All about Virtualization and Cloud Security | Recent Articles:

In this post, I’ll focus on Infrastructure providers (IaaS), though these points may be relevant to platform and software providers as well.

Infrastructure providers tend to be very good at providing security inside the infrastructure. However, not all providers go beyond infrastructure security. Instead, the model is to have a shared security where responsibility for security beyond the infrastructure is in the hands of end-customers.

In the simplest example, the provider sets-up a virtual instance running, say, Windows, but everything that runs within that instance, including operating system and applications, is the responsibility of the end-customer. On the IaaS side, this is completely reasonable theoretically, but it has potentially damaging results if the end-customer isn’t taking further steps to protect the OS or the apps.

Best interests and the role of security

As a VAR or managed services provider, you’ve no doubt received queries from many of your customers about server and desktop virtualization, and how they can take advantage of these technologies to improve business operations.

Some of these companies might already be dabbling in virtualization. But regardless of where they’re at with server and desktop virtualization, they’re also likely to be concerned about information security in this new environment. They want to be sure that their data and applications are safe from malware and other threats.

Without effective security strategies and tools that were created for the virtualized environment, some of the gains made possible by these technologies might be negated. Here are 5 key factors that you need to consider when evaluating anti-malware solutions designed for virtualized environments:

In a recent post about new technology paradigms for SME we have been trying to provide reasons for SMEs to consider the changing of their computing model from “IT to own” to “IT to use”. Questioning the model is useful always and may bring a great gain for the organization.However, the decision to change may pass over some bumpy roads.

Today we try to put you in front of a real life scenario.

Imagine that you are the IT Manager of a very dynamic organization of around 100 people. Change is the constant in your day-by-day work: you serve a very mobile commercial force, several executives that travel all time, and, among many, two groups (marketing and development) that remain in the headquarters but take work at home after hours too.

The driver behind server virtualization is clearly cost savings, while agility and flexibility also have value. This well-known return on investment is achievable because servers have fairly predictable workloads, tend to be rather static in their workloads (an Exchange server tends to stay an Exchange server).

Also, the number of servers that can be run on each CPU across a datacenter tends to be low because, generally speaking, they need more horsepower than an end-user system.

Virtualized desktops are quite different. The number of desktops per-CPU across a Virtual Desktop Infrastructure (VDI) is much higher than with servers. The environments tend to be highly dynamic, with instance being instantiated and destroyed at a high rate.

Naturally, trying to lead with cost savings as a primary goal of a VDI deployment is problematic. Instead, agility and flexibility are key.

I invite you to imagine how things were ten years ago when we were all younger and probably happier; IT models were clearly defined and all was logical and gradual, just an exercise of scalability.

You started with a few PCs, you were connecting them into a network, eventually adding one file server, then a mail server, and starting to think about security. But also security was easier ten years ago. Viruses, worms, and occasionally some successful attack from curious persons that were called crackers, and was pretty much all. We were adding something like 5 to 10 virus signatures per day, and that was enough.

Governments, federal, state/provincial and municipal, always face mounting costs when it comes to IT, this isn’t news.

And increasingly, many are turning to virtualization and cloud innovations to deliver better service to citizens. Virtualization and cloud technologies bring the promise of better data management and services within and across departments, the storage of the billions of records, and overall, a better user experience both for government workers and citizens alike.

However, security in these innovative environments is no easy task. Traditional implementations rely on a licensing model based on physical machines (per-seat, per-machine, per-year), which ultimately costs more.

But virtualization and cloud present an entirely different methodology, where ‘islands of hardware’ disappear, and the traditional security licensing model becomes troublesome.

March was quite a prolific month for dominant players in the Infrastructure-as-a-Service (IaaS) space. Recently, the public cloud pioneer Amazon Web Services entered the Desktop-as-a-Service (DaaS) market by announcing general availability for AWS Workspaces.

The newly-launched service offers four bundles of prebuilt software that is instrumental for the end-user experience. Licensing consists of flat monthly fees for each bundle, and among the cool stuff under the hood you’ll get coverage for mobile devices, Active Directory, PC-over-IP (PCoIP) support, persistent storage, and data encryption.

On top of it all, AWS-tailored security software is included in two of the available bundles, which is (for now) limited to a single security vendor. The way we know Amazon and their far-reaching vision in extending their service portfolio, they will most certainly consider integration with additional security vendors for future updates. 

As someone who interacts with Cloud Service Providers of varying sizes in geographies around the world, I have been giving thought to where we are, and ultimately what organizations will expect from the CSPs in terms of security over the coming months.

Ask any end user regardless of whether they are a multi-national with a Chief Security Officer or a SMB with IT personnel wearing multiple hats, and security is always at the top of the list. 

So why aren’t more CSPs looking to provide security beyond the basics? Over this and subsequent postings, we will explore what customers should expect, even demand from their Cloud Service Providers.