Organizations need to think about virtualization-specific security technology when upgrading their data centers instead of relying on existing measures, such as the trust firewall.
As organizations increasingly use virtualization in their
data centers, they are becoming more aware of the need for proper security to
defend against threats
, according to a new research report.
As organizations make the shift to virtualization and cloud
computing, they run the risk of introducing "new obstacles" such as
inconsistent network policies and security loopholes, according to a McAfee and
Brocade report released May 31. The biggest threats were targeted attacks and
security breaches, the respondents said.
About 62 percent of respondents were planning or were in the
process of a data center upgrade. Half of the respondents have either
implemented or were planning to deploy private clouds within their
"Companies investing in full scale virtualization are now
running into network and security challenges," said Rees Johnson, senior vice
president and general manager for network security at McAfee.
Nearly 77 percent of respondents rated threat protection,
such as intrusion prevention, as "critical" or "important" in the survey.
Approximately 26 percent were the most worried about targeted attacks against
their virtualized infrastructure and 24 percent said security breaches were
their biggest concern.
In comparison, 32 percent named bandwidth and traffic
engineering and 29 percent reported scaling server virtualization.
Virtualization "comes at a cost," and traditional networking
architecture is not "best-suited" to handle the demands of a virtual
environment, McAfee said. Nearly half are relying on the same security model
that they used with physical servers, the report found.
"Virtualization, especially in the context of private
clouds, introduces unique operational and security challenges," Johnson said.
can fail when applications are
"decoupled" from the physical resources they rely on, according to McAfee.
About 18 percent of the surveyed professionals had also reached the same
conclusion and were exploring other methods.
About 40 percent of the survey participants said virtual
machines introduce operational complexity and 25 percent said it was a
challenge to secure trust boundaries. Trust boundaries can be as simple as figuring
out who has login access to the server box that hosts the application. Someone
who has control over a hypervisor has the authority to start, stop and modify
all the virtual machines inside.
In a virtualized environment, virtual machines can be moved
around to optimize hardware space, network bandwidth and available processing
power. While the ability to move virtual machines is an "essential" component
of a "flexible" virtual data center, this capability also makes the environment
more complex to manage, according to Johnson. The protective measures in place
have to be able to adjust when the VMs move across hypervisors.
Additionally, physical firewalls are generally not designed
to handle the traffic from a hypervisor running several virtual servers.
While organizations are becoming more comfortable with the
idea of virtualization as a cost-effective and efficient way to upgrade the
data center, security remains a big concern, and organizations need to invest
in technologies that are specifically designed to inspect data flowing in and
out of virtual machines, according to Johnson.
The survey included 100 IT professionals and security
managers in North American companies with 500 or more employees.