Virtual reality

As regional enterprises take to virtualisation across server and storage platforms, it becomes imperative that they re-examine their security investments and modify the organisational mindset to protect their information systems and data better. Sathya Mithra Ashok explores the subject.

Tags: EMC CorporationExtreme Networks IncorporationInfrastructureSymantec CorporationUnited Arab Emirates
  • E-Mail
Virtual reality
More pics ›
By  Sathya Mithra Ashok Published  November 16, 2009 Network Middle East Logo

Virtualisation is probably the most discussed technology move today among organisations in the Middle East. The multiple benefits that these set of technologies can bring across the server and storage platforms has created a situation where more and more enterprises are discussing implementing it or taking due steps to deploy it.

As Fadi Ayoubi, systems engineer at Cisco puts it:"Virtualisation is becoming one of the most important aspects of today's networks due to the efficiency it provides in deploying new services and making them available within the corporate infrastructure. Virtualisation within the network infrastructure in general, and in the data centre in particular, is pushed by most vendors and is getting adopted by enterprise customers. This change towards virtualisation is creating new challenges for infrastructure and security teams in providing consistent levels of isolation, monitoring, and policy enforcement - similar to what is available with physical servers and systems today."

The virtualisation of information systems within enterprises should go hand-in-hand with adequate measures to safeguard these systems. However, security remains of low priority to many regional organisations that are actively working with virtualisation.

"A large number of virtualisation projects in the Middle East are either in the testing phase, or are being deployed to support non-critical applications rather than transaction-heavy functions that involve the interchange of large quantities of data. Under these circumstances, security is not a top consideration," said Johnny Karam, regional director at  Symantec.

Even when they do consider security while deploying virtualisation, most organisations do not realise that defending a virtualised environment is quite different from protecting a physical one.

"Virtualisation introduces a different set of security issues - one related to virtual machines (VMs) and the hardware layer. With the hardware layer such as graphics, network and processor cards gaining access to the VMs, they see everything in these machines. In a virtualised environment, if the host is compromised, it is possible to take down the client servers hosted on the primary host machine. Hence, in a virtualised environment the security of both the VMs and its host systems are primary," points out Guru Prasad, GM of networking and security at FVC, value-added distributor for Google Enterprise, delivering service and support on its behalf in this region.

According to Rubén Espinosa Gil, regional marketing manager EMEA South of RSA, the security division of EMC, ideal security solutions for a virtual environment need to be information-centric, contextual and risk-based, capable of maintaining their effectiveness in a virtual world and eventually living in the enterprise cloud.

"Extending enterprise security controls to virtualised applications - enabling persistent, pervasive and scalable deployment of security solutions across the virtual infrastructure - requires a four-pronged approach - assess and understand risks, secure the virtual infrastructure and leverage it, and secure cloud computing," added Gil.

As most regional enterprises are new to virtualisation and its associated functions, they often tentatively use the same solutions and processes being used for their physical environments.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code