Product Group Tests
Emerging productsMarch 01, 2012
The Emerging Products section keeps tabs on important emerging market segments within the information security space and seeks out promising new companies and products that we think will shape the market segment. This year we will be looking at such areas as cloud and virtual system security, on-line fraud detection, mobile device security and security as a service. As one might expect there are new companies with innovative new products, old pros with creative approaches to new problems and a few good ideas that have not made it into the mainstream. Think of this new section as Innovators meets First Looks.
Typical of new market spaces is the problem of how to define the space. This first foray is no different. When we look at the cloud and the virtualized systems that, arguably, have made it possible, we find no dearth of hype, marketing jargon and, well, more hype.
There is no real definition for "the cloud," so that probably is a good place to start this month. Sorry to burst any marketer bubbles, but that is how it is. Actually, that probably is a good thing because we can make the cloud be whatever we need it to be. And that is exactly what has happened. In the course of my discussions, I learned that there is a difference between the cloud and virtualization. That difference relates to public clouds and private clouds. And, I am not so sure that I understand that rationale here.
Great! I can write authoritatively on the topic and nobody (or everybody?) can dispute me. The fact is that the whole thing is really pretty simple if you think about it for a moment. Long years ago, we used to represent the internet as a cloud. One fine day someone got the idea that if we put a bunch of files on a server on the internet everyone could share them. Not very innovative, that. Share a few files over the internet. No big deal.
Then someone thought, "If we can share files, maybe we can share applications, platforms and all sorts of stuff." Brilliant! Of course, there was precedent. We had timeshare (sharing data and applications) for decades. But no matter. We did that over dial-up. Now, we have the internet. But that's not a very cool designation. It needs a new name. The internet is a cloud. How about, "the cloud"? And so the cloud was born.
But there was still a problem. If we want to share a bunch of stuff, especially storage space, we will need really big data centers. So, along came a vendor - probably VMware, but history is a bit fuzzy on this - and said, "No sweat. We'll just virtualize everything, use SANs and all will be well." And, as it turns out, it was. But the cloud and virtualization are two entirely different and mutually exclusive things. They are not interdependent. It is true, of course, that virtually all instances of the cloud are virtualized, but that is not a dependency. Just a convenience.
Now we have a new problem. Along came a company and said, "All of these companies are building their clouds for other people to use. We don't trust them. We want our own clouds." So they went out and got their own copy of VMware and, voila, a cloud. Now we begin to see how the challenges of cloud computing grew. This is a security issue. Usually it applies to virtualized systems because they are where most clouds are born. They are both the most insecure (because they share a lot of resources among users) and the most secure (because with the right tools and configurations enclaves can be built that don't even know about each other) and are potentially well suited to the cloud.
However, the bottom line is that the real challenges - control of one's particular virtual space, for example - fall somewhere in the middle of the differences between public and private clouds. Virtualization is merely the executor of any security solution to the various problems. That said, of course, virtualization is the real target, not the cloud. If you do the virtualization right ,the cloud gets secured as part of the game.
And that is what this month's emerging products are all about: securing the cloud, whether public or private. So, as we open our first Emerging Products group, enjoy!