You can’t start an IT conversation these days without someone bringing up the word virtualization. That magic word promises higher resource utilization, cost reduction, improvements in operational uptime and business continuity, and improved carbon footprint, to name a few.
Yet many of the companies that have the most to gain from virtualization – enterprises with large data centers and demanding applications – have yet to realize its benefits. Many of the current flavors of virtualization simply cannot support the network performance and uptime requirements of these high-uptime environments – which is one of the biggest concerns with security virtualization.
So what is different about security virtualization?
When it comes to security – virtualization has unique demands. Without fail, it must be able to help companies dynamically adapt to capacity fluctuations in the event of an attack or sudden surges in traffic. It must also incorporate a degree of intelligence at the network level that can help companies manage their security infrastructure and apply the right combination of security services depending upon the type of traffic being routed. Finally, it must be able to do all these things without impinging on the performance required for mission-critical operations and data center management. These are key issues in the security space that aren’t so important when it comes to storage virtualization.
Additionally, because not all assets and communications present the same level of risk, security virtualization needs to take into account how each company defines and enforces its security and compliance policies. Thus, it must be flexible and change according the company’s policies.
In order to meet these unique demands for security, companies must virtualize both the network infrastructure and the applications running on it.
The two types of security virtualization
At this point in time, application virtualization is fairly well understood by most IT professionals. Companies simply virtualize an application instance, perhaps a firewall, and apply it on-demand. This is, of course, the first step in any virtualization process because it treats a set of processing modules as a pool of resources that can be drawn upon as needed. Many security vendors now offer virtualized forms of their security products.
But when it comes to security, there is an additional challenge. In the traditional, non-virtualized environment, companies address their security issues by deploying special-purpose appliances, built to run the standard collection of security services such as firewalls, content gateways and IDS devices. Connecting this spread of appliances is an attendant mass of additional switching equipment, patch cabling and load balancers. This phenomenon, known as appliance sprawl, has lead to extraordinarily complex data center architectures that are consuming precious physical resources, adding to power bills and creating difficulties in fault diagnosis.
To solve this issue requires another level of virtualization – that of the network infrastructure. This type of virtualization combines software and specialized hardware to collapse entire infrastructure segments onto a single platform.
Companies need to ensure that applications running on virtual machines in one device correctly sequence communications – consistent with the company’s security policy – with applications running on other virtual machines or other physical devices in the network. This requires intelligent hardware that can route the traffic properly between applications at switch-like latency.
For companies that have ventured down this road, the benefits of security virtualization have been abundant. One financial services company reduced the number of devices used for its firewall defense and intrusion detection system (IDS) from 70 to seven. Moreover, in this new virtualized environment, this company can dynamically and intelligently manage capacity and apply the right combination of security applications in the event of an attack or change in the environment. With less hardware, software and accompanying licenses to procure and manage, they were able to achieve significant annual operational savings, achieving two times ROI within three years.
With a dramatic drop in the number of devices to manage, reduction in costs and elimination of infrastructure management hassles, IT managers are eager to take advantage of security virtualization.
Crossbeam Systems is exhibiting at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th – 29th April in its new venue Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk