I remember when I first started seeing virtualization really start popping up in the enterprise. It was slow and clunky. Of course I was already familiar with virtualization from my web hosting days. Running multiple instances of web servers on one physical machine allowed us to scale up a great web hosting business in the mid to late 90s. But when VMware burst on the scene in the early to mid 2000’s, I didn’t at first see the profound impact it would have.
Today of course we take virtualization for granted. Whether it is VMware, Microsoft’s HyperV, Xen, KVM or another hypervisor technology, they are in use throughout the enterprise. They have had a profound impact on the quantity and types of hardware servers we use. In retrospect, virtualization may be the single biggest change in data center computing over the last 10 years.
Of course security has not been immune from or above the virtualization revolution. I remember not that long ago security admins and security vendors saying that you should never put security products in a virtual environment. It would be poor design to have a security solution share resources with other appliances or processes. Of course that argument seems pretty weak now.
In fact virtualization has changed security pretty drastically, the same way it has servers, storage and applications. We now see virtual security appliances performing just about every security function you can think of.
But there are two aspects of virtualization from the security prospective. There is securing the virtual environment and there is leveraging virtualization for better, more efficient security. It used to be that putting a physical security appliance in front of a virtual stack was considered securing the virtual environment. But then we started to see security technologies that were built into the virtual environment itself. These solutions made use of virtualization itself to better secure not only virtual environments, but physical environments as well.
Virtualization also drastically changed the business models. Think of Disaster Recovery (DR) for instance. When you are running a dozen different virtual servers on one physical machine, how do you price your DR solution? Is it based on how many physical machines, how many virtual machines, a combination of both? Many companies are still grappling with these questions and models. But the market will evolve and standards and norms emerge.
While virtualization is already huge in the large enterprise, its impact on the mid-market is still gaining momentum. How much virtualization technology is your organization deploying? As we come to the end of the year and start planning next year’s budget will virtualization be playing an ever increasing role? I bet the answer is yes.
If so, now is also the time to be thinking about virtual security. Not only in terms of securing your virtual environments, but in leveraging virtualization to make your security posture more efficient, more secure and safer.
If you are not planning on leveraging virtualization in your security plans, you may find yourself falling behind in your ability to keep your organization secure. Here are some resources on virtual security:
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet