VMware to release APIs to security vendors under VMsafe

By Robert Westervelt, News Editor 27 Feb 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

VMware Inc. launched a new technology it calls VMsafe, designed to protect applications running in virtual machines.

Under VMsafe, the Palo Alto, Calif.-based virtualization software vendor would release application program interfaces (APIs) to security vendors, allowing them to develop security software that integrates with VMware software.

VMware executives have been under increased pressure to address security concerns from industry experts and IT security pros. At its VMworld conference last year, industry analysts and security pros saw the benefits of the technology but voiced their skepticism that it could be easily secured.

Virtualization security: The security benefits and risks of virtualization: IT shops are looking at virtualization as a way to improve data security and make patch deployments more efficient. As Senior News Writer Bill Brenner reports, many IT pros say the benefits are real if the technology from a range of vendors is examined. But IT pros and analysts say security risks remain. Preparing for virtualization security unknowns: Server virtualization technology is revolutionizing enterprise data centers, but nobody knows just how it will affect enterprise information security. Will using virtualization software put an enterprise at risk? A virtualized IT infrastructure can simplify operations and save a company money, but is such an environment secure?

Pete Lindstrom, an analyst at Midvale, Utah-based Burton Group said he would watch to see how an API program would be managed. Lindstrom said the timing is right since threat level to virtualized environments is low, because many firms are in the early adoption phase of deployments.

"When you hear folks speak about standards, APIs and toolkits it's great for flexibility, however, you're gross risk associated with the hypervisor increases," Lindstrom said.

The hypervisor is an ultra-thin layer of software that runs directly on server hardware independently of the operating system, enabling users to create virtual machines on the server to run applications.

VMWare is addressing the hypervisor through its API program. It said its VMsafe technology would allow security vendors to build products that integrate into the VMware hypervisor.

VMware said the software will increase transparency into the memory, CPU, disk and I/O systems of the virtual machine. It said 20 security vendors, including Symantec, McAfee, the Internet Security Systems division of IBM, EMC's RSA security divison, and Check Point Software Technologies, plan to develop software that is interoperable with virtual machines.

"The industry has come out in full force to support VMware VMsafe technology with plans for a whole new class of security products that offer customers new advantages to running applications in virtual machines." Raghu Raghuram, vice president of datacenter products and solutions, said in a statement.

Tags: Virtualization Security Issues and Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Virtualization Security Issues and Threats Cloud computing data security starts with internal strategy, experts say PCI virtualization SIG closer to proposing changes to standard Security challenges with cloud computing services Secure virtual desktop software enables remote client security Security threats to virtual environments less theoretical, more practical At VMworld 2009, companies focus on virtual desktops for security Security fundamentals remain focus of virtualization deployments How to implement virtual firewalls in a complex network infrastructure How to find virtual machines for greater virtualization compliance Quiz: Virtualization and compliance

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary