Bromium planning to change desktop security through virtualization

Conversation with Simon Crosby, CTO and founder of Bromium

I recently had the opportunity to speak with Simon Crosby, co-founder and CTO of Bromium, to better understand why he left Citrix and what Bromium is setting out to accomplish.  Simon and I have spoken many times. Each time, I come away looking at things from a fresh perspective. We haven't alway agreed, but he clearly knows a great deal about what he's talking about. We first spoke while he was with XenSource. We've spoken many times since XenSource was acquired by Citrix.

My first questions were about the need for Bromium at all.  Why, I wondered, was it necessary to create a new company. Wouldn't it have been possible to accomplish the same things as part of Citrix? Simon helped me understand that he parted company with Citrix on friendly terms. Citrix, he pointed out, was focused on its core mission and the vision for Bromium, while important for Citrix customers, would not be a mainline project. So, the team would always be competing with other projects for funding, resources and attention of the company. The founders of Bromium though it would be best to create a company tightly focused on its mission.

Then I inquired about what was the set of goals Bromium was setting out to accomplish. This started a long, animated and very interesting discussion of the security problems facing users of PCs, laptops and other devices were facing. Here are some of the high points of the discussion:

  • Operating systems depend upon a number of factors to assure that only approved workloads are allowed to execute. Some factors are outside of the control of operating systems and, thus, have to be managed at a another level. It appears that nearly every commercial operating system has suffered security breaches even though many very smart people are trying to prevent it.
  • Applications and application frameworks can and have been developed with the goal of creating a secure execution environment. Even the best of those have been breached at one time or another.
  • People using systems expect systems to be easy-to-use, friendly and make getting the work done easily. Today's security systems often act to make systems less friendly, harder to use and, upon occasion, get in the way of the work people are trying to accomplish

Bromium's founders have imagined a number of tools, tools that combine virtualization and security technology, that can be created to create and maintain a highly secure environment. Although Simon didn't get away any of the "secret sauce" that Bromium is developing, he did point out that many of today's high volume microprocessors, such as those containing Intel's vPro technology, have the capability of locking down execution very tightly. The problem is that most commercial operating systems were not developed to make full use of that or similar technology.

I his view, special purpose hypervisors need to be built that take full advantage of that microprocessor technology and enfold all workloads in a tightly controlled environment. This layer of technology could prevent unauthorized execution of code regardless of how it was introduced into the environment.

I look forward to learning more about what Bromum is developing. I guess that unless  I sign on as an employee or become a trusted consultant, I'll have to wait to learn more just like everyone else.