Virtualization, cloud computing and the race to deploy

To answer my own question from the earlier post on the Source conference, yes, it has turned out to be a really useful conference so far. The most interesting talk so far has been the Rich Mogull-Chris Hoff session on the future of security. The pair, who seem to spend most of their waking hours blogging, thinking about ways to annoy the security aristocracy and then blogging some more, gave a fast-paced talk on the ways in which technologies such as virtualization are wreaking havoc with security infrastructures and policies. Mogull, a longtime industry analyst, told the audience that as far-out as some of the technologies surrounding virtualization sound, the time is now to get up to speed on them and start thinking of ways to secure them. “You’re probably thinking, Man, Mogull and Hoff must be high. This stuff is never gonna happen. But I can tell you that all of the stuff that we’re talking about up here is either fully realized or partially so,” he said.

Hoff and Mogull also spent a lot of time talking about cloud computing and how the new/old model is causing security admins serious headaches. Many corporations, large and small, are moving to this model as a way to cut costs but it can also short-circuit security policies if not used correctly. No doubt that’s true, but cloud computing and virtualization both seem to be falling into that category that includes WiFi and smartphones and other technologies that have exploded in recent years: deploy first and worry about security later. It didn’t work out so well with WiFi. Maybe thing will be different this time around, but I wouldn’t take that bet.