April 23, 2009, 10:58 AM — VMware and RSA announced a strategic plan to embed RSA's data-loss prevention (DLP) and encryption technologies into VMware's new vSphere 4, virtualization software for the data center which will soon ship.
The trend toward software virtualization is well under way "but we're not waiting until the entire transformation is done before embedding security," said RSA president Art Coviello in making the strategic-partnership announcement. RSA is the security division of EMC and VMware is majority-owned by EMC. The first step of the strategy entails embedding RSA's data-loss prevention technology into vSphere in order to monitor or block unauthorized transfers of content held in vSphere
Eventually, according to the plan outlined Wednesday, RSA's public-key encryption technology would also be tightly coupled to vSphere to enhance data security. But executives from RSA and VMware acknowledge the virtual-machine (VM) security strategy both are committing to is still in the early stages with no specific shipment dates.
Today DLP for vSphere, the virtualization software for creating the equivalent of cloud computing inside the enterprise , is not much more than a "proof-of-concept" which RSA is demonstrating in its booth here at the RSA Conference, admits Brett Hartman, chief technology officer at RSA.
"The RSA DLP integrates with vShield, the firewall on the VMware side, for content control as it flows from VM to VM," said Hartman.
The goal is to prevent unauthorized data flows in an efficient manner by having the DLP software tightly coupled into vSphere, probably through software plug-ins, according to RSA senior vice president of products, Chris Young. The long-awaited VMware VMsafe technology is included in vSphere, which will give security vendors a set of application programming interfaces (APIs) at the hypervisor level to more efficiently make use of third-party security products in virtualized environments.
Steve Herrod, chief technology officer at VMware, said it's anticipated there will be a need for a VMsafe 2.0 version to support the range of tightly-coupled security functions that VMware envisions for vSphere in the future.These would include RSA's encryption technologies for public- and private-key encryption and data integrity checking.
But one of the toughest challenges RSA and VMware face in their quest to embed DLP and encryption functions into vSphere is devising a management platform defining how virtualization and security policies work together in a common management framework. "There has to be a consistent model," Hartman said. "How do the policies work together? We're still working on that."
Herrod pointed out that another RSA product, SecurID for authentication, is supported today in vSphere as well as log-management support using RSA security-event management product enVision.
