‘How do you eat an elephant’ is the age-old metaphorical business question. ‘One piece at a time’ is the answer. Big problems can be broken down into smaller ones, which can in turn be broken down again, until you get to a level where you can see your way to solutions. Project management and production assembly lines work on the same basis, although the concern is that the whole does not become less than the sum of the parts. In a recent development in IT security and business continuity, a similar divide and conquer strategy uses virtualisation to isolate individual IT activities instead of applying malware detection techniques to a system as a whole.
The technology for this virtualisation comes from IT vendor Bromium. It applies to sales systems using legacy software applications. The firm’s strategy is to admit that trying to detect or monitor all kinds of suspicious behaviour in a system is unrealistic. Instead, its vSentry software simply wraps up any ‘untrusted task’ in a ‘microVM’ or miniature virtual machine environment. When the task finishes, the miniature virtual machine is closed down and removed from the system. The advantage claimed for this approach is that it is universally applicable and therefore automatically covers all IT security threats.
By way of an analogy, if the entities concerned were shoppers themselves rather than the payments those shoppers were making, the physical equivalent would be to pair up each individual shopper with a shop security person – not a realistic approach for most establishments. However, information security (rather than IT security) measures in companies dealing with confidential customer health data for instance do indeed recommend that each external visitor is accompanied by a member of the company for the whole of the time the visitor remains on company premises. The next stage might be the creation of miniature security environments that systematically filter out any confidential information that could be seen by visitors – an application for Google Glasses, perhaps?