In the last few years, virtualisation and cloud computing have transformed the way organisations do their information processing.
However the rapid adoption of these technologies, often driven by an urgent need to save money, has created a new set of headaches for security professionals.
A recent study that we conducted with research firm Vanson Bourne confirms that in the rush to adopt these new technologies, security has often been treated as an afterthought, and has left firms struggling to keep themselves safe. Of the 100 IT decision makers interviewed for the study, more than a quarter said that security had been given too little attention during their virtualisation process, and only 16 per cent judged that security had been integral to the project.
Just as worrying, interviewees felt that the virtualised environment was more complex and that this had made systems harder to manage. The vast majority (96 per cent) said they were struggling to manage these more complex IT infrastructures, and one in five said that patch management was now more difficult in the virtualised environment.
A similar story emerged in the area of cloud computing, with 39 per cent saying that using Infrastructure-as-a-Service had made it more difficult to manage security.
Despite these findings, it's important to establish that security need not suffer in a virtualised or cloud computing environment. On the contrary, if organisations take the rights steps and adopt the right tools to manage security in this more dynamic IT model, then they can reap all the benefits without laying themselves open to more security breaches. Virtualised environments present organisations with new security risks and demand a new security mindset to tackle these accordingly.
Using the right tools for the job is essential. The great majority of respondents (85 per cent) said that they were using the same security tools in the virtualised environment as they had when they had been running traditional physical servers.
Despite the need for greater security, they had stuck with their old anti-virus, intrusion detection and firewalls, even though the environment in which they were operating had been completely overhauled. No wonder then that they were struggling to manage their security with inappropriate tools, and that they felt they were more vulnerable to a future breach.
With the right tools in place, it is possible to create a single security model across the whole of the IT infrastructure: physical, virtual and cloud. One security model can be managed from one console; making the task easier and the security tighter.
This single model, managed from a single console, can ensure that security follows the workload as it shifts around in the dynamic environment. It means that when machines are relocated in the virtual environment or cross the border from on-premises into the cloud, security controls can move with those machines and maintain their integrity.
Finally, it's essential for the security team to play an integral role in any virtualisation or cloud project, and to be involved right from the start. Both the information security and data centre management teams need to collaborate closely to achieve a high performing and secure virtual environment.
In that way, security questions can be tackled at an early stage, and the complexities of these new more dynamic environments can be managed without any unwelcome surprises.
Michael Darlington is technical director of Trend Micro