Early this month, Juniper Networks conducted an informal survey on the show floor of VMworld 2011. The survey, which garnered responses from some 60 attendees of the Vegas-hosted event, found that more than 77% of respondents ranked security as a top concern for virtualizing workloads. However, the economic benefits of virtualizing are extremely compelling. And so despite security concerns, 63% have already virtualized at least 75% of their data centers and 68% said they are 90% likely to be running mission-critical workloads in virtual machines within the next 12 months.
What survey participants said would benefit them greatly in terms of their security efforts are solutions that bridge the gap between physical and virtual security. In fact, 80% said they consider integration with a physical firewall to be a critical feature for virtualized security.
Other key findings of the survey included:
• Interestingly, while 52% said they will be relying solely on VLANs for segmentation, 58% said they consider VLAN segmentation insufficient for VM security.
• 83% of respondents consider integrated defenses beyond the firewall (e.g., IDS, antivirus) as must-haves.
• 63% of respondents will be implementing VM security for regulatory compliance within the next year.
Though a short survey, it reveals quite a bit. Organizations, without a doubt, have turned to virtualization for its manifold cost-cutting benefits and, now, the time has come for them to seriously consider the best ways to mitigate risks in this new environment. They are looking for complete solutions that cross the physical/virtualized boundaries. They want deep solutions that offer many layers of defense or unified threat management. They are looking for the best and easiest ways to meet their complex compliance requirements.
Even VMware CEO Paul Maritz put forth security as one of the company’s main messages at the event. He discussed the journey to the private and/or hybrid cloud—where you get the most benefits of virtualization—and the essentials surrounding that. These essentials include operational efficiency, automation, and security. According to Paul, there is a three-phase progression in this journey to the cloud. Many customers have gone through the first phase (virtualizing of non-mission-critical applications); are in the midst of the second phase (tackling core business applications); and are realizing they can reach the third phase (the cloud), where they can realize the full benefits of delivering IT in this new and different way. For this third phase, in particular, security is of paramount importance. Organizations need to know their applications will be secure in the cloud. Per Paul, the mechanisms of security are going to become much more dynamic such that, ultimately, the cloud can be more secure than the previous physical world.