Lack of Visibility Into Virtualized Infrastructure Makes Defending It Effectively a Challenge…
CIOs consistently rank virtualization and cloud computing among their top strategic IT initiatives. In fact, earlier this year a study by IDC found that virtualization is the number one priority for CIOs in 2012 with cloud computing second. At the same time CIOs also cite security as the main inhibitor to the adoption of these technologies. Blind spots, Virtual Machine (VM) sprawl, lack of separation of duties, new advanced threats and the dynamic nature of virtual deployments all contribute to their security concerns.
So what’s keeping security professionals from being able to secure the enterprise against threats to their virtual environments, just as they protect their physical assets? The challenge is a lack of visibility into and control over virtualized infrastructure to defend it effectively. In essence, they haven’t established Information Superiority over attackers. This becomes particularly challenging as organizations expand their virtualized systems from the data center to the desktop.
To achieve Information Superiority in their virtual environments, security professionals must be able to enforce security policies across both physical and virtual environments. They also must able to establish visibility and control to detect and stop threats targeting virtual infrastructure and the impact of these threats to applications and users.
When considering technologies to help secure the virtual environment, security professionals should look for the following attributes:
• Comprehensive – connecting physical and virtual security elements together. Corporate security and risk management policies as well as compliance mandates demand consistent protection across physical and virtual environments. The ability to monitor, manage and report on security activities across the entire infrastructure from a central console is a critical step in enabling Information Superiority for the virtual enterprise.
• Integrated – combining network and application awareness with big data analytics. Threats today are increasingly sophisticated and no aspect of the environment is safe. Integrating total network visibility—including hosts and other devices, applications, services and users—with big data analytics for increased security intelligence helps eliminate the blind spots in security controls that only monitor physical systems for malicious activity.
• Intelligent – delivering the right information needed to structure defenses. In today’s resource-constrained IT security departments working smarter, not harder, has become a mantra. The ability for technologies to automatically assess new threats to determine which are relevant and business-impacting helps to focus response efforts and adapt defenses to quickly address changing conditions.
• Continuous – responding completely and systematically across deployed security infrastructure. The hyper-dynamic nature of virtualized environments exacerbates the need for continuous protection. Real-time visibility from the data center to the desktop, automating network security functions and management, and the ability to continuously detect and stop the latest attacks and control the inevitable outbreak are just a few examples of the capabilities needed to help maintain effective protection on an ongoing basis.
Without Information Superiority, implementing effective IT security is much more difficult because of all there is to know about rapidly changing modern physical and virtual network environments. Information Superiority lets CIOs pursue their virtualization strategies to maximize business flexibility, agility and cost savings without losing visibility and control over data integrity, security and business continuity. Technologies that support a holistic approach to IT security, providing the same level of visibility and control from the data center to the desktop and across physical and virtual systems, enable organizations to achieve Information Superiority and realize the full benefits of virtualization.