Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Breaking Through the Virtualization Roadblock

In order for Virtualization to Establish itself as a Widely Trusted Approach to Infrastructure Deployment, Adaptive Security Technologies are Necessary

In order for Virtualization to Establish itself as a Widely Trusted Approach to Infrastructure Deployment, Adaptive Security Technologies are Necessary

A Google search on virtualization produces about 17 million results. There’s no doubt that virtualization is one of the top buzz words in corporate and government IT circles. But more than that, virtualization is a very real strategy for IT leaders to cut costs, increase flexibility, and support Green IT initiatives. In fact, according to a September 27, 2010 Gartner press release, “more than 80 percent of enterprises now have a virtualization program or project.” But Gartner also stated that a mere 25 percent of all server workloads would be in a virtual machine (VM) by the end of 2010.

Security Considerations for Virtualized EnvironmentsSo why the roadblock when it comes to the adoption of virtualization? Security has been one of the biggest obstacles. A November 2010 survey of 335 senior business and IT decision makers by CA Technologies and KuppingerCole uncovered that one of the main concerns in implementing virtualization is security. A quarter of organizations responded that virtual environments, in general, are less secure than physical environments.

Virtualization technology is not inherently less secure, but the dynamic nature of virtual networks makes them more challenging to manage and introduces potential vulnerabilities. Also, the virtualization industry is still new, so the tools and processes to secure and manage virtualized environments continue to develop.

To complicate matters, traditional network security is no longer sufficient to adequately protect physical infrastructure, let alone virtual environments. While most existing security solutions are static, today’s networks and threats are dynamic. Virtual environments are even more dynamic than their physical counterparts, thereby increasing security risks and placing new demands on defense mechanisms to be even more adaptive.

But what does adaptive really mean in the context of virtual security technologies? It translates into awareness, automation, and alignment. Organizations looking for a more secure path to virtualization should look for technologies that embody these three capabilities:

1. Awareness – the ability to know who and what are on your network accessing data.

Today’s networks and threats are already dynamic, and virtualization only brings more change. Organizations don’t have the staff or resources to continually monitor network changes or endlessly fine-tune solutions in response. They need to invest in solutions that automatically maintain a real-time inventory of these assets and how they’re changing. New assets, new applications, and configuration changes can introduce the types of vulnerabilities that attackers seek to exploit. Organizations need to be able to quickly identify and remediate weaknesses – before hackers find them.

2. Automation – the ability to reduce the burden on personnel and minimize the risk of human error by applying technology to repeatable processes.

Automation is the key to effective security as well as compliance with internal policies, regulatory and audit requirements. Relying on IT staff to constantly monitor, analyze and apply knowledge about the IT landscape is unrealistic. IT security teams need technologies that leverage real-time network and user awareness and provide automation in the areas of tuning, alert routing, policy enforcement and remediation. This is even more important in virtual environments because of their dynamic nature. Close to 40 percent of participants in the KuppingerCole study recognized this, and t responded that a higher level of automation is required to secure virtual environments.

3. Alignment – the ability to coordinate protection of physical and virtual environments with a single approach.

Many organizations are concerned about budget constraints. IT staff doesn’t have the resources to purchase, monitor, manage or aggregate data from two sets of security software technologies – one for physical environments and the other for virtual environments. Organizations need technologies and business processes that are aligned to seamlessly protect physical and virtual environments without sacrificing security. Not only do combined solutions help contain IT costs but they also minimize business risk as organizations evolve to a virtualized infrastructure. In fact, more than 80 percent of participants in the KuppingerCole study are opting for this approach.

Virtualization holds great promise. Leading-edge organizations are reaping the benefits of increased efficiency, cost savings, and flexibility. But in order for virtualization to establish itself as a widely trusted approach to infrastructure deployment, adaptive security technologies are necessary. When organizations can address critical management challenges with confidence, virtualization will break through the security roadblock and become common IT practice.

Read More in SecurityWeek’s Cloud and Virtualization Security Section

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility