Contributed article by Jim Freeze, chief marketing officer, Crossbeam Systems
Virtualization 2010 Predictions by Crossbeam Systems
Virtualization holds enormous promise as the solution to the cost and complexity of managing security. In addition to a significant reduction in hardware and maintenance costs, as well as energy consumption, security virtualization also provides a flexible architecture that can help companies meet growing bandwidth demands, support cloud computing environments and effectively protect sensitive data from attacks.
But for all the benefits of virtualization, there remain key challenges when it comes to these high-performance, latency-sensitive applications. IT staff are wary about betting too much of their performance- and risk-sensitive IT infrastructure on a still-emerging technology. Also, because fewer people are virtualizing their security infrastructure, there is a general lack of experience—from both the vendors and the users—about the issues involved and know-how about how to solve them.
Securing network traffic in virtualized environments is extremely difficult for IT security staff to enforce and maintain as virtualized applications pass information back and forth and cross virtual "trust boundaries." In an effort to enforce security policies between virtualized applications, IT staff end up creating virtual machine (VM) sprawl – caused by sets of security VMs for each boundary transition on the same servers – which has the potential to introduce even higher levels of risk to the organization as well as further degrade network performance. In short, IT has inadvertently transferred their problems from managing physical appliance sprawl to managing virtual appliance sprawl.
2010 will be a turning point year for security virtualization. If 2009 proved VM sprawl to be the key roadblock to widespread adoption of security virtualization, 2010 will be the year that viable solutions to the problem will be offered. Virtualization vendors are taking heed, and many are now working to develop (or just released) solutions that address the unique flexibility, scalability and performance requirements of latency-sensitive security applications. For instance, Crossbeam’s solution is to separate the network security infrastructure from the application server infrastructure via its X-Series security platform, enabling customers to consolidate and virtualize multiple security applications together on a single managed system. By creating a security "cloud" outside the virtualized application cloud, IT staff can apply policy-based security services without exponential virtual-machine sprawl.
Likewise, for the IT personnel who have ventured into security virtualization—and thus, felt the brunt of problems related to VM Sprawl— 2010 will be a major leap forward in terms of understanding the issues they will actually face. For instance, security risk levels typically change as data crosses segments or as applications communicate with each other, regardless of the physical hardware on which the VMs are running. When this occurs, traffic must be exposed to the appropriate security services and in the correct sequence (i.e. service chaining) for each boundary crossing. Therefore, security solutions must have flexible infrastructure capabilities to secure traffic as boundaries change, yet still maintain high throughput, high connection rates and low latency.
IT staff are beginning to ask the right questions of their vendors, as opposed to just switching over from a physical appliance to a virtual appliance. They want to know, how will the solution enable them to reap the benefits of a consolidated, virtualized security infrastructure, while also maintaining their unique security policies and performance demands?
If virtualization providers are able to solve the challenges of latency-sensitive security applications in 2010, the door will open in terms of realizing virtualization’s full promise for dynamic, real-time infrastructures.
About the Author
Jim Freeze, chief marketing officer, Crossbeam Systems
With more than 20 years of executive management experience in strategic marketing, sales, business development, product management and product marketing, Jim Freeze is a veteran within the network infrastructure, communications and security space. Prior to Crossbeam, Jim was senior vice president for marketing and alliances at BelAir Networks, and served as chief marketing officer at 3Com and Genuity.