While virtualisation is here to stay there is a challenge to make it work.

Jim Johnson, CEO and president of Tripwire, has claimed that virtualisation will help people realise how to re-evaluate and how to deal with change and compliance. The challenge he claimed though, is that the control point is ‘useless' in comparison to hardware infrastructure where you can go to a network engineer and get a problem fixed.

Johnson said: “Virtualisation has a different mind process so it will not work. I have talked to organisations in the US and the UK and with both they have said that virtualisation is being driven by the CFO and he says that there should be no more data breaches.

“Look at the backup costing, there is tremendous cost in utilisation and the problem is that there is no management tools yet. It is the same as its physical counterparts – you try to draw the cost savings but you need to know how to do control.”

Johnson claimed that control may be driven from one of three focus points - security, compliance and operations - but all three have to come together to serve the organisation and compliment with security and regulatory needs.

“You need to deliver a service and protect the customer, the brand and the company. You can do all three with a top down driven policy approach. There is no question that virtualisation is here to stay, the question is to make it work,” said Johnson.

He further claimed that there is more of a ‘blame culture' in the UK when it comes to vulnerabilities and errors. Commenting on recent instances involving the Guardian and Yahoo, Johnson said: “The thing we are seeing differently from the US is the belief that you assume you have relieved yourself of responsibility by outsourcing. In the US the brand manager is saying ‘it is our fault as it is our brand'.

Rekha Shenoy, director of product management at Tripwire, said: “People use Tripwire to prove that change is authorised every time it is made, and that it is constant with policy. This is the only way to guarantee that you stay compliant.

“It is amazing how many production servers that do not have password authentication setup; these are the kind of things that are the first line of defence. There are multiple happenings that you want to know about and this tells you as soon as a vulnerability is created and who did it, as a lot of this is done by your guys. This is a big deal but you can identify the person who did it, but in general in IT it is the last person who is identified.”