Virtualisation offers a lot of advantages but security must already be built in
- Article 25 of 33
- SC Magazine, February 2011
In an increasingly complex security world, virtualisation promises much - if you build in security from the get-go, says Rob Buckley
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages
Ubiquitous desktop virtualisation still faces problems from licensing, says Raymond. While upfront costs of moving to virtualisation are easy to justify to a board, the ongoing costs "effectively just to use Windows" remain much harder to justify. "It is a cost-saver in the medium term, but the way it is calculated needs to be much more sophisticated," he says.
Virtualisation offers considerable benefits and in the long term will become an ubiquitous enterprise technology. However, simply because it is easy to implement, it doesn't mean that it should be implemented - at least not without considering and mitigating against the security problems it can cause.
Virtualisation, the cloud and consumerisation
Virtualisation may have been around for a long time now, but new trends are making it even more apposite. Cloud computing provides services and additional computing power over the internet, which in a world of virtualised servers means that virtual machines can theoretically be moved into the cloud when necessary, to provide near-limitless scalability. With more people wanting to use their own computers and smartphones for work (aka 'bring your own computer' - or BYOC), the management has the potential to be a nightmare.
"Clever people want the latest technology," says Garry Sidaway, director of security strategy, Integralis. "It is an opportunity to be more efficient and more creative. The question is how you enable that creativity and how you build responsibility."
Desktop virtualisation means that almost any device can become a corporate desktop, all without any data needing to leave the enterprise or software to be installed on the end devices. Law firm SNR Denton used to have a remote access implementation that involved a VPN and a connectivity client, but it was too slow and only supported 50 concurrent connections from official company laptops. Last September, SNR Denton completed a Citrix virtualised desktop implementation that allows for up to 800 concurrent connections. Rikkii Richman, IT service delivery manager at SNR Denton, said it had unexpected bonuses. "People started using their equipment, rather than company laptops. They preferred their own devices." Alan McBride, IT infrastructure project manager, says virtualisation and BYOC have had benefits for the business too. "Before, staff had to get a company laptop by prior arrangement. Obviously, there were risks associated with that and even though we have encryption, we don't want to be losing IP. This negates that."
Chris Jenkins, security business manager at Dimension Data, agrees. "Virtualisation does all of these things very well. Some of the largest partners I work with, including Microsoft and Cisco, have adopted BYOC policies themselves. Employees can buy their own laptops and view their virtual desktop environment on them." However, he warns that companies should not just assume virtualisation means BYOC is risk-free. "If you allow BYOC, you have to ensure that devices are enabled for remote wipe and employees need to sign up to this policy."
Companies such as RES Software provide software that can also restrict access to certain functions for virtual software. Grant Tiller, senior product manager at RES, says its software can make local disks read-only and disallow USB sticks.
Jenkins says that server virtualisation within the cloud is also an option, with certain caveats. "The majority of cloud providers are out of the US, so for organisations based in the UK, there might be different rules and regulations around compliance, such as the 2001 Patriot Act."
Rik Ferguson, senior security advisor, Trend Micro, says it is getting huge interest in its SecureCloud product to avoid the security problems that cloud providers may bring about. "You can provision data to the public cloud in an encrypted format. The virtual machine requests access to the encryption keys you keep, but data is encrypted at all times."
Case Study: Standard Bank
Standard Bank is the largest banking group in Africa and operates in 33 countries, including the UK. It employs 1,000 staff in its London office, the hub from which it manages all of its international operations outside Africa.
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages