Security specialist McAfee announced the results of a commissioned study conducted by Network World on behalf of McAfee and Brocade. The study, which surveyed 100 IT professionals and security decision makers in North American companies with 500 or more employees, found that IT departments are now turning to virtualization, with half of the respondents having either implemented or are planning to deploy private clouds.
Yet, as organizations continue to progress down the path of implementing virtualization and cloud computing, they are facing inherent challenges that arise when applications are decoupled from the physical resources they rely on, introducing new obstacles such as traffic bottlenecks, inconsistent network policies and security loopholes.
The survey found that 62 percent of respondents are planning or engaged in data center upgrades, many due to increased use of virtualization. Additionally, 29 percent of the respondents report that scaling server virtualization is a concern and 32 percent report that bandwidth and traffic engineering are pressing issues. The results showed that virtualization comes at a cost and that traditional networking architectures are not always best-suited to handle the demands of a virtualized environment. Application security can fail when subjected to data center-wide server virtualization and application mobility.
“Companies investing in full scale virtualization are now running into network and security challenges,” said Rees Johnson, senior vice president and general manager for network security for McAfee. “Existing data centers have to be upgraded for the stringent demands of virtualization. Brocade and McAfee have partnered to address the key roadblocks for data center virtualization, providing new ways to ensure agility and efficiency in the network while providing comprehensive security services.”
Respondents view targeted attacks and security breaches as the biggest threats to the next-generation data center. When asked to rate security challenges, 77 percent rate threat protection (intrusion prevention) as “critical” or “important.” Twenty-six percent view targeted attacks as their biggest concerns and 24 percent think security breaches are their biggest concerns. However, although half are relying on the same security model for virtualization they used with physical servers, 18 percent have not decided this is the best approach when securing virtual servers.
“Virtualization, especially in the context of private clouds, introduces unique operational and security challenges,” Johnson said. “The ability to move virtual machines is essential to creating flexible virtual data centers, yet this same flexibility introduces operational complexity and makes it much more difficult to maintain traditional trust boundaries.”
In the survey, 40 percent of respondents said that moving virtual machines is challenging because it introduces operational complexity and 25 percent indicated a concern with securing trust boundaries. Both private and public cloud computing architectures rely on the virtualized data center to deliver increased business agility and scale. However, as the survey illustrated, the virtual data center has created a new set of challenges for application security and networking design.