VMware Adds Sensitive Data Discovery In VShield 5 Update

One thorny implication of data sprawl in virtual data centers is that organizations often lose track of the data that's stored on virtual machines. For regulatory compliance reasons, customers have been clamoring for visibility into these VMs, and VMware is now giving them a tool that roots out sensitive data in virtual environments.

Developed in partnership with RSA, VMware's new vShield Data Discovery tool identifies unstructured data in virtual environments that's subject to regulatory compliance laws. It's part of vShield App, VMware's hypervisor-based firewall that runs on each vSphere host and fences off sensitive data based on the specific needs of the organization.

"It's like an X-ray or CAT scan for cloud infrastructure," said Bogomil Balkansky, vice president of product marketing at VMware, said in an interview.

Using VShield Data Security, a customer could set up a special trust zone for all virtual machines that contain PCI data, for example. Dean Coza, director of security product management at VMware, describes VShield Data Security as an "elastic, automated and programmable security-as-a-service" that scans in the background and identifies files without impacting the network.

"It can issue a report that says you have 30 PCI files and 20 HIPAA files, for example, giving customers a picture of what their exposure might be," Coza said.

VMware is also trying to make VShield extensible on both the endpoint security and network security sides. VMware teamed up with Trend Micro last year on an agent-less antivirus module for virtual environments, and by year's end, VMware expects to have finalized an SDK that will enable other endpoint security vendors to make security products for virtual environments, Coza said.

As part of the vShield 5 update, VMware is adding a network layer 2 firewall to vShield App that will allow security vendors to integrate their intrusion prevention system (IPS) products. Coza said VMware expects to eventually work with McAfee, Symantec, Trend Micro, HP TippingPoint, Cisco and Sourcefire on the network security side of VShield.

"One of the nice things about having a programmable infrastructure is that partners can immediately take advantage of it and start extending it," Coza said.

VMware in 2008 tried to establish an ecosystem of security partners with its VMSafe program, but that effort fizzled after attracted only seven vendor partners. Coza said VMSafe's integration was lacking in the control and management planes, which led to scalability and portability challenges.

VMSafe also required partners to learn about all the inner workings of vSphere in order to develop products. "The VMSafe process required a significant amount of handling from VMware and didn't allow us to scale," Coza said.

VMware has learned from this experience, though, and has come up with a new approach. Introspection is still the focus, but VMware has improved management and control planes is also allowing partners to leverage logical containers created by one another in the management plane, Coza said.

VMware has adopted a new distributed architecture in vShield 5 that uses a security VM running on every host, with each host handling between 50 and 100 VMs, Coza said. Not all customers will have that high a ratio, but the distributed approach yields significant performance gains, Coza added.

"Instead of having one super beefy box that's very rigid and IP based, and which needs expensive VLAN tiering, you can have a lot of these small virtual appliances that are running on each host," he said.

The vShield 5 product family -- which consists of vShield App, vShield Edge, vShield Endpoint -- will be available in the third quarter and will be licensed per VM starting at $50 per VM. Customers have the option of buying all three as a bundle for $300 per VM.