Why virtualisation isn't a hardware vendor's nightmare
Virtualisation should theoretically be a security hardware vendor's worst nightmare, but one company can't wait for more organisations to catch up and adopt more virtualised security measures.
WatchGuard's regional director for Australia and New Zealand, Patrick Devlin told reporters in Sydney yesterday that simply providing more physical hardware for giant corporations and enterprises wasn't working anymore, now that virtualisation could meet the same needs in a scalable fashion.
"There's a lot more interest in large-scale virtualisation [...] instead of going for one big gateway. I don't think the idea of a big chunk of hardware is going to fly anymore," he said.
To make matters worse, even on the smaller scale, Devlin said that the business model for sending out its smallest unified threat management products also made little to no sense once the cost of traditionally configuring the devices was taken into account.
"Someone sat back and went, 'this is nuts'. We did the maths. It's like a $500 flight, $500 accommodation, plus the guy's time. It ends up being one and half times the cost of the system he's deploying, just to get out there," he said.
As a company that makes the bulk of its revenue on providing physical products, most would think that virtualisation and the uptake of cloud-based appliances would represent a threat to WatchGuard, however, Devlin said that it's the opposite, and he would rather businesses get on with increasing their adoption of the two technologies.
With its configuration problem, the company is instead using the cloud to host each product's configuration, allowing users to install appliances that then "phone home" to configure themselves once they've looked up their own serial number, eliminating the need to first ship a device to someone to configure.
"We want to use cloud as a means to stay as up to date as possible. I think a lot of people haven't realised the power of that as a medium. In the same way that a zero-day threat propagates really quickly because everybody's connected, the idea that security vendors should be using that same method to propagate quickly is kind of there, but not really, and so as much as we can, we want to harness that."
And as for the loss of larger gateways, Devlin said that the company has seen the writing on the wall for some time, and has spent significant amounts of time preparing for larger organisations to catch up and move towards virtualised appliances.
Part of this has been a greater focus on improving the management of large farms of virtual appliances, with the expectation that larger customers who previously ran significant amounts of physical hardware would move to virtualised equivalents.
"At some point, there's going to be this inflexion where people are moving away from hardware and into virtual. We need to be ready for that for the new deployment model."
More than that, the company often urges customers to move to a virtualised environment, recognising that the old model of only securing the perimeter is dead.
"Our traditional datacentre customers from five years ago would have a big appliance at their perimeter, and that's it. What we're saying to those guys is that you can do that, or [because] it's so inexpensive now, you could stick a virtual firewall in front of almost every application stack and create something that's very different."
However, according to Devlin, most companies are still lagging behind, because they somehow feel safer knowing there's a physical piece of hardware around.
"People still have a love affair with the idea of a piece of hardware, particularly in security. Almost every other piece of technology that I've looked at, if it can be virtualised, people want to virtualise it. But security is one of those things where you kind of like the idea that this thing is the thing that protects my network and keeps it separate. Even though there's nothing, from a technology perspective, holding people back, there's that idea that I'd like to separate it physically."
This has ensured security hardware vendors' longevity for now, but Devlin isn't convinced it will last. The company is moving further into the virtualisation space, and while Devlin acknowledged that it creates a paradox where the company is creating competition against its own products. He said that "if you don't cannibalise your own business, someone else will".
"I'd love to just move virtual products. We're good with our distributors right now, they do a great job of holding stock, but imagine that problem going away — just download it and away you go."