Security challenges cloud virtualization payoff

NEW YORK -- Virtualization and cloud computing will help companies accomplish more by breaking the physical bonds of an IT infrastructure and its users, executives from Cisco and Novell proclaimed this week during their keynote addresses at Interop New York. But caveats such as heightened security threats must be overcome in order to fully benefit from this new computing paradigm, they warned.

Virtualization is a “chameleon concept” with one common denominator: breaking the bond with physical reality “so you can do more,” said Marie Hattar, vice president of network systems and security solutions at Cisco. “It’s one asset to many; or many assets to one,” she said.

Virtualization allows the dynamic partitioning of resources on the fly, Hattar said. Using Cisco as an example, the company increased the utilization of its storage arrays from 20% to 68% through virtualization, she said.

That translated into an annual savings of $40 million for every year that Cisco could delay construction of a new data center, Hattar said.

“It’s so exciting because the benefits are so significant,” she crowed. As resources are added to the virtualized pool, the value of virtualization increases exponentially, she claimed.

The more a company virtualizes, the farther it ventures into cloud computing, with a hosted infrastructure, abstracted services with APIs, and application services delivered through a Web browser, Hattar added.

But she quickly described sobering scenarios that could hold back widespread adoption of virtualization and cloud computing. 

One issue is siloed IT operations in which separate departments oversee specific areas of infrastructure – systems, servers, storage, applications and network.

“For virtualization to work, those walls have to come down,” Hattar said. “It depends on shared resources.”

Another is a lack of standards for interconnecting clouds – the equivalent of extranets for clouds. But perhaps the most critical issue is the new and numerous security holes opened up by virtualization  and cloud computing.

“A hypervisor needs hypersecurity,” Hattar said. We have to rethink our security approach because when we virtualized, it increased complexity. In cyberspace, there are a lot more points of entry.”

Cisco has noticed new forms of malware sprouting up in a virtualized environment, some of which could detect and adapt itself to a virtualized infrastructure. She stressed that enterprises embarking on virtualization and cloud computing need to plan copiously for operations, management, control and security of the new infrastructure.

‘Think holistically about the IT infrastructure and have a plan,” she said.

Her points were echoed by Novell President and CEO Ron Hovsepian, who said enterprises need to overcome challenges such as reduced spending, complex management and risk mitigation in order to have their heterogeneous IT assets work as a unified system.

“You have so much pressure on you to make these pieces come together,” he told the Interop audience.