No doubt about it, virtualization is quickly becoming the new darling of the security media. Of course I am judging strictly by the media requests we are receiving for interviews. I am still learning about all of the different issues here and will have to pick Hoff's brain a bit, but thinking out loud, here is what I am seeing in terms of categories:

1. Utilizing virtual machines for security versus securing virtual machines. In another words is virtualization an enabler of security. Many security companies by allowing their products to run in a virtual machine claim they have a story around virtual security. To me they are just using virtualization as an enabler to let their product be more efficient and less hardware intensive. However, I don't quite buy that this is virtual security.

2. Virtual to real security - This is security that plays at the intersection of virtual data flows into "real" networks. I don't think you need that much virtual special sauce to play at this intersection, but there are companies jumping the virtual bandwagon by doing just this.

3. Server vs desktop virtual security - A lot of focus has been on the data center/server/application virtualization aspect. I do think that this is where we are going to see a lot product innovation in the coming months. However, over the longer run we are going to see security issues around desktop virtualization. Whether it be desktop agents or better sandboxes that are more OS and HW independent (not just floating on top of the OS), I think there is opportunity here for innovation as well.

4. Virtual to virtual security - this is the part that has me most excited. I think controlling this virtual to virtual data flow is going to take a new class of security. More than the APIs in VMsafe, we are already starting to see a new products and companies filling this niche.

I will be watching RSA carefully to see if this virtual security theme is the "next big thing" for this years show. I think you should too!