The information security field is not yet fully mature; there is a lack of cohesive interoperable framework.   The rapidly evolving landscape adds to the existing problem. There are several examples: Intrusion Detection System (IDS) was quickly overtaken by Intrusion Prevention System (IPS).  On the Firewall arena: the focus has moved from perimeter security to end point security.  There are some security visionaries who are preaching inside-out security approach i.e. building products with information security in mind from the beginning.

Threats are moving higher up in the OSI stack making it harder to detect. Hackers are becoming more sophisticated – there are powerful free open source hacking tools available at their disposal. Security managers driving security initiatives without co-ordination can result in pieces of puzzle that don't fit well. Agency problem i.e. security managers thinking more about their personal advancement rather than security of the company is bad for the company’s security initiative. Security leaders who do not have a clear vision of

security at the component level, the administration level and the strategy level can only make information security even more convoluted. The CISO and acting CIO of US Dept of Veteran affairs resigned after the breach in May, 2006 where personal data of 26 million veterans and more than 2 million service members was stolen. This clearly demonstrates the accountability and visibility of security leadership.

The attitude of IT security leaders and security team members has a significant impact on security.  Reckless buying of information security technology can result in wasteful expenditure and very little gain in efficiency. Not understanding the business perspective of security issues or security perspective of business issues can lead to poor security decisions. Using security as a mechanism to gain control rather than using it as a tool to reduce risk can only diminish the perceived value of security initiative. Implementing security as an afterthought rather than building it into the framework not only result in poor architectural decision. Security investment is more like buying insurance. Thinking security as a vehicle providing an ROI can result in wrong expectation and lead poor decision. The business in which a company operates contributes largely to the perceived importance to security. Financial institutions usually have a higher bar on security because of the very nature of their business and their exposure legal liability. It is a good idea for many technology companies to emulate financial institutions to raise their information security bar.

It could be a pipedream to accomplish complete  information security but accomplishing a well managed information security program is an attainable possibility.

New VMware VMsafe™ Technology Allows the Virtual Datacenter to Be More Secure Than Physical Environments

Twenty Industry-Leading Security Vendors, Including CheckPoint, McAfee and Symantec, Endorse VMsafe Technology and Announce Plans to Build Interoperable Security Solutions

Cannes, FRANCE, February 27, 2008 – VMware, Inc. (NYSE: VMW), the global leader in virtualization solutions from the desktop to the datacenter, today announced new security technology called VMware VMsafe™, http://www.vmware.com/go/vmsafe,  that protects applications running in virtual machines in ways previously not possible in physical environments.

To read more click here:  http://www.vmware.com/company/news/releases/vmsafe_vmworld.html

---------

Wow, what an announcement today for security vendors looking to sell their wares to a growing base of customers taking advantage of virtualization and a great way for VMWare to help its customers secure networks created by VMWare!

This announcement from  VMWare  does highlight that VMWare is serious about helping their customers address security challenges.  What is still to be determined however, is what this really means to customers.  There were 20 security companies announced in the partnership and little information about what security problem each company is solving.  I guess  we should expect to see 20 press releases from these individual security companies in the near future.

My educated guess though, is that most security vendors will just be offering their existing security products that are in many cases physical firewalls, anti-virus, UTM, etc. The real value will be from solutions that bring unique value to the virtual environment vs. network designs that dictate routing traffic out of the Virtual Environment to a physical security appliance and back in.  The other question is ; will the software vendors just be installing their software on the operating systems of Virtual Machines vs. Physical Machines?

Are there any real hooks being offered today that connect to VMWare and take advantage of these API's or are these things yet to come?  My educated guess is that these are still things yet to come from the majority of the vendors in the program.

I've had the privileged of reading the API documents as the CTO of Montego Networks which is also part of the VMSafe program that was just announced and am very excited about the future possibilities of the program. 

I'm excited to see the space finally get its due attention and am confident that the program will give birth to many new ideas and products that help solve the many security challenges introduced by virtualization.

There are so many vendors in this newly announced program.  I hope to see quality from the program vs. marketing quantity!

New VMware VMsafe??? Technology Allows the Virtual Datacenter to Be More Secure Than Physical Environments

Twenty Industry-Leading Security Vendors, Including CheckPoint, McAfee and Symantec, Endorse VMsafe Technology and Announce Plans to Build Interoperable Security Solutions

Cannes, FRANCE, February 27, 2008 ??? VMware, Inc. (NYSE: VMW), the global leader in virtualization solutions from the desktop to the datacenter, today announced new security technology called VMware VMsafe???, http://www.vmware.com/go/vmsafe,  that protects applications running in virtual machines in ways previously not possible in physical environments.

To read more click here:  http://www.vmware.com/company/news/releases/vmsafe_vmworld.html

---------

Wow, what an announcement today for security vendors looking to sell their wares to a growing base of customers taking advantage of virtualization and a great way for VMWare to help its customers secure networks created by VMWare!

This announcement from  VMWare  does highlight that VMWare is serious about helping their customers address security challenges.  What is still to be determined however, is what this really means to customers.  There were 20 security companies announced in the partnership and little information about what security problem each company is solving.  I guess  we should expect to see 20 press releases from these individual security companies in the near future.

My educated guess though, is that most security vendors will just be offering their existing security products that are in many cases physical firewalls, anti-virus, UTM, etc. The real value will be from solutions that bring unique value to the virtual environment vs. network designs that dictate routing traffic out of the Virtual Environment to a physical security appliance and back in.  The other question is ; will the software vendors just be installing their software on the operating systems of Virtual Machines vs. Physical Machines?

Are there any real hooks being offered today that connect to VMWare and take advantage of these API's or are these things yet to come?  My educated guess is that these are still things yet to come from the majority of the vendors in the program.

I've had the privileged of reading the API documents as the CTO of Montego Networks which is also part of the VMSafe program that was just announced and am very excited about the future possibilities of the program. 

I'm excited to see the space finally get its due attention and am confident that the program will give birth to many new ideas and products that help solve the many security challenges introduced by virtualization.

There are so many vendors in this newly announced program.  I hope to see quality from the program vs. marketing quantity!