Stephan Bohnengel, Sr. Specialist Systems Engineer Security, VMware
April 18, 2012 18:40
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Stephan Bohnengel, Sr. Specialist Systems Engineer Security, VMware
April 18, 2012 18:40
Stephan Bohnengel, Sr. Specialist Systems Engineer Security, VMware
April 18, 2012 18:40
Delighted to welcome our next presenter, Dr. Stephan bone Engle from VMware and your title is how to build a secure and open cloud. And you have 20 minutes in which to, in which to convince us. Thank you very much. Okay. Do we get a presentation or say it again? Is it there? It's a problem. That's a problem. It's it's It's in the cloud already virtualized. Okay. Then You, I have it on a stick, but in, not in 20 minutes, so I would have to go upstairs. So it's a pity. Do know what the problem is, So, okay. We'll start anyway.
So thank you for having the opportunity here to present on, on VMware cloud stack. We are the first year here at the company and cold conference, and I'm read from the agenda. It's all about identity and access management. In my current role, I'm, I'm an security engineer security specialist, and I'm counseling, large enterprise customers, and also interact with virtualization teams and security teams. When I come to enterprise customers, we've gone, we've gone a long way. As VMware. We have really pioneered it's 86 virtualization and computing.
We are customer proven leader there in this space is about 250,000 customers for the, for the, for the guys of you that don't know VMware. So well, my perception is when I'm coming to enterprise customers, we're still see seen as a virtualization vendor. We have been founded in 1998 and after a short period of 14 years, nearly reached about 13,000 employees from 2006 to 2012. To give you some additional figures about the evolvement we did, we have acquired about 26 different companies to complete our virtualization stack. Because of course we know that we need a complete solution stack.
There are other competitors, it's a highly competitive world out there to really do a holistic, comprehensive team management. And there's also comprises of course, compliance, change management, service monitoring, and so on. So when we are talking to customers and they are starting to virtualize, they see business benefits, they are seeing massive return on investments about energy savings. This was our basic story. They're getting higher. They're getting really higher consultation ratios. They're getting higher agility.
And it, of course is not a, a self-service proposal. It is all about really, really driving business agility. And we heard this also, is it really evolution or the revolution, the next logical step? If you think about virtualization, it's the enablement really for cloud computing itself, you can really, you chunk up CPU's memory and so on to really consume on demand on a scalable elastic way inside the enterprise cloud computing on that perspective is not a technology approach. It's a business approach about, of course, how you consume and deliver it services.
There are really ordinary, real world examples where we see the same effect. If I want to go and travel rapidly to cologne, I don't build my own train. I use a service, right? I take the Dodger barn and I drive to cologne, or I take an airplane, whatever you would not build your, your, your own plane or a train, therefore, but we have to, when we're talking about cloud, it's also a little bit difficult because there are so many types of clouds. What we learned also, I also heard here in the conference, you have private clouds, which really can start small inside on internal company.
You can have public cloud offerings. You have infrastructure as a service platform, as a service software, as a service. And I think in the, in the future, we'll see a combined mix.
Also, when you talk to federal agencies or to companies, there are certain companies that do have high, valuable intellectual properties. These data classification will never go for instance into a public cloud, but it's the way when you're doing internal development in which companies, and you're developing your own software, how you can serve the internal needs.
It puts a big burden and pressure on the it management stuff and the infrastructure operating team to really provide a self-service Porwal to really provide yeah, service catalog of predefined it services that is being able to consumed by the, the internal stakeholders. So when we take at the CIO concerns, as well as yeah, an IDG report, what are concern security contents about cloud security, the biggest ones, the biggest four ones are really addressed or going into the topic into the area area of security.
Who's, who's accessing the information who's holding the data, perhaps regulatory constraints, concerns about the ability to meet enterprise and industry standards. The velocity of change, if you're doing self-service is going to increase. So how are you dealing with this velocity of change? First of all, we VMware invested really heavily in the security area. We see here, we are partnering a lot with security team companies. I don't know.
And we are seeing at the firewall market IDs IPS market, that a lot of our partners, our technology Alliance program are really ramping up and providing, for instance, virtual firewall firewall solutions that run as a service virtual machine on top, on the VMware hypervisor, we launched there 2008.
I don't know if you've heard that the safe program where we gave a security API to selected industry leaders for network inspection inspection, but also in this inspection target areas for this inspection could be agentless, anti developer and anti developer scanning, or for instance, DLP solutions that are also being able to integrate the agentless into certain virtual machines and also seeing the security concepts, the need for new emerging virtual firewall concepts.
Cause when I take a look at today's security concepts, standard physical counter measurements in the firewall area might not be enough. There might be of course, traffic network traffic that is being really handled totally internally on a V switch level. When we're talking about hybrid clouds, what we see now at enterprise customers that a lot of have cloud concepts, internal cloud concepts, the title of this presentation is how to enable a secure and open cloud.
So it's quite a contradiction to a certain extent when somebody proprietary vendor is talking about an open cloud, the moment there's a lot of movement out there in the market and vs VMware try also to standardize as much as we can also in the security area. We, for instance, member of the, of the CSIA Alliance, cloud security Alliance and also of the, of the SIS group and so on, but we see customers are building private clouds.
They want to have the choice, the flexibility, whether they host valuable data internally in an internal cloud, or whether they are, are really renting for a certain amount of time from an infrastructure type of service, a certain amount of compute resources, and also the ability to interconnect these, that the flexibility to really decide whether they want to provision business applications on an internal cloud or an external cloud offering. And also the ability not to have really one way track into our cloud to check their in and never go out, but also have the flexibility of choice.
That's where we have taken the approach from our customers and have taken is also to service providers. And we get to that point a little bit later on where we are working together with vCloud powered enterprise partners as external service offerings and give the customers. So they already the ability of choice to really host services in an internal private cloud or move them to an external cloud service provider. Security also has to evolve there.
And obviously we heard a lot of threats also in cloud models like data theft, internal attackers, and so on about encryption stand out and about identity management. Also there a lot has to evolve in the next few years. Our three core focus areas of VC here is how to evolve the infrastructure structure that you're really able to achieve a zero touch infrastructure structure that is automatically provisioned, which is easy to manage and also, yeah, scalable, flexible to handle. Then the next portion, the next step is the modernized modernized application framework for development.
We acquired a company called spring source, the biggest Java development framework in the world. And we are thinking about a new era of applications because applications are changing. We are getting to an HTML five era where applications might be provided into a cloud and really a massive scale out capability and also the intelligence to understand their infrastructure bigger. They're running on the next thing.
Also, Mr. Farmer mentioned that that the end user devices and bringing own device stuff is really evolving. We see a lot of things happening there. We have a lot of movements as we're also in this space called with project horizon. I don't know if you heard about announcement, we made the Samsung or LG. We want to bring the hyper device also to the smartphone to enable really secure access for certain mobile devices and how you manage this data and users in, in a cloud era where, where you have a lot of moving parts.
When we take a look at the cloud management portfolio, it starts when we take a drill down into these certain areas, it starts with the recent operations management suite. And we also have to really get better in the way that we are monitoring this dynamic resources that are self-provision. Are they scalable enough? We need business intelligence for that. So our capacity management and more important, we also need the configuration management there at the VFI application speed. It's the same stuff for applications provisioning, monitoring the optimization for that.
And over that, we latest it business framework. That really goes over all three parts application development platforms and user computing. And also obviously above the infrastructure and operations management stack. When you think about Google or Salesforce or other softwares or service providers, you only can achieve this. If you want to scale without the burden to increase your operational expenditures.
When you are really introducing a lot of automation, if you know your business processes, and this has to change because nowadays we have the tools to really integrate and do graphical business workflow modeling and to establish workflows for customers. It's called really graphical policy orchestration of recent orchestration or orchestrator is the product that is a free part of our central management visa. That is really able to stick into a lot of infrastructure parts as well as physical infrastructure parts.
And we're able to really, really to a comprehensive business automation and adjustment for the certain areas that need to be achieved. I think what I heard Google from the service they are managing, they have an admin ratio from, from, from one admin to 1000 virtual machines. This is you can't manage such vast environments. If you don't have really a comprehensive optimization framework from a security aspect perspective, if you go back to the convergence and to the reporting capabilities, how can you keep up with such a changing environment?
The first thing is that you also need to have the capabilities from vulner vulnerability reports management and for compliance frameworks. If you want to get reports for auditors, or if you're a cloud provider, if you want to justify your cloud customers, which security counter measurements did you take, how did you protect virtual machines who changed the virtual machines that we are talking about?
So this complete capability across the whole stack from the management of certain virtual machines, you need to have really optimization capabilities, also in configuration management and compliance management. And therefore it is really important also to bring teams together. When I talk to these customers, it's quite interesting. You have these it CS. Now you have got a virtualization vendor that is bringing in and coming in and layering all a resource layer, a resource cloud over compute, networking resources, over storage resources and pulling it together.
So how can you maintain these operational efficiency and how can you, or how much to need you have to change the organization itself, how the company itself is organized, how it teams are talking to each other, okay. We call this a normal maturity model where we are also guidance guiding our customers to really optimally use the virtualization itself to go from normal consolidation from virtualization through automatization, and then also to really business agility. So what are the key elements of an operational trusted cloud?
First of all, always tend to say the house you build in a cloud can only be as stable as the hypervisor that you are running underneath. I heard from various also cloud models from different vendors that it's key or very important to really have yeah. A multi hypervisor management. I don't see it right now at the moment because the other vendors from the possibilities, from the stability, they are still lacking.
And from unrealistic point of view for an internal cloud or internal organization, this is not makes things a really very, very complicated and really leads them to longer provisioning times. You have got, you have to have a trusted platform and you need to have integration frameworks, the right APIs for these clouds. And also you need to have the security frameworks and outed capabilities across these moving parts. If you're talking about regulatory compliance, we have, for instance, here, an example for PCI cardholder data environment, the whole question arises.
For instance, you have a VFI X server. Can I run different trust zones or different virtual machines on the same mixed hypervisor environment we're working there strongly together with also it audit companies like Coalfire and other other QSAs. But also I work personally with, with the BSI to do some research and publications and to really get their common framework of common new perception for the hypervisor itself, because the hypervisor doesn't fit into classical security models.
It's not a server people have, for instance, the yeah, it regulations where they say we don't want to patch multi-home systems, but is a hypervisor. A hypervisor is not a survey. It's like a V switch that you're patching to your physical switch with a server extension, but it's not a classical server system. And then of course, when we are talking about hypervisor management, we are managing the hardware. The roller of the operating system itself is really changing for the, for the partitioning. And that's where, yeah, it really gets interesting for most of the most of the companies.
And you need to have totally robust access controls, who the changes inside the virtual environment. So to say you have super super users with console access to your virtual machines from different departments or even burst from different customers. So you need to have really good audit and change management controls there.
And then we have the duty of that also network services, the process burden that I have been, that I indicated that also network and security services have to be really consumed in a fully automated manner by higher application levels like the cloud Porwal the customer needs a new segmentation or a new network. It must be consumed on demand on, on the fly. This has to go down to this, to the complete stack, okay. From our solution stack, we also invested, of course, in our own virtual file solution, we invested also in the configuration manage management stuff.
And our idea is to have, and fully automated and continuous compliance monitoring. And of course, we also integrate into different frameworks like GRC tools out there in the market, and also in, in relevant sea tools on the market. We also participating in new evolvements like in scap secure content automation protocol or product PCM 55 really is able to fully remediate and harden operating systems is able to harden the hypervisor itself and give you gives you differential reports One minute. Okay.
When you get this really comprehensive compliance dashboards that you are able to, to see, to monitor and to see how your environment is evolving. And obviously all these tools have to be also inside like cloud programmable to be really adjustable and to be pluggable into frameworks because cloud models and how it services are delivered are deferring from use use case to use case for customers in an internal cloud.
Here's some things we have a center of for policy and compliance that is tracking this regulations and also bringing these regulations and hardening guidelines into our product set. Perhaps one thing about the open standards that I was mentioned that I'm finished right now, we have the vCloud data center program, which is a certification for VVM powered cloud providers, external bonds that also being secur standardized after IO or SAR 70 and where the customer is able to really choose from his local cloud, which services he wants to provide, and also provision in external cloud.
A very interesting story is cloud Foundry. I don't know if you heard about VMs cloud Foundry. We have to industry's first open platform as a service model, we're able to extend and use a lot of frameworks. It's about that. Developer is able to program code instead of opening a lot of tickets to get systems, to test on. And without carrying about the middleware, then you have a lot of application frameworks, like ADQ other stuff where you're able to do extensibility service, and you also able to fully program and scale your cloud applications.
Then you are able to choose on which cloud to provide that this is really open source. There's a cloud Foundry org website, and the developer is really able to decide on which kind of cloud he wants to deploy that. For instance, he, he also run on Amazon cloud also on cloud.com Rackspace of different choices for developing and using his code. There's also a MicroCloud for developer to download for his MacBook or his local notebook to, to really use cloud Foundry. And really then to decide where his cloud application should be run.
That's our open platform as a service service standard for really developing clouds here. Thank you. That was it. Excellent. Thank you very much.