The proliferation of mobile end user devices will be the principal way that individuals do their computing in the future, thanks to their links to powerful servers on the Internet, said Crosby in a talk at the Structure 2011 show in San Francisco on Wednesday. He termed mobile smart devices "the cloud in your pocket."
At the same time the explosion of personal devices is leading to increasing strain on security measures. "The recent breaches at RSA and Gmail came in through the client (carried inside company walls by unsuspecting employees)," said Crosby after his talk. "No one broke in through the perimeter. It was someone bringing in an exploit in a Flash presentation (RSA) or a user with an unprotected browser. If you can't protect the client, you can't protect the cloud," Crosby said.
Bromium will draw on Pratt and Crosby's experience in building the Xen open source hypervisor and use the hypervisor as a control point for monitoring and maintaining secure application execution. Crosby was not prepared to divulge how the company plans to pull off the feat, but Pratt had been working closely with the U.S. Air Force and Defense Intelligence Agency to build more secure clients that could accompany U.S. forces as they undertake missions behind enemy lines.
Today's user desktops, whether on a laptop, tablet, or smartphone, are providing more and more avenues of access to the corporate network once they've been carried inside the employee's workplace and are behind the firewall. Crosby and Pratt propose to use new virtualization technology to address this issue.
"We have the technology that gives you an elegant and assured solution to that problem," said Crosby, sitting down for an interview during a break at the show.
"What you want is continuous, fine grained monitoring of executing code," Crosby said. Previous attempts to put firewalls on the hypervisor, which protect it from invasive code, and to check the validity of the application as it arrives and inspect it for malware, would have been inadequate to protect against the recent RSA and Gmail breaches, he said. They were launched by internal users who had malware planted on their machines that they inadvertently activated while at work.
Crosby said the Bromium form of security will work closely with Intel chip security features and be embedded in the BIOS of a PC or laptop device. Users will not need to know that it's there or that they are working in a virtual machine. Users of Citrix Systems client software need to decide what environment they wish to work in and toggle between virtual machines to go from personal use to a more secure workplace.
The security of the client is becoming a more pressing issue as workers carry more than one of them in and out of their workplaces, and mix personal online activities and workplace activities on the same devices.
Bromium is being co-founded by Crosby and Pratt with Gaurav Banga, a former CTO and VP of engineering at Phoenix Technologies. It has three employees as of Wednesday; it will have 11 by the end of the month, Crosby said. It will have offices in Cupertino, Calif., and Cambridge, U.K. Its first product will be delivered in about six months, Crosby said.
Pratt, as VP of advanced products, was working with the U.S. Air Force Research Lab to create a secure virtual client that can disappear from a mobile machine, leaving no trace of the data it was working with. Pratt spoke about the effort at the Citrix user group meeting, Synergy 2011, in San Francisco in May.
Pratt is the Cambridge University researcher who correctly emulated in software the Intel x86 instruction set and built the Xen hypervisor as a result. He was preceded in the feat, once thought impossible, by Wendell Rosenbloom, founder of VMware. When Citrix Systems sought to compete with VMware, it acquired XenSource, the company behind the Xen code.
Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud, as this Tech Center report explains. Download it now. (Free registration required.)