Information Security, Virtualization, and the Journey to the Cloud

According to ESG research, virtualization technology investments top the priority list in 2010 as nearly 60% of large and small organizations will increase their spending on virtualization technology. Why? Because its optimization and efficiency benefits are measurable and real. Given this, many firms plan to expand their use of virtualization by increasing the number of virtual servers in use, virtualizing applications, and moving forward with virtual desktop projects.

This progress is just the beginning of a multi-year journey from IT virtualization to a future of cloud computing. ESG believes that resource optimization, efficiency, and, surprisingly, IT security will improve through this journey. This paper concludes:

  • Virtualization is the “onramp” for the journey to the cloud. ESG believes that thus far, virtualization projects have been focused on test and development or workload consolidation. Moving forward, IT organizations will use these experiences as the “onramp” for a virtualization journey that culminates in dynamic public/private cloud computing. To reach this destination, they will proceed through three phases: 1) an enterprise phase where new virtualization skills and tools align virtualization technologies with mission critical systems, 2) a dynamic phase where technology silos and IT organizations merge to take advantage of the automation and mobility of virtualization and create real private clouds, and 3) a cloud phase where open standard private clouds interoperate seamlessly with community and public clouds.
  • Security concerns—and misinformation—remain. While the benefits of virtualization and cloud are understood, real security issues and virtualization security knowledge remain elusive. Risk-averse security professionals believe that virtualization does not map with existing physical security controls, understand all of the security safeguards designed into virtualization technologies, and are unaware of many new advances in virtualization security technologies and tools.
  • Security can improve through each step of the journey. As the journey to the cloud progresses, CISOs’ concerns will be addressed one by one. During the enterprise phase, security vendors will take advantage of APIs, standards, and partnerships to deliver new solutions with virtual form factors and intelligence. As the dynamic phase begins, security vendors will tightly integrate with virtualization management for automation, monitoring/reporting, policy management, and command-and-control. Finally, in the cloud phase, in-house security organizations will be able to enforce security policies or monitor security events in private and public clouds. The important point here is that, with the right planning, training, and technology implementation, the move to virtual IT can actually improve security defenses, increase visibility, automate operations, and decrease costs.

Virtualization Remains White Hot
The data is clear: Virtualization technology is the top IT spending priority for 2010. Why? The obvious reason is that virtualization technology offers a multitude of operational and cost benefits. Organizations continue to use server and desktop virtualization to centralize IT resources, improve hardware optimization, reduce system maintenance, and streamline IT operations. Virtualization technology also appears to be an IT “gift that keeps on giving.” ESG research points out that IT organizations are capitalizing on virtualization technology by consolidating more servers on virtual platforms, improving backup/recovery on virtual servers, expanding the number of applications deployed on virtual servers, and using server virtualization technologies like VMware VMotion to improve disaster recovery (see Figure 1).

[Download not found]