How to secure the new data center

one application. The idea here is to minimize or eliminate any operating system configuration work on the part of the end user, thus permitting rapid and consistent deployment with relatively little expertise required from the installer. Applications for virtual appliances range from grid computing to SaaS to security.

As we often say, where there is a security need, there is a business opportunity. A virtual appliance can be created for any virtualization environment, but VMware is ahead of the field and has created a marketplace along with a try-before-you-buy Web site. More than 100 security-related virtual appliances are listed on the site. Only a fraction of those are from commercial vendors. The rest are applications created by internal groups or open source collaborations. Among the vendors listed are Astaro, with a unified threat management appliance; Paris, France-based Blue Lane, with a virtual patching appliance; Scotts Valley, Arizona-based Catbird, with a security agent; and Reading, Berkshire, U.K.-based Reflex, with an intrusion prevention appliance. “As this group of companies shows,” Hernick concludes, “virtual appliances, much as their physical-world kin do for the legacy data center, can fill many of the security gaps created by a virtualized environment.”

Also In This Report

>> Chipset futures: We look at the latest offerings from Intel (NSDQ: INTC) and AMD (NYSE: AMD) and analyze how their architectures affect security

>> From the experts: Insights from Intel’s Steve Grobman, Citrix’s Simon Crosby, and VMware’s Mendel Rosenblum

Get the full-length report at businessinnovation.cmp.com/

governanceWhile the tools to create a secure virtualized environment are now showing up, it would be a mistake to think that virtualization security is just about buying a different set of security tools. Greg Shipley, CTO of security research company Neohapsis, offers this advice: “Take a hard look at what threats you actually think you’re facing, and what tools or techniques (which might not involve a technology purchase!) are out there to help mitigate them.” Shipley maintains a healthy skepticism of security software vendors. He “can’t help but wonder if some of the vendors out there are simply looking at all the virtualization going on and saying, ‘Hey, how do I sell security to all these VMware shops?’ I think part of the burden on us users/consumers of the technology is to discuss what the true threat vectors are and then look to at tools.”

Virtualization will change the face of computing from the desktop to the data center. Getting security right requires reassessing the approach to and goals for security. Platform and network security, which have been the mainstay of most security efforts to date, will give way to securing data and restricting its use to only those who are, by policy, allowed to use it.