By Sanjay Raja, product marketing, virtualization security
After speaking with IT administrators responsible for migrating physical servers to virtualized servers, I've noticed that this migration is just the stepping stone for enabling the broader move toward cloud computing and cloud-based service models.
As part of this migration, the move to a private cloud is often a logical first step. Many organizations adopt this model because it provides dynamic scalability, automation and metering or charge-back to make the most out of IT infrastructure. This is all done without giving up the control and security to an external provider. This is always a big issue with most security admins, and rightfully so!
The funny part is many of the people I talk to who say they are only operating private clouds (if they even admit to that) are actually using hybrid clouds—where part of their infrastructure is hosted externally. And they have been doing so for years now!
How many companies are using services like Salesforce.com? Yep, that’s a cloud-based service. How about Paychex or ADP? Yep, that is a cloud-based service too. I've used these applications for many years now, and easily forget they are really cloud-based applications.
As much as we talk about migrating the least critical assets into the cloud, that move has already occurred. In fact, I would say many company’s customer databases and financial records of your employees are fairly important.
So what about cloud security? The answers can be found with virtualization.
The big question to ask when it comes to public cloud: How do you know if your critical assets are secure in the public cloud?
But first, let’s take a step back to the beginning and talk about the enabling technology for the cloud: virtualization. Here the questions to ask are:
- Do I know if my virtual environment is secure?
- Have I maintained my compliance objectives when moving to virtualization?
- Could I be compromised right now?
- How do I know?
The fast-paced move to virtualization brings great benefits with it. Only now are organizations realizing that they’ve given up a lot of security, and more importantly, the visibility that was in place in physical environments.
So now as we move into hybrid and public clouds that all use virtualization technology, the same questions arise.
- How secure is your data?
- Does your provider have security controls and technology in place?
Tackling security challenges on the path to virtual and cloud computing
The migration from physical to virtual to the cloud presents a new set of security challenges. In order to address these new challenges, organizations really need solutions that:
• Leverage existing security investments to secure virtualized environments
• Purpose-built for virtualization security solutions
• Deliver an integrated framework for securing physical, virtual and cloud infrastructure
• Adopt industry leading virtual data center threat research and mitigation
The big risk is that you don't want to be on the news. And you also don't want the auditors, whether internal or external, telling you that you are longer secure and compliant—just because you saved a lot of money on moving to virtualization technology.
You need to find a way to get that ROI yet still maintain the security levels and performance levels you had before in a physical environment.
Here’s one solution: HP TippingPoint’s Secure Virtualization Framework has been developed in order to address the security challenges IT organizations are facing when migrating to virtual and cloud environments.
Let us know what challenges you are facing as you migrate from physical to virtual to cloud. Think on it—and I look forward to continuing the discussion at Interop New York 2011.