- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - NATIONAL HARBOR, Md. -- The rush toward virtualization of internal enterprise computing resources and cloud computing can have many advantages, such as server consolidation, but it's largely outracing traditional security and identity management practices. That's leaving huge gaps, a sense of chaos and questions about where security products and services should be applied in the world of multi-vendor virtual-machine (VM) hypervisors.
"Virtualization will radically change how you secure and manage your computing environment," Gartner analyst Neil MacDonald said this week at the annual Gartner Security and Risk Management Summit. "Workloads are more mobile, and more difficult to secure. It breaks the security policies tied to physical location. We need security policies independent of network topology."
Gartner estimates almost half of x86-based server workloads are virtualized today, with VMware the clear market leader, but with Microsoft Hyper-V on the rise and Citrix a contender. Gartner advocates that enterprises plan to move to a private-cloud architecture. But at the same time, the consultancy acknowledged management tools and security really haven't risen to meet the occasion.
GARTNER ANALYSIS: IT should be planning, moving to private clouds
"The hypervisor will be less secure than the physical systems they replace," MacDonald said. "The integrity of that bottom layer is paramount. The hypervisor layer you don't want compromised."
Today there's often a "lack of visibility and controls on internal VM-to-VM communications," said MacDonald. "Should VM No. 1 be talking to VM No. 3? How do you know they're not attacking? The traffic never comes out onto our physical network." Some companies are willing to live with this uncertainty, others not, MacDonald said.
But it's questions such as these that demand to be addressed to find out what options exist to tackle virtualization and cloud security. In MacDonald's view, there needs to be a wide range of security controls in the VM, such as virtual firewalls, intrusion-prevention systems and antivirus, in addition to load balancers and traffic shapers.
Increasingly, vendors such as Altor, Cisco, Juniper, IBM, Hytrust, HP, Enterasys, McAfee, Catbird, StillSecure, Sourcefire, Reflex Systems and StoneSoft are offering virtual-appliance options for firewalling, monitoring and intrusion-prevention, for example. For the VMware platform, "Check Point has gotten furthest along," said MacDonald. "After a slow start, finally the big security vendors are making progress on their virtual-security controls."
VMware has provided VMSafe APIs to facilitate hypervisor-based "introspection" so that multiple software agents are no longer required. The need to deploy and run agent software has traditionally "been the bane of our existence," MacDonald acknowledged. But there are still a lot of questions about exactly how this works.
Trend Micro, seen as the No. 3 player in antivirus behind Symantec and McAfee, has been the fastest to embrace some of VMware's ideas on this, including support for VMware's latest security APIs, vShield in its Deep Security product that can perform A/V scanning for vSphere. Trend Micro has been charging less for VM-based A/V software, perhaps figuring "it has nothing to lose," MacDonald said.