We began 2011 with the most significant change to computing since the introduction of client-server computing: virtualization. Virtualization has been with us in one form or another for a long time, but now that it is a staple of the systems world, it really has come into its own.
Virtualization not only has changed the way we build our data centers, it has gone beyond that to change the way we do computing. All sorts of companies are competing for specialized niches, coining new buzzwords and addressing new problems – mostly economically related – by providing the computing power in a centralized data center reached securely (one hopes) over the internet. Some of the offerings are solutions looking for a problem, but a significant number – an ever-increasing number – are legitimate business opportunities.
It is important to recognize that there are at least three important trends driving the explosion of cloud offerings: cost, green initiatives and compliance. Serious computing power costs money. Pulling together several customers who are willing to share a community resource is one way to address that. The catch is that these several customers don't want the others sniffing out their business. So, the concept of sharing this way could not progress without adequate security. That has opened serious opportunities for innovative companies.
Our two companies – one is in the Hall of Fame section – this year are visionaries. They have seen the future and, in true paranoid security fashion, have sought out and addressed challenges. These companies model their solution to virtual problems after similar paradigms in the non-virtual world. Their premise is: If it works in the physical data center, it should work in the virtual one.
That, of course, requires significantly different technology, a business model that is sustainable, and a go-to-market plan that can foster confidence in potential customers. The virtual world is a scary place when one starts thinking about security in the context of the cloud – public or private – and compliance.
vSecurity from Catbird
It's good to be in the Catbird seat, and this Innovator certainly is. This 10-year-old company has an interesting history. Its original business was doing security monitoring from the cloud, even though there wasn't a cloud yet. It solved a problem for banks by remotely checking websites to see if they had been hacked. Then its customers wanted them to check inside the data center, so it put sensors inside so it could do both internal and external monitoring. Then came virtualization and it needed to see inside the virtual host. That defined the problem.
Catbird vSecurity has two components: a virtual machine appliance and a control center with a web-based interface. There is a virtual appliance (sensor) that sits on the hypervisor and reports back to a cloud-based monitoring center so that either the customer or Catbird can monitor. Sensors are free, but Catbird charges for the control center that does monitoring and analytics, and then quarantines virtual machines, based on user definitions. The product suite includes a firewall, access control, intrusion prevention (IPS), vulnerability assessment and what the company believes is most important, compliance based on the user's selection of regulations.
Why does this company position itself as an innovator? Its technology provides in-depth compliance monitoring in a virtual environment. This leads to helping its customers as trusted advisers in the virtual security space. Catbird sells through a value-added reseller (VAR) channel and its market strategy is to put virtualization security on the map by educating the market and being seen as thought leaders. Since people who purchase Catbird are already comfortable with security experts – the VARs – Catbird adds the tools for those experts.
There is no doubt that Catbird has taken a decade of experience and morphed it into a viable virtual security suite of capabilities. Does the company still do the external monitoring? Certainly, although that is not its mainstream business anymore. But, just think of its mix of monitoring. We did, and we made them our Innovator in virtualization security this year.
AT A GLANCE
Flagship product: vSecurity
Cost: $1,995 per socket
Innovation: In-depth compliance monitoring while providing useful functionality for virtual security, especially in cloud environments.
Greatest strength: Experience from the data center to the virtual center.