Virtualisation has moved beyond hype to a reality. Within the next few years, every company will have some - if not all - of its data and applications in the virtual realm. Which raises several new security challenges.
A VIRTUAL SNOWBALL
Virtualisation adoption is growing phenomenally. IDC predicts the virtualisation services market will grow from $5.5 billion in 2006 to $11.7 billion in 2011. Deloitte reports that cloud computing activity is picking up across EMEA as companies emerge from the recession.
"In the fourth quarter of 2009, IDC observed a number of signs of an upturn in the server virtualisation marketplace," said Nathaniel Martinez, programme director, IDC EMEA Systems and Infrastructure Solutions. "The availability of CPU upgrades and corporate mandates for their IT infrastructure to go `virtual` prompted many organisations to initiate long delayed technology refreshes. IDC believes that server virtualisation will play a pivotal role in transforming large and medium organisations` hardware infrastructure so that it operates at a level of efficiency that is more in line with the demands of current economic environments in EMEA."
In a World Wide Worx survey, commissioned by MTN Business late last year, 58% of 200 corporate IT decision-makers and managers were already using cloud computing services, and 63% virtualisation. According to Citrix, SA`s virtualisation market spend is expected to grow by nearly 19% this year.
In November last year, VMware, Cisco and EMCÂ launched the VCE (Virtual Computing Environment) coalition in the US to meet customer needs in the areas of virtualisation and private cloud computing.
Business Connexion told ITWeb it is so positive about the coming uptake of virtualisation in SA that it launched the VCE in SA to meet growing demand from companies to deploy virtualisation and cloud computing solutions quickly and cost-effectively.
Craig Hockley, GM for the Data Centre Solutions at Dimension Data, said the Cisco, EMC and VMware alliance was a significant one. "Cisco, traditionally a networking vendor and one with which Dimension Data was inextricably linked since our inception, has introduced server and unified computing models that are shaping our go-to-market. Add the storage technologies of EMC and the virtualisation software from VMware to Cisco`s `game-breaker` solutions; the result is a complete approach that converges the server, network and storage elements of the data centre."
Hockley describes the transformation currently taking place in the data centre as "astounding".
"We`re rapidly seeing the data centre transform from a physical to a virtual paradigm," says Hockley.
"Right now, maybe 20% of data centres in this country are virtualised; with the interest the market is showing and the increased number of reference sites and success stories, backed by proven solutions from these key vendors, expect that to go to 605 or 80% in the very near future."
This step towards internal virtualisation is a precursor to "Internet scale" cloud computing - virtualisation on a massive scale, Hockley says.
Local service providers are gearing up to ride this wave. For example, MTN Business recently launched its server virtualisation solution, with Edwin Thompson, GM of Infrastructure and Technology at MTN Business, saying: "Justifying the adoption of a virtual server solution to our customers is almost unnecessary, considering the topics of virtualisation and cloud computing hit the headlines in 2009, and market trends and opinions indicate that it`s certainly not just hype."
Despite the uptake of virtualisation models, Gartner reports that through 2012, 60% of virtualised servers will be less secure than the physical servers they replace. Although Gartner expects this figure to fall to 30% by the end of 2015, analysts warn that many virtualisation deployment projects are being undertaken without involving the information security team in the initial architecture and planning stages.
Security concerns are holding some companies back. Art Coviello, president of RSA, the security division of EMC, said at the recent RSA Conference 2010 that 51% of CIOs cite security as their greatest concern around cloud computing. Security, availability and performance are still among CIOs` top concerns when it comes to computing in the cloud - whether that cloud is private or shared. Symantec reported in its 2010 State of IT Security report that new initiatives such as infrastructure as a service, platform as a service, server virtualisation, endpoint virtualisation, and software as a service, are making security provision more difficult.
Virtualisation in itself is not necessarily insecure. However, the virtual realm requires as much security planning as any other, and moving critical data into the public domain does raise new legal and security issues, warn the experts.
"Virtualisation is not inherently insecure," said Neil MacDonald, VP and Gartner fellow. "However, most virtualised workloads are being deployed insecurely. This is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."
PROS AND CONS
Cloud computing and virtualisation offer benefits like cost-effectiveness, scalability and greater workforce mobility.
Virtualisation technology, said Gartner, unlocks cloud computing, where resources can be shared as needed. A private cloud can maximise efficiencies within an organisation, a public cloud can allow for software as a service to be delivered, and a hybrid cloud can allow for the best of both worlds. Samresh Ramjith, Dimension Data`s GM for security solutions, says it can bring with it massive commercial benefits. The key, he says, is to choose the right cloud computing partners and exercise due care and diligence in the process.
For one thing, he says, companies need to choose a partner with a good track record and sound financial state. If the host goes bankrupt and shuts down, the hosted content could be lost. A distributed denial of service attack on the host servers could leave companies without access to critical data for a period. A hack into the host`s servers could compromise critical confidential information. And, depending on where the data is actually being hosted, your information could be subject to the laws of a different country. It could even contravene those laws.
For example, Ramjith notes there are strict laws on sharing of information on nuclear programmes in the US. So information on a local nuclear bed reactor, for example, might fall foul of laws in the US if that content is hosted on a server based in the US. Governance, risk and compliance are also crucial factors to consider. If data is hosted in the cloud, will you be able to find it whenever you`re required to produce it, and will the necessary audit trails be intact?
Ramjith adds that encryption isn`t necessarily the answer to keeping data safe in the cloud either, since keys exist for all commercial encryption. "Who will hold the keys to your encryption?" he asks.
"Consider the value of your data and decide whether you want to put it in a private, public or hybrid cloud, depending on how critical it is to your business."
Art Coviello says the industry should work towards facilitating private cloud infrastructures that are secure, compliant and governed in a way that provides confidentiality, integrity and availability of information. He outlined what RSA sees as the four, well-defined stages on the journey to the private cloud:
Initial adoption of virtualisation to consolidate non-mission critical infrastructure, like test and development systems as well as low risk applications. It compels the enterprise to become adept with the tools of virtualisation and to begin the process of "hardening" the virtual infrastructure.
Virtualise critical business applications and ensure the organisation maintains the same level of visibility to the state of compliance in the virtual environment to the physical infrastructure.
Develop internal clouds and operate their information infrastructure as a utility consisting of a fully virtualised and automated data centre where application workloads are policy- and service-level driven.
Outsource infrastructure to external service providers. This phase requires careful selection of service providers based on their demonstrated ability to "enforce policy, prove compliance and manage multi-tenancy".
"If we can get security built into the virtual infrastructure from the get-go, we can not only have visibility and manageability but risk decision points and controls everywhere. In short, the cloud will turn the way we deliver security inside out. And information security will enable cloud computing to take full advantage of the Internet, turning our current IT models inside out as well. This means we can deliver new waves of efficiency, agility and collaboration for organisations of all sizes," Coviello said.
The good news is that companies are acting fairly quickly on identifying and mitigating the security risks associated with virtualisation and cloud computing. Many are also moving cautiously into the cloud, taking less critical data there first, before trusting it with critical information. So, by the time companies are ready to move their entire computing environment into the virtual realm, the major security issues should have been addressed.
|
Post a comment
|
Login.
Business Best Practise
