VMware wants security industry to shrink so its ambitions fit into market

Virtzilla's swagger is back as it plans to do to the security industry what it once did to storage industry

VMware CEO Pat Gelsinger
VMware CEO Pat Gelsinger

VMWORLD 2017 VMware's entered the enterprise security market and called for it to become more concentrated.

The somewhat arrogant analysis comes from the top-down: CEO Pat Gelsinger's opening day keynote featured a slide full of logos most often deployed when vendors show off all of their most recognisable customers. VMware put a twist on that slide by rendering hundreds of security vendors' logos at illegible size. The point was that most security vendors offer point solutions that overlap, leaving organisations to manage multiple worthy-but-siloed products that together actually compromise security by making it hard to get the big picture.

We have successfully navigated VMware to the 'strategic' column vs. the 'procurement' column

VMware's answer is “AppDefense”, its new VM whitelisting product it says lets you “ensure good” behaviour in a VM by checking its activities against a manifest of permitted behaviour, instead of just “chasing bad” with a fleet of security tools. If AppDefense detects a VM deviating from expected behaviour, a range of manual and/or automated responses become available to nip attacks in the bud.

Gelsinger thinks VMware is onto something with this approach. “If you look at venture funding of enterprise IT, security has been by far the hottest space,” the CEO told The Register. “If you are a hot startup you do one product. I don't need a lot more of one cool product. That is making the the problem worse in some regards, not better.”

“I call this the 'warm sweater phenomenon',” he explained. “You have lots of bad people chasing you, so put on another warm sweater. Right now, most companies are wearing about 75 warm sweaters. They're cooking inside, but they are not secure.”

VMware security ecosystem slide

Size matters: VMware shrank the security industry into ants in the VMworld 2017 keynote. Click here to embiggen.

Gelsinger took some of the blame for that problem, on behalf of the rest of the industry, by saying “It is about collectively as an industry delivering secure infrastructure. We have failed the customer. We have to do more core security functions in the underlying infrastructure.”

AppDefense does that for the hypervisor and Gelsinger pointed out that by baking encryption into VSAN VMware is stepping up to ensure storage is also more secure.

The company's next step may look familiar to storage-watchers, as when vSphere started to take off VMware started to lay down the law to array vendors so that their wares played well with Virtzilla's hypervisors and management tools.

Gelisinger plans something similar with security vendors, as he says their tools “need to be more deeply integrated with operational environments.” VMware therefore plans to partner with substantial security players to provide “validated solutions” that describe secure infrastructure combining VMware products with code from security vendors.

“Maybe it will be 100 vendors,” he said. “It will not be 2,000 vendors.”

The CEO doesn't think niche vendors need to disappear. “Perhaps you are special,” he said. “There are special vendors in the PCI and federal and medical fields. No way do I think 2,000 vendors goes to 100. But I think the core of enterprise security business offerings needs to shrink significantly so customers can get more security with a whole lot less investment on integration.”

The swagger is back

There's a certain arrogance to those statements and also to words uttered by Gelsinger and AWS CEO Andy Jassy. At a press Q&A session the pair said they announced VMware-on-AWS months ahead of its debut not in order to excite investors, but to give customers time to take into account what the news meant for their future data centre building plans.

That's the kind of of statement that's only possible when you own a platform you know others covet and for the last couple of years VMware hasn't been entirely sure its platform has a future. In January 2016 company announced that vSphere sales had fallen and were expected to keep falling. That forecast was made against a background of rapid public cloud adoption, the rise and rise of containers and many suggestions that the hypervisor's best days were behind it.

Yet after several quarters in which vSphere sales rose, two weeks ago the VMware revised that outlook and forecast vSphere sales will be flat for the foreseeable future.

Gelsinger says that turnaround happened because “we have successfully navigated VMware to the 'strategic' column vs. the 'procurement' column for customers.” Customers in the latter column, he said, try to minimise cost. “If you are in the strategic column, the question is 'how are we going to do more together'?”

Gelsinger also said that VMware's experienced better-than-expected sales to cloud providers, another sign that its platforms are valued.

AppDefense shows the company is also capable of finding new ways to make that platform valuable. Gelsinger also thinks that the NSX network virtualization product is just getting started. It's already a billion-a-year business despite having just 2,600 users. Yet the CEO declared it will likely fuel VMware's next 20 years of growth, just as server virtualization fuelled its first decades. The company also points out that VSAN has 10,000 users, but vSphere has 500,000 and all will need new storage at some point.

Which is not to say that VMware is out of the woods. Its end user computing business has a comprehensive portfolio but occupies a mature market and isn't growing quickly. It also relies on inertia to keep vSphere in place as organisations' preferred management tools and now hopes they'll do so with hybrid clouds, even as a hundred innovators try to tame clouds.

But overall, the company appears to have its swagger back. Which is almost always a better look that floundering in the face of change. ®


Biting the hand that feeds IT © 1998–2017