Securing virtual environmentsJanuary 4 - 1pm
Today, the question of customers virtualising their IT systems is not a matter of if they do, but how fast can they do it.
The cost savings and agility on offer are just too great to ignore; in fact, they could quickly find themselves falling behind competitors if they don’t move fast enough.
Given the strong motivations at play, it should be no real surprise that the subject of security is often overlooked when designing and building these new computing environments.
For an integrator this means there are significant opportunities on offer, if you know how and when to find them.
As your customers race down the road to virtualisation and then on to cloud, if they fail to acknowledge the security aspects of this journey they put at risk the very benefits they are aiming for.
For example, the last thing an infrastructure manager wants to see is an application owner refusing to migrate their systems because compliance mandates cannot be met.
I see this more often than not – a completely re-architected computing environment with new servers, networking equipment and state of the art storage systems.
However, the security technology and models from the old environment are just expected to work as they did before.
Unfortunately this is often not the case. The fact that security was not a core focus during the original design process means a series of problems now start to pose a threat to data and applications, such as:
Resource contention – security technology is known for being relatively resource intensive.
Consider the performance of your own workstation when the anti-malware scan occurs.
While this may be an inconvenience on a physical server or workstation, the problem magnifies within virtual environments, potentially causing significant performance degradation or even crashes when the shared nature of storage, networking and CPU resources are factored in.
Blind spots – security systems and policies designed for physical environments are often static and hierarchical.
Appliances placed on key egress points do not have visibility within the networks that exist only within the hypervisor, meaning that either traffic needs to be routed out to the security appliance to be screened then back in again, causing additional hardware load, or compromises are made, meaning the traffic is just not screened at all when it passes from one zone to the next.
Out of date systems – one of the benefits of virtualisation is that it becomes simple to create, store and replicate workload images.
Operating systems, applications and security software need regular updating, which means these images become out of date, and at risk of attacks soon after they are created.
Once one of them is brought online from a dormant state a window of opportunity exists for a compromise to occur until they are brought up to date.
Unfortunately these factors can conspire to become a perfect storm. A common response to resource contention problems is to deactivate the security agent located within individual workloads.
This leaves them exposed to the networking traffic that is no longer being screened for attacks. Couple this with new virtual machines being brought online from out of date image libraries and you have the recipe for a serious incident.
Mortar mix security
While this may sound pessimistic, the answer is actually straightforward. At the time the new environment is being designed, use this as an opportunity to also adapt the security strategy.
Not only will doing this mean these problems are addressed, but you will find that the power of virtualisation can be harnessed to deliver a more secure environment than the old physical one ever was.
Imagine being able to, with a click of a mouse, enable services like intrusion protection, anti-malware, encryption, virtual patching and integrity monitoring for certain parts of the environment, but not for others.
With security technologies that are designed for virtualisation environments you can easily align the security needs of different workloads with the requirements of the business.
The initial investment will easily be justified by way of savings with ongoing management and troubleshooting activities.
For an integrator who builds security into virtual environments, it means significant opportunities for increasing revenue and customer satisfaction.
You will have additional products to add to a proposal and the related professional services for deployment and ongoing management are quite lucrative.
My advice is to step out from the crowd by blending security into the mortar mix of the environments you build.
With the right tools and knowledge you will easily be able to demonstrate how a virtual environment built around security will better deliver your customers’ high level goals than one where security is an afterthought.
You will be seen as leader in your field by bringing up concepts and ideas your competitors may miss, at the same time as increasing the value of initial investments and securing longer term revenue streams.