Securing virtualisation may reinforce business growth

Small: Security services can provide a business boost via the channel

Information security has often been an afterthought, only deployed when vulnerabilities appear. Today, it’s a central component in business innovation, underpinning initiatives and driving cost efficiencies and profit. This means more opportunities for the channel.

Security has often lagged behind the deployment of new technologies. As a result, IT professionals are often engaged in fire-fighting technology flaws rather than using their skills to drive a business forward.

This is one reason why point solutions have typically been used when security needs arise. While point solutions have served companies well and still have a role, they often increase complexity, send costs higher and provide only a temporary fix. However, today customers are increasingly seeking integrated solutions that not only manage risk but also improve business agility.

The right type of security can help organisations carry out business in the right way. Supply chains, for example, can be extended by allowing a third-party direct access to networks or vice versa, which not only provides the business with an enormous fillip but can also slash costs.

There’s no need, for example, to have a department dedicated to dealing with stakeholders and partners; manning phones, managing accounts or sifting through files.

Identity federation and trust services can unify and simplify identity and access management across the organisation and between business partners. This provides the end-user with a seamless cross-domain internet experience through single sign-on.

Organisations are virtualising their systems and infrastructure, in part to reduce total cost of ownership and improve quality of service of IT systems. This means you can consolidate critical services and sensitive data once scattered around.

Not only are the security issues with networked systems applicable to virtual machines (VMs), but virtualisation platforms and guest virtual machines introduce fresh security threats.

An extra layer of protection for virtualisation platforms must identify administrators properly and enforce the principle of least privilege. This should protect virtualised infrastructure at multiple levels: operating systems hosting a hypervisor, operating systems implementing operating system-based virtualisation, privileged partitions managing hypervisor-based virtualisation, and the critical resources in VMs running on all of the above.

Orphan accounts – accounts that remain live long after they are used – can increase vulnerability. For example, if a new person needs to be hooked up to the network, an HR-linked database may trigger an automated request for a supervisor to confirm that person’s addition. A new account and new access rights may be created automatically.

When HR records are altered to reflect someone’s departure, the account should be closed, avoiding the inadvertent creation of orphan accounts. Proper protection for virtualisation platforms can achieve this.

While the melding of security with business drivers is overdue, the economic conditions are now accelerating this dynamic. Information security is becoming central to the growth of new business. And it also signals the emergence of new opportunities, from which the channel might profit.

Mike Small is principal security management consultant at CA