step of the strategy entails embedding RSA's data-loss prevention technology into vSphere in order to monitor or block unauthorised transfers of content held in vSphere
Eventually, RSA's public-key encryption technology would also be tightly coupled to vSphere to enhance data security. But executives from RSA and VMware acknowledged that the virtual-machine (VM) security strategy both are committing to is still in the early stages with no specific shipment dates.
Today DLP for vSphere, the virtualisation software for creating the equivalent of cloud computing inside the enterprise , is not much more than a "proof-of-concept", admitted Brett Hartman, chief technology officer at RSA. "The RSA DLP integrates with vShield, the firewall on the VMware side, for content control as it flows from VM to VM," he added.
The goal is to prevent unauthorised data flows in an efficient manner by having the DLP software tightly coupled into vSphere, probably through software plug-ins, according to RSA senior vice president of products, Chris Young. The long-awaited VMware VMsafe technology is included in vSphere, which will give security vendors a set of application programming interfaces (APIs) at the hypervisor level to more efficiently make use of third-party security products in virtualized environments.
Steve Herrod, chief technology officer at VMware, said it was expected that there will be a need for a VMsafe 2.0 version to support the range of tightly-coupled security functions that VMware envisaged for vSphere in the future.These would include RSA's encryption technologies for public- and private-key encryption and data integrity checking.
But one of the toughest challenges RSA and VMware face in their quest to embed DLP and encryption functions into vSphere is devising a management platform defining how virtualisation and security policies work together in a common management framework. "There has to be a consistent model," Hartman said. "How do the policies work together? We're still working on that."
Herrod pointed out that another RSA product, SecurID for authentication, is supported today in vSphere as well as log-management support using RSA security-event management product enVision.