Government Computer News
Virtualization: History repeats itself with a search for security
SAN FRANCISCO—The information technology industry has a long history of developing and implementing technology first and thinking about security later. The latest example is the virtual machine, a host hardware platform running multiple guest operating systems.
Digg
De.licio.us
Slashdot
Technorati
“People are no longer talking about whether they should pursue virtualization,” said Alan Shimel, chief strategy officer at StillSecure. “That train has left the station. There are too many benefits.”
But along with those benefits come a whole new set of security concerns, which traditional hardware-based tools do not adequately address. Virtual machines contain all the vulnerabilities of the operating systems and applications they are running, along with vulnerabilities created by the new relationships and flexibilities of guest operating systems running side by side on a single platform.
“Once again, security was an afterthought,” said Mark Boltz, senior solutions architect at Stonesoft.
“We see a lot of organizations rolling it out first, and only later dovetailing it into the security planning,” said Chris Farrow, director of product strategy at Fortisphere, a start-up company focused on virtual machine management. “The problems of the past come back to bite us in new and different ways.”
But as the presence of these companies, and others, at this week’s RSA Security conference indicates, the industry now is paying attention to virtual security.
“Every year at RSA there is a belle of the ball,” Shimel said. “I think this year virtualization and security is that topic.”
“Nobody was talking about virtualization, and certainly not virtualization security, 18 months ago,” Boltz said. “Now, virtualization and security are the topics of the year.”
The attention primarily is on server virtualization, and the drivers are real estate and rack space, hardware costs, energy costs and speed of provisioning. By using virtualization software such as that from VMware to allow multiple operating systems to use the same hardware, costs can be reduced, provisioning time cut and resources can be used more efficiently. Resources once consigned to an outside data center can be brought in-house.
But this also breaks the tightly coupled relationship of hardware and software, with one operating system and one application on a server, and reduces or eliminates the ability to physical segregate elements.
“It’s all dynamic, it moves around,” Farrow said. “I can’t just walk up to a rack and yank a cord out any more.”
| |||
| Latest News |  WashingtonTechnology.com |
FCW.com |
|
GCN.com
The latest technology news from GCN.com
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
 |
![1105 Government Information Group [happiness]](/images/1105logo_website.gif "Government Computer News [happiness]")
© 1996-2008 1105 Media, Inc. All Rights Reserved.
