This afternoon EMC announced it had acquired configuration management vendor Configuresoft. EMC has OEMed Configuresoft technology for a while now - EMC Server Configuration Manager and Configuration Analytics manager are both ConfigureSoft products.
Now when I was at Forrester, people used to run around saying "the sky is falling, the sky is falling!" when it came to securing a virtual environment. Vendor after vendor would regale me with tales of malfeasants - usually foreigners I'll have you know - wanting to take liberties and exploit complex vulnerabilities at the hypervisor layer. Strangely enough, nobody was ever able to tell me of any breaches resulting from this.
ConfigureSoft, on the other hand, had a far more down-to-earth and concrete story. They were one of the first to realize that virtualization brought a whole new set of ways of doing things around changes, patches and configurations, and that these new ways of doing things introduced whole new sets of ways to screw up. And since screw-ups are the mother of the vast majority of security breaches, then it stands to reason that good configuration management is the cornerstone of virtualization security.
ConfigureSoft has some splendid technology and people, and having them on board really rounds out EMC's portfolio, further bridging the gap between security and IT Ops, no matter whether you live in the physical world, the virtual world, or whether like the rest of us you're floundering somewhere in between!
Comments