What Must Change

By Cameron Sturdevant  |  Posted 2008-09-15 Print this article Print

What is already clear in the nascent world of data center VM security is that the processor resource is the currency that governs security tools. Security products that consume even 2 to 3 percent of CPU per VM will likely soon be too expensive to implement. This is due to the cumulative cost of security-for example, on a physical host with four VMs, each protected with a security agent that uses 3 percent of physical CPU  (for a total of 12 percent)-when the physical server CPU utilization rate is now expected to be 70 to 80 percent. Adding the security overhead, the already sizable load on the physical CPU is a very hefty penalty.

Aside from CPU cycles, security policy will have to be adapted to face the new reality imposed by VM proliferation, spontaneity (sometimes online, sometimes not) and mobility. It is very likely that IT managers will have to increase the number and expertise of security personnel devoted to security policy creation and maintenance as the percentage of VMs increase in the data center. This is because security policy-usually defined as who is supposed to be able to access what resource with an allowed and expected outcome-is difficult under the best of circumstances. As I've outlined, the premise and current implementation of VM technology has created the opposite of the best circumstances for security policy development.

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel