A long-time friend, Robert Mitchell, posted an interesting article, The scary side of virtualization, today and I’d thought that I’d comment. The interpretation Robert presented seemed to indicate that the CIOs that were interviewed had concerns about the security implications of the use of virtual machine software (spoken of as “virtualization” in the article). Since it is very, very likely that these CIOs have been using similar technology in their mainframe and midrange system environments for decades that the real concerns were at a lower level and can’t be directly attributed to the use of virtual processing layer.
It is my view that the story behind the story is that these CIOs were really concerned about the following things. Virtual machine software being used on industry standard systems simply put an intense spotlight on other challenges in these CIOs’ environments.
- A problem with data protection strategies and tools
- A problem with identity management allowing unauthorized users to perform strategic functions in the datacenter
- A problem finding and managing virtual servers and virtual clients is an asset management problem
In the end, this is really presenting a declaration that “I’ve failed to properly plan for security, for asset management, for identity management and for data protection in my own environment.” While these issues certainly can be exacerbated by the use of virtual processing software, the use of that software is not the root cause.
I’m reminded of an old proverb: “A bad workman always blames his tools.”
