VMware Has a Security Attention Deficit Disorder
August 30, 2013 Leave a comment
- VMware continues to shift its virtualization security priorities around, this time with a focus on the new Service Composer in the NSX virtual networking platform.
- Despite the lack of focus on VMware’s part, third-party security providers continue to make progress with existing products, building up greater maturity and expanding their installed bases.
VMware’s attempts to deliver a cohesive set of security services for its dominant server virtualization technology in partnership with leading security providers appears to be a bit of a shell game. Just when you thought the gold security coin was under one shell, you discover that you missed the last move and now it is under another. In this case, VMware had been working to create a set of higher level APIs developed in conjunction with leading security partners that would be easier to work with than the former VMsafe APIs and reflect the requirements of a broader set of security functions—not just anti-virus signature scanning. But that was before VMware acquired software-defined networking startup Nicera for over $1 billion around the time of VMworld 2012. Fast forward to VMworld 2013 and voila! No progress report on the security APIs, no expansion of the partners writing to those APIs, no case studies demonstrating real world deployments of security products using those APIs to deliver better security for VMware hosted applications. Instead what you find is that VMware has shifted its attention (and resources) to trying to establish a virtual networking platform that it hopes will do for networking what the virtual machine did for computing.
And what of those security APIs? They are now a part of the new virtual networking platform called NSX. Once again the focus for third-party development and integration of security functionality has shifted to yet another mechanism, the NSX Service Composer. Service Composer is a configuration interface that gives administrators a consistent way to deploy third party firewalls, IPSs, anti-malware, data loss prevention, vulnerability assessment and other security tools in a vSphere environment. With all of these false starts and shifting priorities, it should be no surprise that the field of third-party security supporters appears to be shrinking – at least when it comes to Service Composer and for the time being. VMware was only able to come up with five security ecosystem partners who were able to demonstrate at VMworld 2013 a proof of concept of some security tool that could exploit Service Composer. Those include VMware security stalwart Trend Micro as well as McAfee, Symantec, Palo Alto Networks and tiny Rapid7, the latter of which provides a vulnerability assessment tool. To be fair, at least two others – Fortinet and Check Point – are not far behind. And security vendors that had already delivered products that exploit the higher level APIs continue to improve on their offerings and are seeing expanded adoption of those. Two prime examples of such vendors include McAfee with its MOVE anti-malware offering and HyTrust with its appliance for policy enforcement.