Story image

Securing virtual environments key for channel

23 Nov 12

Securing virtual environments is the secret to unlocking revenue streams and gaining competitive advantage, argues Adam Biviano, Trend Micro ANZ senior manager strategic products.

Today, the question of customers virtualising their IT systems is not a matter of if they do, but how fast can they do it.

The cost savings and agility on offer are just too great to ignore; in fact, they could quickly find themselves falling behind competitors if they don’t move fast enough.

Given the strong motivations at play, it should be no real surprise that the subject of security is often overlooked when designing and building these new computing environments.

For an integrator this means there are significant opportunities on offer, if you know how and when to find them.

As your customers race down the road to virtualisation and then on to cloud, if they fail to acknowledge the security aspects of this journey they put at risk the very benefits they are aiming for.

For example, the last thing an infrastructure manager wants to see is an application owner refusing to migrate their systems because compliance mandates cannot be met.

Problems ahead

I see this more often than not – a completely re-architected computing environment with new servers, networking equipment and state of the art storage systems. However, the security technology and models from the old environment are just expected to work as they did before.

Unfortunately this is often not the case. The fact that security was not a core focus during the original design process means a series of problems now start to pose a threat to data and applications, such as:
Resource contention – security technology is known for being relatively resource intensive.

Consider the performance of your own workstation when the anti-malware scan occurs.

While this may be an inconvenience on a physical server or workstation, the problem magnifies within virtual environments, potentially causing significant performance degradation or even crashes when the shared nature of storage, networking and CPU resources are factored in.

Blind spots – security systems and policies designed for physical environments are often static and hierarchical.

Appliances placed on key egress points do not have visibility within the networks that exist only within the hypervisor, meaning that either traffic needs to be routed out to the security appliance to be screened then back in again, causing additional hardware load, or compromises are made, meaning the traffic is just not screened at all when it passes from one zone to the next.

Out of date systems – one of the benefits of virtualisation is that it becomes simple to create, store and replicate workload images.

Operating systems, applications and security software need regular updating, which means these images become out of date, and at risk of attacks soon after they are created.

Once one of them is brought online from a dormant state a window of opportunity exists for a compromise to occur until they are brought up to date.

Unfortunately these factors can conspire to become a perfect storm. A common response to resource contention problems is to deactivate the security agent located within individual workloads.

This leaves them exposed to the networking traffic that is no longer being screened for attacks. Couple this with new virtual machines being brought online from out of date image libraries and you have the recipe for a serious incident.

Mortar mix security

While this may sound pessimistic, the answer is actually straightforward. At the time the new environment is being designed, use this as an opportunity to also adapt the security strategy.

Not only will doing this mean these problems are addressed, but you will find that the power of virtualisation can be harnessed to deliver a more secure environment than the old physical one ever was.

Imagine being able to, with a click of a mouse, enable services like intrusion protection, anti-malware,  encryption, virtual patching and integrity monitoring for certain parts of the environment, but not for others.

With security technologies that are designed for virtualisation environments you can easily align the security needs of different workloads with the requirements of the business. The initial investment will easily be justified by way of savings with ongoing management and troubleshooting activities.

For an integrator who builds security into virtual environments, it means significant opportunities for increasing revenue and customer satisfaction.

You will have additional products to add to a proposal and the related professional services for deployment and ongoing management are quite lucrative.

My advice is to step out from the crowd by blending security into the mortar mix of the environments you build.

With the right tools and knowledge you will easily be able to demonstrate how a virtual environment built around security will better deliver your customers’ high level goals than one where security is an afterthought.

You will be seen as leader in your field by bringing up concepts and ideas your competitors may miss, at the same time as increasing the value of initial investments and securing longer term revenue streams.

Opinion: Critical data centre operations is just like F1
Schneider's David Gentry believes critical data centre operations share many parallels to a formula 1 race car team.
MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Schneider Electric's bets for the 2019 data centre industry
From IT and telco merging to the renaissance of liquid cooling, here are the company's top predictions for the year ahead.
China to usurp Europe in becoming AI research world leader
A new study has found China is outpacing Europe and the US in terms of AI research output and growth.
Google says ‘circular economy’ needed for data centres
Google's Sustainability Officer believes major changes are critical in data centres to emulate the cyclical life of nature.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.