Virtualization and security

Virtualization and security

Summary: It's easy to spot market trends when many vendors call to schedule meetings and all of them want to speak about the same topic. The topic du mois is security in virtualized environments.

SHARE:

It's easy to spot market trends when many vendors call to schedule meetings and all of them want to speak about the same topic. The topic du mois is security in virtualized environments. Some of the suppliers are taking a very broad view of both security and virtualized environments. Others still see virtualization as being equal only to the use of virtual machine software. Why do you suppose this is an area of such interest right now?

While many organizations do not have an overall architecture for their IT infrastructure and have allowed it to grow "organically" as business units acquired point solutions to meet their own business needs, this does not mean that security has been a forgotten topic. Most organizations have done their best to deploy the best client and server security software on their systems. Most have also gone the next step to secure their networks through the use of firewalls, dmz's and have set up their network infrastructure to minimize the surface area that can be attacked.

Why then is there such a sudden up swell of folks working on ways to secure virtual clients and virtual servers when they're going to be deployed in an environment that already has quite a few security measures in place? It seems to me that there are at least three reasons.

  1. Most organizations haven't developed an overall architecture and, so, their networks look like a patchwork quilt of systems, software and procedures. This often is exacerbated by an organization's M&A activities. If their own network wasn't complex enough, they merged with or acquired other organizations that had their own complex network. This complexity creates a concern about complexity, not really knowing what's going on everywhere, and an ideal opportunity for a sales person to sell something that will "fix" the problem that may or may not really exist.
  2. Virtual machine software is a fairly recent addition to an industry standard datacenter even though it's been a companion in mainframe and midrange machine environments for decades. The fact that it is new and its characteristics haven't been fully understood by all of the organization's decision makers offers opportunities for suppliers to create an environment of fear, uncertainty and doubt. FUD, of course, opens opportunities for a sales person to sell something that will "fix" the problem that may or may not really exist.
  3. The addition of virtualization technology actually does offer a new form of attack and that potential must be addressed with a whole gaggle of new security products.

I suspect that all three of these come into play in every organization's environment. Why do you think this is happening now?

Topics: Virtualization, Emerging Tech, Hardware, Networking, Security

About

Daniel Kusnetzky, a reformed software engineer and product manager, founded Kusnetzky Group LLC in 2006. He's literally written the book on virtualization and often comments on cloud computing, mobility and systems software. In his spare time, he's also the managing partner of Lux Sonus LLC, an investment firm.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • There is no one single factor

    Excellent article! I think you're right - it is a convergence of factors. Part of the issue is that existing tools don't necessarily have "virtualization awareness" so they don't always make an IT guy's job easier.

    Another factor is staff expertise. Since there are some subtle differences between physical and virtual configurations, *and* many of the IT folks don't understand those differences, they can make naive mistakes more easily. Essentially, they'r working in unfamiliar territory.

    Combine these with a "get it done" push and the fact that things can change more quickly in the virtual world. Now you've got people operating in a highly dynamic environment, with inadequate training and little experience.

    No wonder FUD is coming out to play.
    Dwayne M