Pain points

Virtualisation is proving attractive to the region’s top enterprises, but to their IT managers, it’s nothing but a headache to manage. Piers Ford reports.

Tags: Blade Network Technologies IncorporatedCiena CorporationFortinet IncorporationStratusSymantec CorporationUnited Arab Emirates
  • E-Mail
Pain points One of the most common mistakes CIOs make is ignoring the link between the new virtual network and the ‘real’ network, says Fortinet’s Bashaireh.
More pics ›
By  Piers Ford Published  November 24, 2010

Despite all the hype heralding its arrival, virtualisation is still in its infancy in the Middle East, with security concerns among the main obstacles that vendors must overcome to win the hearts and minds of ICT decision makers.

A virtual server is just as secure as a physical infrastructure, promise the marketers. But that’s assuming that the business already has a comprehensive security policy that addresses the integrity and protection of corporate data in a virtual world that, by definition, is not under the immediate control of the CIO who is responsible for it.

Mashood Ahmad, regional managing director, Middle East, at network transition specialist Ciena, says vendors must adopt marketing strategies that embrace the challenges and risks that come with virtualisation, rather than focusing purely on the benefits – efficiency, more effective use of hardware investment, the elimination of costly but superfluous network capacity, and the significant CAPEX and OPEX savings promised by the cloud model.

“Virtualisation brings new challenges to the table – in particular, concerning security,” he says. “The protection of a company’s business data is critical to ensure its survival. A comprehensive security approach will encompass three key elements for success: server security, at-rest encryption and in-flight encryption.”

The focus, he says, tends to be on the security of data at rest, whether it is adequately protected, whether other virtual machines (VMs) can access it, and whether the backup is secure.  But the fact is that data is most at risk the moment it leaves the data centre – virtual or otherwise – and this is something that every security policy should recognise.

“CIOs must consider that virtualised servers are usually remote from the business, so all data will be passing over the network at some stage,” says Ahmad. “IP security breaches are an important and frequently recurring threat, so failing to protect the network is a fundamental mistake.

“When considering a move to virtualisation, a prudent CIO will look at the entire data path. In-flight encryption should be a major consideration when developing an effective virtualised security strategy. Securing the data in a virtualised environment while running a completely unsecured network is a bit like locking all the windows in a house, but leaving the front door open,” he continues.

In some ways, the perception that migrating to a virtualised environment is a simple process of swapping a physical infrastructure for a virtual one is unhelpful because it doesn’t encourage looking at the entire data path with fresh eyes.

In the financial services sector, for example, a CIO might be preoccupied with concerns that VMs won’t deliver the performance or scalability they need, and that the virtualised model might actually increase the risk of downtime. In fact, says Pieter van der Merwe, availability solutions architect at fault tolerant computing vendor Stratus Technologies, these concerns can be addressed with proper benchmarking. But ICT strategists ignore the need to look at the impact of virtualisation on their security policies at their peril.

“I was recently involved in one project where the security officer said the policy was air-gapped – that is, the two systems were not allowed to be linked in any way, as if that was all that was required,” he says. “When I asked how he’d prevent security leaks via a memory stick, he couldn’t answer. You might think you’re safe but if you don’t take human behaviour into account, there will always be some kind of loophole.”

Networking vendors naturally claim that on the architecture side, they’re moving rapidly to anticipate the security requirements of virtualised environments. Fortinet, for example, says it has been securing virtual architectures since the arrival of Virtual Domain (VDOM) technology back in 2004.

“A large percentage of CIOs are seriously contemplating the benefits of cloud computing, and research shows that the virtualised security market is expected to be worth $1.6 billion by 2014,” says regional director Bashar Bashaireh.

“We were one of the first to introduce four new virtual appliances that deliver security across virtualised and cloud environments. The technology enables service providers to differentiate their on-demand platforms with a full range of value-add virtualised network security services.”

Bashaireh says security worries are now a much less common reason for CIO resistance to the virtual model, and that viable solutions rather than hype are proving the value of virtualisation in the region.

Another factor, according to Charles Ferland, Europe Middle East and Africa vice president and general manager at Blade Network Technologies, is that a number of best practices are beginning to emerge.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code