Many security tools are designed to work in the physical world and are not optimised for the virtual world.
This is according to Brian Whitman, a senior VMware specialist with EMC, who believes organisations should re-evaluate their compliance and security policies and procedures, based, in some part, on their vertical industries.
Whitman points out that, as in many cases, security is an afterthought for many organisations. “Virtualisation is a change to the infrastructure, which brings both challenges and opportunities. The challenges revolve around virtualisation being a new layer of abstraction, which creates a new attack point of leverage,” Whitman explained.
According to recent IDC and Kaspersky Lab analysis, which evaluated the global virtualisation market, protection for virtual environments is lagging, as, for many organisations, security concerns are often overshadowed by virtualisation benefits.
However, the study notes that virtualisation is currently in use on most new servers. By 2013, the study adds, two thirds of all corporate services and applications will work in a virtual environment.
Whitman therefore urges businesses to look at some security processes in a different, more efficient way, and leverage the hypervisor layer as a security mechanism versus a hole.
“In particular, security tools should be integrated with the hypervisor and leverage that layer to provide protection.”
Whitman also notes that virtualisation changes not just technology, but people and processes as well.
“Roles, processes and best practices need to be re-evaluated and changed to adapt to a virtual environment. This is probably the biggest overall challenge organisations face.”
Another challenge, he adds, is getting past the virtualisation of less important apps and extending virtualisation to business-critical and tier 1 apps.
“The capability is there now; vSphere 5 performs and can handle 32 cores and 1TB of RAM. Many organisations have virtualised their tier 1 apps and have seen a wide variety of benefits, but many application owners are still wary and insist on physical servers.”
To meet these challenges, Whitman says it takes a top-down push in most organisations to move forward.
“Decision-makers need to see the benefits of virtualising their tier 1 applications and drive the application owners and infrastructure architects to seriously evaluate their options.
“These teams can speak to other customers in the community who have started on this journey, as well as leverage the vast library of proven solutions, including reference architectures, performance analysis and best practices.”
Share