Security for virtualized infrastructure topped the category list of security innovation at this year’s RSA 2010 Innovation Sandbox competition.  Altor Networks, providing solutions for malware protection, VM segregation, and compliance for VIS took the number 1 award for best innovation, business value delivered, and management team in the “American Idol” – style contest.

The Top 10 playing in the Innovation Sandbox were:

RSA 2010 Security Innovation Sandbox

The audit profession, including the education, the frameworks used in practice, certifications and tools is further behind than security when it comes to the what’s needed for the safe transition from traditional data center technologies and virtual infrastructure.  However, the realization that audit requirements, technologies, and even AaaS, or Audit as a service, are fundamental to sustaining a level of trust in virtual computing is beginning to gather steam, support, and critical thinking.

Two important developments to keep track of:

A6, CloudAudit

Check

When Dave Donatelli left  EMC last April to run HP’s infrastructure business I wrote at the time that this was another move on the chessboard– “there’s more to this match than storage; and HP just moved a pawn on the board. The question is what can the Rook now see that it couldn’t before?”   

At the time I wrote that the data center business has become an oligopoly where Cisco, HP, IBM, Intel, Microsoft and Oracle are $100B players (revenue and or market cap) and any move they make has an impact that ripples through the industry. I’m putting VMware and EMC in that mix too given the momentum that VMware has.   

A New Way to Automate Marketing Content Creation

I first met Brad O’Neill in 2007. I was told I should meet with him because he was one of the brightest people around. We had a number of mutual contacts from Brad’s days at Storage Networks, Inc. and as an analyst at the Teneja group and because I was just getting Wikibon off the ground I expected it would be a useful meeting.

What's in Store for Social Media?

I was at the BDEvent in Palo Alto this week. For those who don’t know, the BDEvent was founded by Vanessa and Greg Duplessie as a no BS forum for doing deals. Really. No users. No booths. No demo dollies. No BS. Actually there was plenty of BSing but of a different kind. At any rate, the way it works is companies address the audience in brief 15 minute segments and it’s all about who you are, what your company does, why its different and what kind of deals you want to make. Interested? Let’s talk. Not interested? That’s fine too.

500 VMware Zealots Hit The Razor

Last week at Gillette Stadium in Foxboro, MA, Mike Versace and I hit the New England VMUG “Winter Warmer.” It was an excellent use of time with more than 500 practitioners (aka VMware zealots) at the show.

Some interesting themes I saw were:

*Consolidation ratios (physical to virtual) for the clients we spoke with were all over the map, but more often than not, relatively conservative at 5:1, 4:1 and often 3:1 or sometimes even less.

"You must admit there is a fit..."

Storwize CEO, Ed Walsh stopped by the Wikibon offices the other day with his new VP of technology strategy Steve Kenniston packing a new pitch. Wikibon got an early look and we were definitely impressed. I first learned about Storwize in late 2008  and then mid last year we had Burzin Engineer of Shopzilla on a Peer Incite along with several other practitioners, speaking about in-line data compression for primary storage.

Physical->Logical Shockers

A key value proposition of both internal and external clouds is reduction in cost from shared resources. Virtualized processors, virtualized storage, virtualized CNAs (Converged Network Adapters) and Virtualized IO are all running virtual machines on commodity hardware.

However, security has its foundations on protecting real objects. An IP address is linked to a real piece of hardware, storage ports have been masked or separated, and processors dedicated to specific sensitive workloads. Security products are often linked to specific hardware, as in encryption of data at rest, encryption of network traffic, and encryption of tapes. If the links between these technologies is physical (e.g., no connection between server and storage) or a well understood logical separation (e.g., LUN masking) then the security gurus can be persuaded that security is auditable.  When all the components of the system are shared, the security experts that I have talked to throw up their hands in horror.