As the world of virtualisation develops, the need to improve security in virtualised environments has become a crucial concern, according to Andre Grove, sales and financial director at Condyn.
Grove analysed the security risks in virtualised environments at ITWeb's Virtualisation of the Enterprise conference at The Forum in Bryanston last week.
“As businesses are seeing the benefits of implementing virtualisation, they should also adapt security solutions to integrate more tightly with virtualisation platforms,” he said.
According to Grove, the major trends in virtualisation are deployment, maintenance and provisioning of virtual servers. “Security is a neglected yet highly emerging focus area in virtual environments,” he pointed out.
Grove cited UK research firm YouGov, which reveals 41% of IT managers using virtualisation thought security was built into the virtualisation software. He added that some solutions are in a semi-live environment and typically get forgotten in the update and security protection process.
Grove argued that protection must be moved both closer to the users and to the assets (servers and data). “A lock on virtually every application and a control of every user is very crucial,” he advised, adding that remote access should not be treated differently from traditional internal access.
“To be compliant, there has to be extensive logging and traceability and polices must cover all types of access,” Grove pointed out. It's also important that all users be treated individually.
Grove gave security tips to organisations planning to virtualise their IT environments, such as applying security software to allow the virtualisation infrastructure to be extended to utilise cloud computing.
He added that employing security software could help reduce patching costs: “This can be done by applying virtual patches and Web application protection.” It can also reduce compliance costs for compliance thrusts like PCI.
Grove advised executives to act on their virtualisation security sooner rather than later: “Your investment in virtualisation might be at risk if security measures are not in place.”
Related stories:
Virtualisation makes waves
IBM unveils virtualisation tools
Virtualisation not a necessary evil, but a strategic enabler
Share