IT managers deal with their fair share of security-induced headaches these days. Protecting businesses’ networks from all the potential cyber predators out there can feel a lot like being trapped in a video game, with villains attacking both left and right.
Enter virtualization, which for a while turned heads as a potential antidote to all security ills. And now, we have the cautionary tales of the virtualization panacea turned poison, or at least problematic.
The way I see it, virtualization is still the best way for businesses of all sizes to expand their networks, improve network efficiency, and optimize data security. Nearly every IT function, including storage, networking, computing, and desktop, can benefit from virtualization. But small-to-medium sized businesses especially need to proceed with care and consider the challenges virtualization can manifest.
First, the race to virtualize can lead to hasty decision-making. The systems development lifecycle commands respect, and adhering to its protocols takes time.
Companies seeking to virtualize often specialize their systems, then try to jump immediately to virtual consolidation, skipping the crucial integration phase. This middle step involves developing IT policies that set a framework for incorporating new technology into existing systems and maintaining visibility of all assets that exist on and off the network. Skipping integration is a bit like taking a blindfolded flying leap into shark-infested waters.
Second, virtualization puts businesses at risk of VM sprawl. Unchecked, a virtualized system gives network users the capability to create their own virtual machines. If users do not report their new machines to the IT administrator, the machines go unregistered and unprotected from outside attacks. IT managers can only see virtual machines when users turn them on, so unreported machines can easily go undetected and pose huge network security threats.
So how can businesses ensure virtualization works to their advantage with no added nightmares? Vince Lombardi said it best: “Plan your work and work your plan.”
Following Lombardi’s advice, businesses need to develop and implement sound IT plans. These policies must do three important things:
- Protect security in the broader cloud context.
- Proactively find and manage all assets on the network.
- Generate the data needed to provide a clear view of the business’s complete IT environment.
These tasks require some tech savvy. To virtualize safely, companies need to integrate private and public cloud components. Protecting the whole network demands a forward-thinking security policy that extends to the outer boundaries of the public elements of the cloud, touching anything that could infiltrate the technology infrastructure. Such a plan requires a careful architecture that accommodates network expansion without compromising data protection or risking data loss.
To track the physical and virtual machines that attach to the network, businesses need to require user authentication and have in place well-developed policies and procedures. Additionally, to catch rogue machines that might subvert authentication and roam onto the network, companies need to consider investing in agentless technology to scan their IP address space. Agentless technology exists within businesses’ clouds, eliminating the need for additional security software (which adds another layer of susceptibility to hackers) and the inconvenience of installing homing devices on every machine.
Finally, businesses need to build their IT infrastructures in transparent, organized ways. The combination of physical and virtual machines upon which businesses now rely does not lend itself to a basic IT diagram generated by a Microsoft Visio-like application. IT managers need to know exactly what exists inside the cloud. They need network management systems that prevent the installation of unknown applications, detect the presence of all machines and software, and let them measure and manage their hypervisors independent of the user networks. In other words, the technology must provide a bird’s-eye view of the companies’ entire technology landscapes and allow IT administrators to intervene anywhere within these landscapes without hurting business functionality.
Overcoming the obstacles to safe and effective virtualization may seem cumbersome and daunting, but it simply comes down to forethought. Managing security up-front by implementing the right technology and designing—and adhering to—the right policies is all the process requires.
The key thing to remember is that virtualization is a process, not a race to the finish. Tackling virtualization slowly and carefully, taking the time to create the right technology and policies, sets businesses up for real and virtual success.
Rob Juncker, vice president, technology, is responsible for innovation, product development, product quality and delivery of the IT solutions that Shavlik provides to its customers worldwide. With over 17 years of industry experience, Juncker has published several papers and speaks at events around the world on topics of IT management and online IT community building. Prior to joining Shavlik, he was co-founder and CTO at Gearworks, Inc., where he was the architect of its SaaS-based environment and product offerings. Juncker successfully took the company from creation to over 15,000 customers and interfaced directly with senior level executives at numerous mobile operators worldwide. Prior to Gearworks, he was the software director for Speech/Language Technologies at ViA, Inc., where he was in charge of the software development team and successfully delivered numerous mission-critical applications to Fortune 500 organizations. Juncker holds a BA in computer science and economics from Carleton College.