One pleasant surprise of the VMware keynote speeches is the persistent importance of integrating security into the virtual infrastructure. From Paul Maritz on down, I have seen topics such as delivering a "Secure Hybrid Cloud" and the urgent need to secure logical boundaries between hardware platforms, networking connections, and storage systems.
I expected to see security relegated to a vShield API with implementation left to the security industry. However, VMware has moved well past keeping security as an arms-length add-on, even to the point of introducing vShield AV, vShield Application, and vShield Edge. The vision of moving legacy and new applications between public and private clouds necessitates a virtual security approach that surpasses static edge filtering commonly found in AV, IPS and firewalls.
By contrast, I've been told by Citrix that while security is clearly important in everything they do, it is not a focus of the company strategy heading into 2011. Citrix announced 17% YoY revenue growth in Q2 of this year which is none too shabby in this economy. VMware, however, announced a robust 48% YoY revenue growth in Q2! While both companies are doing well, with interesting technologies, it seems like VMware offers a more complete vision regarding the role of security in evolving IT services, and perhaps that completeness is showing up on the bottom line.
There is a palpable sense of excitement among the 17,000 attendees as virtualization is starting to overwhelm traditional physical approaches. This is matched by a level of maturity in VMware's positioning vis-à-vis Microsoft, Citrix and Oracle and the role of IT which has the potential to be really good for security teams.
Having said that it is surprising to find relatively few security vendors are here to talk about how they integrate with a virtual infrastructure. Kudos for Check Point, McAfee, Netgear, RSA, Shavlik, Symantec, and Trend Micro for their presence; not good that compliance, GRC, and management vendors do not find this worthwhile.