Virtualization Security Has Finally Arrived, but a Skills Gap Threatens its Success
September 21, 2012 Leave a comment
- Enterprise IT now has a healthy array of choices for protecting virtual machine-based applications and data
- What’s missing are the IT skills necessary to adequately support security for virtual environments
In the last month it’s become abundantly clear that virtualization security is alive and well, and quickly moving toward mainstream status – at least from the vendor side. Real competition has arrived when it comes to specifically protecting virtualized applications and data, thanks to this year’s serious entry into the growing market by three of the four largest anti-malware providers – Symantec, McAfee, and Kaspersky – along with innovative new startups such as Bromium. (Trend Micro, the third-largest anti-malware provider, has been in the market for a few years now with a very capable contender.) There is now finally a healthy array of host-based anti-malware, encryption, network security and threat management products geared specifically toward securing virtual servers and cloud-based data. That means there are plenty of options to choose from, different approaches to streamlining the resource utilization of scanning, and varying levels of maturity in virtualization security products. Now what’s really needed is education.
IT shops continue to struggle with a skills shortage in security, and that shortage is most pronounced when it comes to information security for virtual servers and cloud computing. Given that skills shortage, when it comes to selecting a hypervisor, it might not be a bad idea to include as part of the evaluation criteria the degree to which the hypervisor supplier supports security in their environments. Does the vendor offer best practices guidelines for securing virtual machines running on their hypervisor? Will the supplier provide security training and certifications specific to virtual server and desktop security? Does the provider have a healthy ecosystem of security technology partners? Can the vendor show you how to achieve regulatory compliance in their virtual server and desktop environments? How much intelligence and automation is built into the security products that support a given hypervisor?
With estimates ranging as high as 60% of computing workloads now being executed on VMs, enterprise IT must begin budgeting for education and training to close this gap in skills. But it also behooves the industry to step up and help to provide that education, and to reduce the complexity through greater levels of automation within their products.