Security: Don’t Leave (Physical) Home Without It

A lot of ink has been spilled recently in the press about cloud security, and even virtualized-server security. Many lead off with alarming headlines like this recent example that declares, “60% of virtual servers less secure than physical machines, Gartner says.”

Pretty scary sounding stuff. They’re saying IT needs to pay attention to, or even re-think, security in a virtualized world. I couldn’t agree more. You don’t want to end up with something worse than you already have.

Many go on to describe various approaches for IT teams to make their company’s virtualized infrastructures as secure as the physical systems they replace.

Hold on. That’s a showstopper. Why would any sane organization go through all that? Why move to entirely new ways of building and operating IT infrastructures—only to end up with something as good as what we already had?

The answer’s simple: they wouldn’t. I know I wouldn’t. So what would compell an IT shop to take on virtualization—or private clouds, for that matter? Getting something better. That includes security.

Dire warnings help sell subscriptions, but telling merely half the story is really a disservice. What most miss is that virtual servers and desktops can be more secure than what’s possible in today’s physical environments.

Huh? How can virtualization do that? By affording IT new control surfaces that can be used to monitor, and even restrict, what goes in and out of each “containerized” OS and application stack. It also enables new ways of securing access to physical resources—independent of traditional OS capabilities and limitations (not to mention complex mixtures of OS versions and types).

That opportunity has not been lost on the folks at RSA. Nor has the need for better securing of complex, dynamic systems with constantly changing relationships and dependencies.

The next post will have Nirav Mehta, Senior Manager of Product Management at RSA, in a video describing RSA’s view on this and how EMC’s security division is participating in EMC IT’s Journey to the Private Cloud.

About the Author: David Freund