In order for Virtualization to Establish itself as a Widely Trusted Approach to Infrastructure Deployment, Adaptive Security Technologies are Necessary
A Google search on virtualization produces about 17 million results. There’s no doubt that virtualization is one of the top buzz words in corporate and government IT circles. But more than that, virtualization is a very real strategy for IT leaders to cut costs, increase flexibility, and support Green IT initiatives. In fact, according to a September 27, 2010 Gartner press release, “more than 80 percent of enterprises now have a virtualization program or project.” But Gartner also stated that a mere 25 percent of all server workloads would be in a virtual machine (VM) by the end of 2010.
So why the roadblock when it comes to the adoption of virtualization? Security has been one of the biggest obstacles. A November 2010 survey of 335 senior business and IT decision makers by CA Technologies and KuppingerCole uncovered that one of the main concerns in implementing virtualization is security. A quarter of organizations responded that virtual environments, in general, are less secure than physical environments.
Virtualization technology is not inherently less secure, but the dynamic nature of virtual networks makes them more challenging to manage and introduces potential vulnerabilities. Also, the virtualization industry is still new, so the tools and processes to secure and manage virtualized environments continue to develop.
To complicate matters, traditional network security is no longer sufficient to adequately protect physical infrastructure, let alone virtual environments. While most existing security solutions are static, today’s networks and threats are dynamic. Virtual environments are even more dynamic than their physical counterparts, thereby increasing security risks and placing new demands on defense mechanisms to be even more adaptive.
But what does adaptive really mean in the context of virtual security technologies? It translates into awareness, automation, and alignment. Organizations looking for a more secure path to virtualization should look for technologies that embody these three capabilities:
1. Awareness – the ability to know who and what are on your network accessing data.
Today’s networks and threats are already dynamic, and virtualization only brings more change. Organizations don’t have the staff or resources to continually monitor network changes or endlessly fine-tune solutions in response. They need to invest in solutions that automatically maintain a real-time inventory of these assets and how they’re changing. New assets, new applications, and configuration changes can introduce the types of vulnerabilities that attackers seek to exploit. Organizations need to be able to quickly identify and remediate weaknesses – before hackers find them.
2. Automation – the ability to reduce the burden on personnel and minimize the risk of human error by applying technology to repeatable processes.
Automation is the key to effective security as well as compliance with internal policies, regulatory and audit requirements. Relying on IT staff to constantly monitor, analyze and apply knowledge about the IT landscape is unrealistic. IT security teams need technologies that leverage real-time network and user awareness and provide automation in the areas of tuning, alert routing, policy enforcement and remediation. This is even more important in virtual environments because of their dynamic nature. Close to 40 percent of participants in the KuppingerCole study recognized this, and t responded that a higher level of automation is required to secure virtual environments.
3. Alignment – the ability to coordinate protection of physical and virtual environments with a single approach.
Many organizations are concerned about budget constraints. IT staff doesn’t have the resources to purchase, monitor, manage or aggregate data from two sets of security software technologies – one for physical environments and the other for virtual environments. Organizations need technologies and business processes that are aligned to seamlessly protect physical and virtual environments without sacrificing security. Not only do combined solutions help contain IT costs but they also minimize business risk as organizations evolve to a virtualized infrastructure. In fact, more than 80 percent of participants in the KuppingerCole study are opting for this approach.
Virtualization holds great promise. Leading-edge organizations are reaping the benefits of increased efficiency, cost savings, and flexibility. But in order for virtualization to establish itself as a widely trusted approach to infrastructure deployment, adaptive security technologies are necessary. When organizations can address critical management challenges with confidence, virtualization will break through the security roadblock and become common IT practice.