Simply Security - News, Views, and Opinions from Trend Micro

Posted on November 29th, 2011 in Virtualization by Simply Security | 2 Comments | Tags: virtualization

Stronger managerial leadership and internal communication will be key to leveraging virtualization for enhanced data security.

Efficiency, scalabality and affordability have traditionally been the primary business drivers for data center virtualization. However, if managed correctly, companies may soon discover the true benefit of the technology is actually enhanced security.

Both virtualization and cloud computing have gained unfortunate reputations for both complicating and weakening security defenses. As administrators struggle to navigate the learning curve of new technology and data security troubles continue to dominate industry headlines, this perception has become entrenched in many business circles. However, poor organizational management may be to blame for lingering vulnerabilities as opposed to inherently flawed architecture.

According to InformationWeek contributor Richard Dreger, a diffusion of responsibility is often at the root of virtualization security issues.

"As network boundaries blur and longstanding design paradigms fall by the wayside, how do we assign accountability for security?" Dreger asked in his latest column. "Because virtualization gives us so much power and flexibility, we're moving ahead at a breakneck pace, often without looking closely at whether security-assurance levels remain as the service delivery model morphs."

To bring virtualization management back in line with data security demands, Dreger suggested that a unified effort will be needed, requiring cooperation and communication between network, application, storage and security teams. Ultimately, the chief information officer must step up to the plate and ensure the proper checks and balances are in place to facilitate harmonious operations.

Dreger advised CIOs to begin by defining their business requirements and allocating the right combination of tools and personnel to each related function. This top-down approach is not only more logical, it is likely more effective for covering all bases and establishing true accountability. But open communication between teams will be required to ensure these plans are not only sound, but feasible as well.

With these management practices in place, IT departments will be in better position to optimize their virtual systems. This may be especially important in the coming years, as some industry experts have suggested that new advances will soon bring virtualization to the forefront of security strategies.

In a recent interview with Network World, Simon Crosby – the so-called Godfather of Xen server technology – suggested that virtualization holds the key to enhanced public cloud security.

"I think that when we look back in five years we will actually figure out that the core value of hardware virtualization is security," Crosby told Network World. "The key point I'm trying to make is that virtualization technology in general, through isolation, provides you a different context in which to execute code of different trust levels."

Virtualization Security News from SimplySecurity.com by Trend Micro