Solidcore CEO to focus security on virtualization

Anne Bonaparte took the reins as CEO of Solidcore Systems Inc. in May and has spent a lot of time since talking to customers and helping the company adapt its strategy to the changing realities of security and compliance. With a background that includes stops at VeriSign Inc., Hewlett-Packard Co., Tablus Inc. and others, Bonaparte, an engineer by training, is focusing on fine-tuning the company's technology and finding new markets. Executive Editor Dennis Fisher sat down with Bonaparte recently to discuss the pressures of compliance on enterprises, the new economic landscape and how virtualization affects security.

This Content Component encountered an error
There are a lot of concerns around how easily virtual machines can be turned on and what the security model is there. And those are legitimate concerns.
Anne Bonaparte
CEOSolidcore Systems Inc.
How has the focus of the company changed since you took over as CEO?
I've been taking it to the needs customers have around compliance, and specifically around PCI compliance. PCI seems to be the best fit because it's the most prescriptive and it has actual deadlines. We have very interesting technology and in the beginning it can suck a lot of time when you're going out and marketing and telling people about the technology. But Rosen [Sharma, Solidcore's former CEO and current CTO] did a great job with that and now we're in a position to really work on the customer problems. We're in that stage of the business where we have money in the bank, the product is tested and we're in good shape. Technology is great, but there's a consequence if you don't solve an actual business problem So compliance has become the problem that you solve?
In a lot of customers it has. We're shifting to the PCI problem specifically because all of these point-of-sale systems in stores have Windows on them now. We have experience working on that problem with ATM manufacturers. Those machines run Windows now, but all they really need to do is give you money. Our traditional customer has been the CIO or CSO who is concerned about security, change management and a lot of other things. And that's what our solutions do really well. Now we have a totally different guy as a customer who is all about speed and efficiency. The POS systems in these stores can not have delays or inefficiencies. Our systems are very fast because they're not checking signatures or going back and forth to a whitelist all the time. The store managers aren't that interested in the wow factor of the technology. They just want it to work.
Virtualization security:
What risks do application virtualization products pose to enterprise security? Phrases that continue to be used to describe application virtualization are "isolation" or "bubble," but Michael Cobb examines the possible threats.

Virtual network tool gives firm view into virtualized environment: Nielsen Mobile uses Altor Networks' security analyzer to gain insight into virtual network activity.

Initial virtualization costs could outweigh benefits: It could be costly for companies to sort out the new governance, oversight and manageability issues being introduced by virtualized environments.
Retail is a tough segment to be focusing on right now.
It is. People say, "You're going after retail? In this market? And you're making money?" And I say, "Sure." It may be that some of the retail segments are going away, but the ones that survive will have to be PCI compliant. And PCI is the fastest way to a dollar for us right now. And in business you always want to get as close as you can to the top line. The retailers are the ones who have been getting hit by the data breaches and they're the ones with a need for this. A lot of customers do it because they have to, but people shouldn't just be checking a box on things like PCI. Use the energy to do what's right. If you have a problem, it will affect your overall brand. In this environment, some people are being penny wise and pound foolish. What other directions do you see for the company next year?
One intriguing direction for us is the virtualized environment. It's growing very quickly right now, especially with people latching on to the cost benefits. Antivirus doesn't work well in that environment and we've been looking at it to see if our systems can be applied to virtualized environments. It turns out that they can, so we're working on some things there. We can help maintain the sanctity of that environment. There are a lot of concerns around how easily virtual machines can be turned on and what the security model is there. And those are legitimate concerns. I think that's an area that we can help with. And we're also thinking along the lines of something that will help instill a sense of trust in the POS systems for users. Something like what VeriSign was able to do with the checkmark for websites. We want users to think of it as something you can trust. Your products aren't strictly security products, but do you think that we're starting to see a shift away from the old model of a new product for every new threat?
I think we do have to shift the model, especially in some environments where things should be closed by default -- process control systems, for example, and manufacturing control systems. There's a cost benefit to it and these things need to be controlled in a different way than home computers or desktops and servers. We've had too many years of technology chasing a problem. The most important thing is security at the core, and controlling the IT infrastructure is key to that.

Dig deeper on Virtualization Security Issues and Threats

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close