Virtualize Securely - VM Introspection and Automated Security in Action

Johnnie Konstantas

Subscribe to Johnnie Konstantas: eMailAlertsEmail Alerts
Get Johnnie Konstantas: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Cloud Computing, Virtualization Magazine, Cloud Computing Newswire, Secure Cloud Computing

Blog Feed Post

April Cloud Deployments Bring May Flowers

5 Tips To Get Ahead Of Risks

If you’re reading this it’s likely that my mother sent you the link or you are seriously considering a private cloud deployment. Working off the latter, you are understandably worried because Google Alerts is filling your daily inbox with reasons to delay the implementation but operational efficiency trumps punditry so you are putting hand to throat and moving forward nonetheless. This needn’t be the equivalent of Russian roulette with your job. Although standards and reference architectures for cloud computing and security are still evolving, you have a couple of facts in your favor.

First, you are rolling out a private cloud and as such you have control over the platform, infrastructure and applications, versus hybrid-cloud options where those decisions and administrative controls cross business boundaries.

Second, technology to secure private clouds has come a long way — shameless plug warning here — our own software is 3+ years in the market.

So assuming that your private cloud is based on virtualization let’s get to those tips.

  1. Take an inventory of the servers you are going to virtualize. This way when you have migrated you can see how the resources and the applications they are running match up with what your virtual network and security management tools are telling you. By having the mode of comparison you’ll know quickly whether the deltas are anomalous and you will have a baseline from which to monitor VM sprawl and network changes going forward.
  2. Review your security policies. While tools like Altor’s will give you endless possibilities for enforcing access and compliance, you will still need to know what policies you want to define and put in place. A meeting with your VM or security counterparts where the existing corporate policies and access controls policies are reviewed and refined is essential. For starters, the collaboration will end in documentation that you can use to make the most of your virtualization security solution. And since it’s likely that administration of the virtual network will span groups including server and security, the context for doing so will already be in place.
  3. Know your options for virtualization security or virtsec. This is a guideline but the options more or less break out as follow. You can review what your existing networking and security gear can provide. You can review what your virtualization platform vendor has to offer, and/or you can look into purpose-built virtualization and cloud security solutions. If you’re already of the mind that the highest security possible is what you need then purpose built is your only real option. The vendors are easy enough to find. For each vendor, leading analyst firms will have an opinion. Try Gartner, IDC, Nemertes and the good folks at The Virtualization Practice to start. Also most vendors will provide customer case studies and offer up references. Take them up on it.
  4. Talk to your compliance folks. Odd as it may sound you may be virtualizing compliance intense servers and data and not be aware of it – understand which standards and what audit types you may be subject to. The answers to those questions may drive how you architect and segment your virtual network and what kinds of security products you put in place to meet the compliance mandates.
  5. Do a little future proofing. If virtualization is the platform of choice for your private cloud be sure that you aren’t hampering your private cloud’s resiliency and scale by turning off the features that make it so. vMotion, DRS, VM replication, these are good words; they mean self service and ease of provisioning. A good security solution will accommodate them without requiring that you hobble your virtual network’s capacity.

Read the original blog entry...

More Stories By Johnnie Konstantas

Johnnie Konstantas heads Gigamon’s security solutions marketing and business development. With 20+ years in telecommunications, as well as data and cybersecurity, she has done a little bit of everything spanning engineering, product management and marketing for large firms and fledglings.

Most recently, she was the VP of Marketing at Dato, a company pioneering large-scale machine learning. She was also VP Marketing at Altor Networks (acquired by Juniper), an early leader in virtualization security and at Varonis Systems. Past roles have included product management and marketing for Check Point, Neoteris, NetScreen and RedSeal Systems.

Johnnie started her career at Motorola, designing and implementing large-scale cellular infrastructure. She holds a BS in Electrical Engineering from the University of Maryland.