This content is part of the Essential Guide: The ins and outs of VMware security products and features

VMware acquisition continues move toward cloud security

VMware cloud security tools will get a boost from the company's acquisition of CloudCoreo, a security and management startup focused on cloud deployments.

The latest VMware acquisition continues the hypervisor giant's push into multi-cloud security.

VMware on Wednesday disclosed its acquisition of CloudCoreo, a Seattle startup that offers proper configuration and vulnerability assessments across multiple cloud environments. VMware will integrate CloudCoreo into its cloud products and offer it as a stand-alone service, according to VMware.

CloudCoreo will probably follow the same path as Wavefront, a company VMware acquired in 2017. Wavefront provides real-time metrics monitoring and streaming analytics and was converted to a stand-alone service as part of the VMware cloud services umbrella last year.

VMware has beefed up its capabilities to manage disparate environments in the past six months with a handful of software-as-a-service tools, most prominently AppDefense, which monitors traffic for abnormal behavior. VMware has offered on-premises management tools for cloud environments for years through vRealize, but AppDefense was the company's first real foray into cloud security, and the CloudCoreo acquisition continues that push.

AppDefense is an endpoint security tool for VMs, whereas CloudCoreo is more about vulnerability assessment. It differs from some similar options in that it's built specifically to identify, alert and prioritize configuration problems in public cloud infrastructure, said Dan Kennedy, an analyst at 451 Research. It also has plug-ins for continuous integration tools like Jenkins.

It's too soon to say how this will fit with VMware's broader cloud strategy to become an overlay of modern, complex hybrid environments, but CEO Pat Gelsinger did lay out a desire to build security directly into cloud services, Kennedy said.

Dan Kennedy, analyst 451 ResearchDan Kennedy

"A platform that helps ensure insecure cloud configurations don't go live certainly fits that umbrella," he said.

Misconfigurations are a major issue in cloud security, as enterprises still struggle to understand when the responsibility to properly configure cloud environments falls to the vendor or to the customer. That's particularly true on AWS, where high-profile corporations have left sensitive data exposed in their storage buckets. It's also an area that AWS has put considerable emphasis on over the past six months to prevent against such occurrences going forward.

Among enterprises, 27.5% have implemented cloud "infrastructure security" tools in what is still a broad and evolving category, Kennedy said. And a host of other vendors offer tools to monitor for potential security problems across multiple cloud platforms, including Alert Logic, Dome9 and

It's complementary to the earlier things that VMware has done, but I'm not sure [it] will dramatically move the needle.
Abhi Dugaranalyst, IDC

Having a single place to manage consistency across environments could play into VMware's partnership with AWS, where customers can have environments that run in their private data centers and on Amazon's public cloud. Improving that bridge between the two environments could give more enterprises the confidence to move their workloads to the cloud, said Abhi Dugar, an analyst at IDC.

"It's complementary to the earlier things that VMware has done, but I'm not sure it's a game-changer or anything that will dramatically move the needle for VMware," he said.

Terms of the VMWare acquisition were not disclosed, though it was likely a relatively inexpensive acquisition for the vendor. Founded in 2014, CloudCoreo raised $2.9 million in seed funding in October 2016, and currently has fewer than a dozen employees, most of whom will join VMware's office in Bellevue, Wash., the company said.

Dig Deeper on Cloud deployment and architecture

Data Center