Virtualization Security Has Finally Arrived, but a Skills Gap Threatens its Success

Paula Musich

Paula Musich

Summary Bullets:

  • Enterprise IT now has a healthy array of choices for protecting virtual machine-based applications and data
  • What’s missing are the IT skills necessary to adequately support security for virtual environments

In the last month it’s become abundantly clear that virtualization security is alive and well, and quickly moving toward mainstream status – at least from the vendor side.  Real competition has arrived when it comes to specifically protecting virtualized applications and data, thanks to this year’s serious entry into the growing market by three of the four largest anti-malware providers – Symantec, McAfee, and Kaspersky – along with innovative new startups such as Bromium. (Trend Micro, the third-largest anti-malware provider, has been in the market for a few years now with a very capable contender.)  There is now finally a healthy array of host-based anti-malware, encryption, network security and threat management products geared specifically toward securing virtual servers and cloud-based data. That means there are plenty of options to choose from, different approaches to streamlining the resource utilization of scanning, and varying levels of maturity in virtualization security products. Now what’s really needed is education. 

IT shops continue to struggle with a skills shortage in security, and that shortage is most pronounced when it comes to information security for virtual servers and cloud computing. Given that skills shortage, when it comes to selecting a hypervisor, it might not be a bad idea to include as part of the evaluation criteria the degree to which the hypervisor supplier supports security in their environments.  Does the vendor offer best practices guidelines for securing virtual machines running on their hypervisor?  Will the supplier provide security training and certifications specific to virtual server and desktop security?  Does the provider have a healthy ecosystem of security technology partners?  Can the vendor show you how to achieve regulatory compliance in their virtual server and desktop environments?  How much intelligence and automation is built into the security products that support a given hypervisor?

With estimates ranging as high as 60% of computing workloads now being executed on VMs, enterprise IT must begin budgeting for education and training to close this gap in skills.  But it also behooves the industry to step up and help to provide that education, and to reduce the complexity through greater levels of automation within their products.

About Paula Musich
Paula brings 20 years of experience in the networking technology and management markets to Current Analysis clients. As Senior Analyst for Enterprise Network and Security, Paula is responsible for tracking and analyzing the evolving technological and competitive developments in the threat management segments of the information security market. Paula is responsible for coverage of the Anti-X, IPS, DLP, secure messaging, and Web security markets. In addition, she covers major technological, strategic and tactical developments in the enterprise networking market.

What do you think?

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: