End User Computing… Central Control or Distributed Safety? On Bromium’s Novel Play

At VMworld back in August, one of the small number of announcements made revolved around “end user computing”, VMware’s term for all the different products that deliver solutions for actual business users. VMware announced a suite of solutions, built around a bunch of different projects (Projects Octopus, AppBlast, ThinApp, VMware Horizon Application Manager and VMware Horizon Mobile along with VMware view and technologies from their recent acquisition of Wanova). The new products, Horizon Suite, View and Wanova are designed to do a couple of different things, according to the release;

The VMware Horizon Suite will provide a flexible platform that uniquely combines the principles of identity, context and policy to separate personal and business workspaces, enable consistent access to applications and data across any personal device.

And

With the recent acquisition of Wanova, VMware and its partner community can now offer centralized desktop management solutions that address the requirements of IT organizations to help them transform legacy Windows desktops into a service

I was interested to watch the demo of these products – it kind of felt like I was watching something from 1990 – the idea of delivering “secure corporate workspaces” on mobile devices delivers to all the negative connotations of IT around lock-down, control and silo-ing. But then I considered something. Looking around the room in the VMware keynote, I was struck by the overpowering sense that VMware customers are largely traditional corporate IT types who, quite frankly (and with all due respect) are a little behind the times when it comes to this new paradigm of access. That’s not to say that they don’t realize “something” is happening, but rather that right now, they’d like to do give the minimum amount of functionality to the business, whilst still retaining absolute control.

Tools like View and Wanova are a (slightly) modern take on that much maligned tool, VDI. They’re designed to give a desktop-like view within multiple devices and, at first glance they make sense; they allow workers to do what they want (sort of) while using the device of their choice. But that “sort of” is a big deal. Even the VMware messaging around these products is telling, the first line of the press release stated proudly;

Vmware demonstrates holistic solution to deliver legacy desktops as a centrally managed service

But the future isn’t holistic. It’s not within a legacy desktop. And it sure as hell isn’t centrally managed. I’ve long riffed on this topic – the fact that IT is often a barrier – a barrier to new functionality, to agility, to mobility. But it’s hard not to see their point. Everything is a vector. Every time someone does something on an insecure device, runs a different sort of app, in fact anytime anyone within a corporate that feel like the sort of tool they’d use in their non-work life, IT has panic attacks about vectors of risk.

Which is where Bromium comes in. Just over a year ago I was in the audience at Structure when Simon Crosby, at that time CTO at Citrix announced that he was leaving to found a deep-stealth company called Bromium. Bromium was to be founded by Crosby and Ian Pratt, creators of Xen, alongside Gaurav Banga. Over the next 18 or so months some details emerged about what they were doing but while at VMworld this year I got the opportunity to sit down and have a talk with Crosby and more importantly have a demo of Bromium. Most readers will have seen what Bromium is, but to quickly recap, the product enables safe end user activity by creating completely isolated instances (a “MicroVM”) on a computer’s processor that keep activity from impacting on other parts of the machine. Essentially it ring fences a discrete operation, give it all the system components needed to run that operation then locks down the operation within an individual container.

Sounds interesting and, to let the story run its course, it means that rather than being stringent about security and as such allowing lots of false positive to occur, threats can be left within the MicroVM to run their course, safe in the knowledge that any harm that will occur will be reversed once the MicroVM ends its life. It’s a pretty amazing concept and one which, taken alongside the absolutely incredible team that Bromium has built, leads me to go way, way out on a limb and say that Bromium has a very good chance of being the next billion dollar acquisition.

Now of course Bromium is still a little conceptual – it’s only available for Intel processors running windows. It’s pretty much just a beta product at this stage – there’s a bunch of stuff to happen before we can say it’s truly there. But I got a demo of the working product, all run on Simon Crosby’s personal laptop and it worked a treat – new operations opened rapidly within nicely containerized VMs and Crosby could let malicious attacks could simply run their course, secure in the knowledge that there was no harm they could do to the rest of the system.

Crosby nicely states why Bromium is so valuable, and, by extension why central IT control, and the traditional IT vendor perspective of limiting access, is flawed;

Human beings don’t do well when they’re fortified within the walls of a city. They want to go out, explore the world around them and click on shiny attachments. This means constantly entering into “areas of unfathomable trust” where it’s easy to get hurt if they’re not careful.

I’m super bullish on Bromium as a business, in part because of the team behind it. But I’m also excited by the fact that, in a space generally populated by vendors delivering corporate IT’s demands for total control, Bromium is a company turning that on its head, allowing workers to achieve what they want, and empowering them to do so safely.