Virtualisation and cloud are bringing changes to data centres – and where the data is actually held. And that, says Trend Micro New Zealand's Peter Benson, brings security changes too.
As New Zealand organisations continue their shift towards virtualisation and from there into cloud, we are seeing significant changes in the very definition of the data centre and where data is held. With this shift, organisations – both new and established – are moving their applications, systems, and workloads into virtual environments where these workloads are mobile and exist 'somewhere'.
While there is still an onus on data centre providers to supply secure infrastructure and contractual controls around the security of physical, virtual and cloud environments, it is becoming increasingly difficult to actually locate where data and systems are physically situated.
Many data centres are moving to an infrastructure-as-a-service business model. While highly advantageous for organisations, this model often has the potential for confusion among business owners as to who holds the responsibility, implementation and operation of security controls against operating systems, applications, and data.
Some cloud providers are aiming to remove this confusion by moving toward a clear shared responsibility model when it comes to security, detailing who is responsible for what. The Cloud Security Alliance is also working on this important element of cloud, driving education and behaviours in security responsibilities. However, it is often when you get to the fine print in contracts thatthe nature of what is being delivered, and the nature of the security requirements, become clear.
Gateway to disaster?
As virtual workloads become more and more mobile, reliance on traditional gateway security for protection is not enough. Organisations now also need to consider what happens to their gateway security when they migrate an application workload from a data centre to a cloud provider. They need to look at whether they have virtual gateways that will migrate alongside these workloads in order to create a virtual data centre in the cloud ecosystem.
Many organisations can overlook this aspect of migrating data centres and applications, so it is important to work with security providers who can support both virtual security gateways and additional security layers for today’s highly mobile workloads.
Look at options that can secure data through encryption while also providing each application and virtual server with the security controls that would previously have only been at the physical gateways of traditional data centres. It is also crucial to include software defined security, security elasticity, automation and location awareness, as well as the ability to be mobile with applications and data.
Applying this approach will enable organisations to reap the many benefits of a virtual data centre while managing risk appropriately and effectively.
Data centre migration can be a daunting task to achieve in a safe and secure fashion, but new generation cloud providers and security products can ensure organisations are able to confidently and securely move their data, applications and systems; enabling New Zealand to do business in the brave new world.
Peter Benson is the New Zealand senior security architect for Trend Micro, a global leader in security software and solutions, which strives to make the world safe for exchanging digital information.