Security Think Tank: Six questions to ask about security and virtualisation

How should information security professionals get started with securing virtual environments?

Virtualisation and other next-generation technologies are the new norm for both traditional and cloud-based applications, but they expand the role of the network, and as such require some rethinking on securing that network.

Network security choices affect ongoing operational costs and uptime, but also the data passed over that network, and therefore the organisation’s reputation. As you rethink network security, consider the following.

  1. How flexible and scalable will your network security infrastructure be? It needs to be agile enough to allow for incremental and cost-effective expansion over time. Since the shift from physical servers to multiple virtual machines enables application workloads to be agile, applications can potentially move transparently from one physical server to another as user access peaks and subsides. Handling these peaks requires agile security for the intra-server traffic.
  2. Will the network security solution support your business uptime goals? Interruptions to firewall and other security appliances typically require manual efforts to rectify problems. When evaluating network security solutions, it is key to understand how different types of failures affect service availability and how much effort it would take to fully restore them.
  3. What level of protection will your firewall provide? Security products vary in their effectiveness against threats depending on the vector – application, file, web, email, or network. To achieve the highest level of assurance, security products across these vectors should be integrated.
  4. How beneficial would it be to further consolidate your security services? With the pressure to maximise resources and fulfil cost constraints, larger datacentres have become the norm. The concentration of computing, storage and networking increases the criticality of network availability and adequate performance. Consolidating all security services onto a single platform affords you the opportunity to add additional security inspections to the traffic flow very cost-effectively.
  5. How quickly will your firewall rules and security policies become outdated? A static set of firewall rules is not sufficient in today’s perpetually morphing threat environment. Security capabilities should be driven by up-to-the-minute information for reputation-based filtering.
  6. How easy will it be to manage? You need to centrally manage which users can access what applications. Having an automated mechanism to identify, set up, and manage a particular user’s access to particular portions of different applications reduces operational expenditure.

However consolidated your network security infrastructure is today, further virtualisation and adoption of cloud-based applications presents an opportunity to reduce operational expense and risk if you rethink your network security.

Gail Ferreira is product marketing manager at Crossbeam Systems


Read more on Privacy and data protection