Virtualisation security trends

Gartner says firms need to understand virtualisation trends

Tags: Gartner Incorporation
  • E-Mail
Virtualisation security trends Eric Ahlm from Gartner says that a key benefit of server virtualisation is the layer of hardware abstraction it creates between x86 hardware and the operating system.
By  Eric Ahlm Published  March 12, 2013

Eric Ahlm, research director, Gartner, says that it is essential for enterprises to understand the trends that drive virtualisation.

Server virtualisation is a mature technology, providing a foundation for cloud computing and cost-effective, greener datacentre projects. It is safe to say that server virtualisation is well on its way to becoming mainstream and enterprises will continue to seek ways to expand their server virtualisation practices. It is important to understand the trends that not only drive virtualisation itself, but how they can impact network security.

1. Virtual servers can create security blind spots

A key benefit of server virtualisation is the layer of hardware abstraction it creates between x86 hardware and the operating system. The list of benefits this brings server administrators is quite measurable and has significant business impact. A by-product of this layer of abstraction created by server virtualisation is that the networking layer is now also virtualised. Virtual network interfaces are created on each virtual host that plugs into a virtual switch controlled by the hypervisor.

The challenge is that not all network security controls have visibility into the virtual network that resides in the hypervisor. This can create blind spots in security controls that are monitoring only the physical network. Attacks that happen on the virtual switch will go undetected until they happen on a physical network with security controls. Any security control that depends on detecting information of interest from the network is ineffective in the virtual switch unless the control itself resides or can see the data traffic in the virtual network.

2. Inserting non-virtual network security into virtual network can ‘break the cloud’

Using non-virtualised network security controls certainly is a viable method to add security to a virtual server environment. The challenge arises when the insertion of non-virtual network security controls adds an additional cost burden to server consolidation, slows business agility or otherwise inhibits the business from benefiting from server virtualisation.

A key business driver for server virtualisation is physical server reduction. A crucial metric for server reduction is the density of virtual servers to physical server hardware. The denser, the better the cost savings, and therefore, the business will always drive for consolidating more servers together. This presents a problem for security teams when servers with different zones of trust are asked to share the same virtual environment. Although not new, as virtualisation and server consolidation continue to become mainstream, security providers will be expected to align technologies toward business goals of cost savings.

3. Business will continue to question security restrictions against server consolidation

Server virtualisation benefits are so big for a business that continuing to work outside that model could lead to career suicide for enterprise security managers and is a situation they are likely to attempt to avoid. Gartner believes enterprise security teams are expected to enable the cost reduction, rapid deployment and server agility for as many virtual server assets as possible. Security technology providers should understand the dire situation their buying centres are facing and address those concerns in product messaging. For example, when marketing a virtual security technology, highlight the capabilities it can bring the business equal to the security functionality it has. This will better align with IT security managers who are in the role of server virtualisation enablement.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code