What do Virtualization and Cloud executives think about 2011? Find out in this VMblog.com series exclusive.
Contributed Article By Eric Chiu, president & CEO, HyTrust
2011 Predictions for the Cloud
Whether you want to call it virtualization or private cloud, enterprises are rapidly transforming their datacenters to take advantage of the ROI benefits that cloud computing brings. Already in 2010, we saw the number of virtual machines outnumber physical systems not running virtualization. Gartner predicts that by 2012, over 50% of IT workloads will be virtualized.
However, even with such strong ROI and other benefits, virtualization adoption is stalled in many enterprises. Why is this happening with all the strong momentum?
Two words: Security. Compliance.
Compliance and security are the top two critical enablers in expanding the use of virtualization and cloud adoption. There are three primary reasons for this: maturity of enterprise environments; standards bodies releasing updates (e.g. PCI); and, security team involvement and expertise in virtualization.
First, regarding maturity, it is broadly known that many organizations are adopting a "virtualize first" policy. They are attempting to move rapidly from 30% to 70% virtualized. This explosion of virtualization will involve mission-critical data and compliance-regulated workloads that all heighten the demand for solid security. In addition, many enterprises are looking to implement multi-tenant, private clouds; however, there are vastly different security needs for different types of applications as well as lines of business, each requiring additional controls and visibility.
Second, standards bodies, which have traditionally been slow to release virtualization- and cloud computing-related requirements or updates, are finally getting on the ball. For example, until October of this year, PCI SSC (Payment Card Industry Security Standards Council) did not explicitly allow virtualization at all. The PCI council recently released an updated--DSS (Data Security Standards) 2.0--which finally publicly allowed for system components to be either virtualized or physical. The hypervisor and all the people and processes involved are now in-scope for PCI. Therefore, companies (retail, financial, government, health, etc.) must now ensure that their virtual environments meet PCI given that the new requirements go into effect in 2011.
Third and finally, most enterprises have been virtualizing without much involvement on the part of the security team. This has worked out okay within test & development environments and for tier 3 applications, however as companies virtualize more, mission-critical data and applications will be involved and the security team must get in the game at every level. Before this can happen, security has to develop the expertise and knowledge around virtualization to help drive the necessary requirements for the enterprise.
This confluence of events is now creating the perfect storm. Compliance, in particular, is becoming a major inhibitor to cloud computing. Without addressing compliance and security upfront, many companies are being forced to put their cloud efforts on hold until the issues are addressed.
For these reasons (and more), compliance and security will become critical areas of focus in 2011.
About the Author
Eric Chiu is CEO and founder of HyTrust, a company focused on virtualization control, security, management and compliance. He has in-depth knowledge about what's needed to achieve the same level of operational readiness in virtual as in physical I.T. infrastructures. Previously Eric served in executive roles at Cemaphore, MailFrontier, mySimon, and was a venture capitalist at Brentwood/Redpoint, Pinnacle, and M&A at Robertson, Stephens and Company.