04:15 PM
Connect Directly

Analytics Brief: Securing The New Data Center

Virtualization changes the rules for how companies secure their data and their computing infrastructure.

In a recent InformationWeek poll, 70% of respondents report they're running at least one virtualized server, yet less than 12% have a security strategy tailored to their virtual environment. Given the relative nascence of virtualization offerings for the x86 platform, this doesn't come as a shock, but that also doesn't mean it's acceptable. Of those without a security plan in place, almost half believe that virtual machines are as secure as traditional servers, while another 18% admit they don't know whether virtualization changes the rules of the game for security (see chart below of responses filtered for "no plan in place").

There's little doubt that virtualization is an important and disruptive technology that will, in a relatively short period, change the face of the data center. Because virtualization is so disruptive, it also will clearly change the rules for how enterprises secure their data and their computing infrastructure. And, while we don't believe that virtualization should remain off limits until a security strategy is fully nailed down, smart organizations will develop security and management strategies as they develop deployment plans for virtualization.

chart:  Confidence Level -- In your opinion, how do virtual servers compare with conventional server environments for information protection and security?

New threats to security come on two fronts. The first and most obvious is the additional software footprint represented by virtualization. On the desktop, virtualization is often implemented as an "application" that runs as a process under a desktop operating system, like Windows. For servers, hypervisors have emerged as the preferred method for introducing a hardware virtualization layer between the "bare metal" hardware and general-purpose operating systems.

As such, hypervisors represent a relatively slim attack vector as they're often implemented in less than 100,000 lines of code. When compared with the millions of lines that make up a general-purpose operating system, creating a bulletproof hypervisor is a more realistic goal, but flaws will still exist, and exploits will be created. All the major players report that building a secure hypervisor is a top priority. VMware's CTO, Mendel Rosenblum, goes so far as to boast that no security holes will show up in VMware's ESX product because of design flaws--of course, that leaves open the possibility of implementation errors. Unfortunately, the enterprise is left with little other than vendor assurances to work with. While tools exist to detect rootkits and other compromises on conventional operating systems, no tools exist to detect their presence in the hypervisor.

chart:  Confidence Level -- In your opinion, how do virtual servers compare with conventional server environments for information protection and security?

1 of 2
Comment  | 
Print  | 
More Insights
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
2014 State of Unified Communications
2014 State of Unified Communications
If you thought consumerization killed UC, think again: 70% of our 488 respondents have or plan to put systems in place. Of those, 34% will roll UC out to 76% or more of their user base. And there’s some good news for UCaaS providers.
Twitter Feed