The security promise of VMware’s Virtual Cloud Service Delivery (vCSD) is clear and simple:  to allow business to extend beyond datacenters to external infrastructure service providers with interoperable, consistent, and measurable security and audit capabilities.

To state this another way, vCSD puts the “private” in public clouds by enabling a set of security capabilities, audit controls, service commitments, and certifications that users have come to expect from internal IT organizations.  Service providers running the VMware infrastructure with vCSD should now have the capability to offer a comparable, predicable and tunable security and control environment to IT and business users, capable of meeting the requirements of more critical application or operational workloads.

VMware vCloud Datacenter Services incorporate VMware vSphere and VMware vCloud Director – the same infrastructure virtualizing datacenters and supporting private clouds – creating a new level of security interoperability and reducing security incompatibility across internal and external IT resources.

Creating this set of service functionality for IT providers with messaging around security interoperability and compatibility puts VMware center stage in the security business, complete with VMware vCloud Powered certification badges for service providers offering virtual cloud service director SLAs .  In essence, all that VMware has done over the past 3 years to secure the virtualization journey to the private cloud through platform offerings and its partner ecosystem is now being fully extended to public and hybrid environments.

So the big questions from the formal announcements are:

• Is it possible for Paul Maritz to stay out of the security business if his technology is at the core of the virtualization journey?  Can VMware just be a “security enabler”, and not a provider.  The answer, absolutely not.   VMware is, among other things, a significant security solutions provider, plain and simple.  Products, APIs, integrations, partners, services — it all there.
• How secure does vCSD make the journey of critical business workloads to public and hybrid cloud? The answer (of course), it depends. VMware is providing a capability to cloud service providers that suggests a degree of security and control equal to if not better than a business can get internally, and time will tell whether the bar is being raised or lowered.
• And finally, will the “VMware vCloud Powered” badge be a service differentiator in the marketplace, and will customs pay more for the security and control it represents.  The answer, probably not. Except for maybe the very high-end of the market, businesses will come to consider this degree of protection and risk management as table stakes in their cloud strategy over the long run.  The initial differentiation will diminish over time.