Gartner Blog Network

The Five Stages of Virtualization Security Vendor Maturity

by Neil MacDonald  |  March 13, 2009  |  Comments Off on The Five Stages of Virtualization Security Vendor Maturity

Stage 1: Virtualization Denial – Here, the vendor hasn’t yet acknowledged the need for virtualization security solutions. Worse, they deny that customers actually need this. Typically, the vendor is afraid of cannibalizing their existing physical environment-based revenue streams. You can tell when security vendors are in denial if you go to their website, search on the word “virtualization” or “VMware” and finding little or nothing of value.

Stage 2: Virtualization Tease The vendor keeps saying they have a version “on their roadmap” or are using stall tactics like “we’re waiting on VMsafe before delivering a solution”. Worse, they appear on main stage  at a big event like VMworld to demonstrate this non-existent solution. In some torturous cases, you search the vendor’s site, find the vendor has a version of their solution running in a VM –  then find out the version is restricted for only testing and demonstration purposes.

Stage 3: Virtualization Immigrant – The vendor’s virtualization security solution works and is supported in a virtual environment. For host-based security software, this is usually just a matter of testing. For network-based solutions, may require a port of their code into an x86-based OS. Solutions here are unaware they are running in a virtual environment.

Stage 4: Virtualization Native – The vendor’s solution are aware they are running in a virtual environment and integrate into the virtualization platform’s capabilities. For example, in a VMware environment they are able to link into Virtual Center configuration tools and are VMotion aware. In most cases, these are the solutions that were created from the beginning to secure a virtual environment.

Stage 5: Virtualization Exploitive – Solutions here use the unique capabilities of the underlying virtualization platform to deliver its security protection in new and potentially transformational ways. For example, scanning multiple VMs without agents using introspection techniques available with virtualization platform APIs like VMsafe.

There are many security vendors that are still in denial, still in stage one and still dragging their feet in delivering virtualization security solutions.

Where are your vendors? Where do you want them to be?

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: virtualization-security  

Tags: maturity-models  virtualization-security  vmsafe  vmware  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.