Network World - At the upcoming VMworld conference, VMware plans to highlight new data-loss prevention capabilities in an updated version of its virtual system security product, vShield.
In vShield 5, VMware is adding a way to do data discovery to find out whether sensitive data, such as that for healthcare, payment card or sensitive financial information, is being held in the VMware virtual-machine environment being scanned. But more DLP functions, such as blocking data leaks in transit, won't be in this release, which is expected out the third quarter. VMworld 2011 takes place the last week of August in Las Vegas.
,i>[ In depth: Battle looms over securing virtualized systems ]
"It's not full DLP," acknowledges Dean Coza, VMware's director of product management for security products. But Coza says the data-discovery scanning feature, which is based on technology from the RSA Data Loss Prevention Suite, is going to be a huge help for IT managers that have often found their traditional discovery tools don't work well in the VMware VM environment. (RSA is the security division of EMC, which owns a majority stake in VMware.)
The DLP features that VMware expects to demonstrate at VMworld do not include monitoring or blocking of data in transit, which are capabilities in the RSA DLP Suite. In addition, VMware's DLP isn't integrated into the RSA DLP Suite at all. But Coza says VMware does plan to release a set of open APIs that vendors and companies could use to capture VMware-based information generated about DLP-sensitive data, their policies and reports.
At some point in the future, VMware envisions broadening its DLP push to do things such as preventing data from moving from a network into the cloud, for example, if policy prohibits it, or from one country to another if it violates regulations such as national privacy laws, Coza says.
Phil Cox, director of security and compliance for RightScale, which makes a cloud management platform, says he's glad VMware is taking small steps into DLP rather than trying to go full bore in the beginning. "You have to start somewhere," Cox says, adding that it is often difficult to do data discovery in a VM-based environment.
What VMware will have in vShield 5, based on RSA's data-discovery tool, is a way to scan VMs to identify the type of data out in the network, and keep track of where and how sensitive data is stored and cordoned off based on policies. No host-based software is required for this, as it's based on VMware's architecture for agentless security.
The DLP discovery capability will make it possible to identify data based on a "checkbox" of 80 laws and regulations in the U.S. and internationally for patient healthcare data, payment card and financial. This checklist will assist in setting up network-segmented security zones. It will also provide a way to track sensitive data to ensure certain patching levels or antivirus software is required.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
