Securing the virtual perimeter

Companies looking to virtualisation need to consider the security angle, Trevor Dearing, EMEA Network Strategist, Juniper Networks, tells NME.

Tags: Juniper Networks IncorporatedUnited Arab EmiratesVirtualisation
  • E-Mail
Securing the virtual perimeter Protecting a virtualised environment requires security to be virtualised too, says Dearing.
By  Mark Sutton Published  June 21, 2010

Companies looking to virtualisation need to consider the security angle, Trevor Dearing, EMEA Network Strategist, Juniper Networks, tells NME.

NME: The industry has been very keen to promote virtualisation, but you have been speaking about some of the security concerns – what are those?

Trevor Dearing: The cost benefits of virtualising servers is fairly obvious and people are becoming very enthusiastic about that, but some of the challenges are the effect that then has on everything else that you do. Historically, when you created a security policy you would deploy a firewall, and control the flow from this IP address which is that physical device to this IP address which is that user on that physical device. In the virtual space, that goes away and that IP address can be move around, it can appear and disappear; the applications can move, the users can move, things like this.

The result of that is you have to do things differently with your security; you have to virtualise the security, and you have to almost turn security into a service. You have to manage flows of data, protect the application, you have to protect the virtual machines, the hypervisor and things like that and you have to automate the process. So the thrust or the message to the CIO is really before you go rushing down the track of virtualisation, make sure you take the security with you. If you don’t, you could end up in some real problems. The same is true of the physical network infrastructures as well, because if you don’t apply a level of virtualisation to that you end up with just a big mess that’s unmanageable.

You need to simplify the hardware as much as possible and make a lot of it more software controlled, so eventually, what you actually want is just a completely simple flat network infrastructure that you can then lay over the top of that, virtual flows based on applications and where users are and things like this.

NME: Is Juniper helping companies to realise that?

TD: We are making some very powerful hardware that can be virtualised to a huge extent from both security aspects and the network aspect. Also what we have done is open up our operating system to third party developers and we have done that at several levels, it’s either directly on the box, either directly on the client side and also Web 2.0 interface platform, That means that companies can develop automation software, they can develop provisioning software, they can develop all sorts of applications to make the whole thing work better together. The result of all of this is that all those things that we are doing are driving support for virtualisation, and ultimately cloud.

NME: Have companies already made the mistakes of virtualisation or is it a realisation that there could be problems in future?

TD: There is a bit of both. People claim that 30% of all new servers are virtualised - I would have thought it would be more than that. To a certain extent I think people have done it in a low risk environment so far, and I think they have done it in a very quite a simplistic way and they have hand cranked a lot of the security stuff.

The scalability will grow and also there is the internal issue if you are virtualising everything, of who owns the storage, who owns the application, who owns the servers? Is it the people that own the server own the virtual machine?

The other part that’s next to that is the cloud is a virtual world and there have been some issues, where people have put information into the cloud and the provider they have done it with has gone broke. There is the whole responsibility and the compliance issues around who owns the data, where is the data, how you control it, those things that are going to be important.

Hopefully we are early enough in the cycle that people will worry about security, over the last six months I have seen it move up the scale of people’s concerns.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code