Meeting Security Challenges in Virtualized Data Centers
July 17th, 2012 By: Industry Perspectives
Peter Doggart is the Director of Product Marketing at Crossbeam. He brings 15 years of product and marketing management experience for international blue-chip companies.
A lot has been written over the past decade about how virtualization will save the day, reduce operating expenses and generally make life easier. But if we take a look at reports from leading research firms, it clearly shows that only 20 percent of the servers in the world are actually virtualized. If we zoom out a little further and take a look at the wider data center, the picture is even worse. According to a Crossbeam research study earlier this year that surveyed over 500 IT professionals, other critical components of the data center including storage, security and networking lag far behind application servers in terms of their usage of virtualization.
Why Virtualization Is Significant
Why is this so important? Virtualization is a key enabler in creating the Next Generation Data Center (NGDC). It allows IT organizations to transform their current complex, inflexible and expensive systems into an extremely efficient and agile environment that incorporates powerful concepts such as private and hybrid clouds. This can only be achieved however if all the data center components – including servers, storage, networking and security – are aligned and can work as one homogenous virtualized system. An analogy would be a powerful 500HP engine in a car that didn’t have the suspension or brakes to support it. You could never realize the full potential of that engine.
The lack of progress towards realizing the vision of a fully virtualized next generation data center was due to security, according to our study. Ninety-four percent of respondents identified network security as the number one reason they are stalled in efforts to transform their data center.
Although IT organizations today are comfortable with securing non-virtualized data centers with physical security appliances such as firewalls and IPS devices, those traditional devices are simply not up to the job when it comes to NGDC.
The following includes four security challenges IT leaders will need to consider as they move toward NGDC environments:
1) Aligning security to the pace of change.
One of the core benefits of virtualization is the ability to move, add or change application workloads, regardless of the physical server infrastructure. With a click of a mouse, IT managers can now shift virtual machines anywhere they want, but that doesn’t necessarily mean their security devices and policies are keeping pace. Traditional security appliances are not aware of the logical connections in the virtualized server environment, and therefore can’t automatically synchronize or segment data as virtual machines are moved. Most of the changes have to be made manually, which is cumbersome and time consuming. This manual approach eliminates the operational benefits that virtualization is supposed to provide in the first place. It also opens the door to human error and increased security risk.
2) Maintain the right level of security performance.
The ability to keep data centers in compliance with new security regulations, provide auditable records, and generally ensure the bad guys are kept out is a complicated and very processor-intensive task. Unfortunately, that task continues to get more intensive as organizations seek to enable additional security services such as IPS (intrusion prevention systems), application control and data leakage prevention, while at the same time coping with increases in the volume of data traversing the network.
This is one of the primary reasons we are forced to install very powerful physical security appliances. Although this can help, the data center is changing so quickly it terms of its risk profile and bandwidth requirements that organizations are forced to disable security features in order meet performance demands. Our research last year showed that 81 percent of IT professionals surveyed were disabling security features in order to meet the performance levels required to satisfy business demands.
The incessant demand for performance has led many organizations to upgrade before their security equipment has fully depreciated, amounting to unplanned downtime and additional operational work and expense.
In the NGDC environment where agility, speed and efficiency are critical, this traditional security model will not work.
3) Security must be proactive, not reactive.
The traditional data center security infrastructure evolved one problem at a time. With each new threat, IT organizations added a new point solution to their network infrastructure. Amazingly, this worked for a time since security could be treated as a silo, separate from the server, storage and network teams. Today, even in the traditional data center, this approach has major problems as the reactive approach has left many organizations with “appliance sprawl” that has forced IT staff to spend time managing a complex mess of products, rather than focusing on security and business alignment.
The NGDC architecture demands that all the components work together as one system, and this means security must become proactive in its approach. The security architecture must be as agile as the applications and must be scalable to cope with performance demands well into the future.
4) Invest in security expertise.
One of the fundamental findings from the research showed that the move to the next generation data center was being slowed by the lack of virtualized security skills and distrust in the technology.
Given that many security teams have been forced to architect and manage an array of physical appliances for so long, it is not surprising that the move to virtualize security faces skepticism. This challenge is actually an opportunity for both the business and individual IT engineer. IT organizations can use this as a fork in the road to outsource basic services that can either be managed remotely or hosted, allowing the team to refocus their efforts on learning and innovating with respect to securing a virtualized environment.
In summary, these four challenges are not insurmountable, but the right amount of focus is needed as well as the ability to step back and rethink how security has been deployed for more than a decade. Done right, virtualized security can provide significant returns for organizations willing to educate themselves and embrace the change.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.
[...] To read the entire article, please click on this link http://www.datacenterknowledge.com/archives/2012/07/17/getting-serious-about-security-virtualization… [...]