Virtual insanity

When Jamiroquai released their acid jazz smash Virtual Insanity in 1996, the concept of virtualisation was in its infancy and VMware hadn't even been founded.

Almost 20 years on, and virtualisation has taken the world by storm.

But although an estimated two-thirds of server workloads were virtualised as of 2013, it seems the security most companies use to protect their infrastructure is stuck in the same mid-90s time warp as Jamiroquai singer Jay Kay's taste in hats.

"The crux of it is that customers who rely on their traditional security - anti-malware, traditional firewalls, IPS solutions - it's not fit for purpose when it comes to securing instances in virtual environments, especially where they are looking at hybrid environments," said James Walker, UK solutions consultant at Trend Micro.

Traditional firewalls were set up to capture traffic coming in and going out, meaning they are ill suited for the virtual world, where most traffic goes from east to west, said Alan Ryan, director of security at integrator MTI.

"One of the benefits of the virtual world is I can move my virtual machines around - or the machine can itself. To have that slowed down or even stopped by a legacy security vendor - that takes some of the benefit away," he said.

"If you look at VMware NSX with Trend Micro, that's about as automated and transparent as it's going to get. The policies are set, they are in there, I can spin up a machine, it's going to pick up its security policy, I can move that VM around and I'm maintaining that security stance all the way through."

Ryan earmarked helping customers get up to speed on security virtualisation as a top-three security priority for MTI.

"Number one for us is privileged account management - because every hack is going to involve an escalation of privileges somewhere," he said.

"But the next one down is security virtualisation. The architecture of the old physical world isn't fit for purpose for the new virtual world."

Some 80 per cent of organisations still employ software and services designed to protect physical servers despite having moved to a virtual server estate, according to research last year from CRN sister publication Computing.

Graham Brown, managing director of reseller Gyrocom, said adoption of security virtualisation techniques such as micro segmentation is at an early stage.

While the traditional technique of putting a perimeter gateway firewall around your firm is akin to a "castle" model, micro segmentation is more like the security inside a hotel, where each user has their own room key, he said.

"Our view is that traditional security - the sort of hierarchical model where you're feeding everything into a single gateway - causes limitations within a virtual environment. But the recent advances in technology, with the likes of VMware NSX, allow organisations to address that head-on," Brown (pictured) said.

"As an organisation, we are very much promoting the micro-segmentation approach. If you look at Trend Micro, it integrates into micro segmentation. Their product, as well as quite a few of the other leading security propositions, allows you to apply their security products in a distributed way and leverage what VMware NSX brings to the party."

A lot of end users make do with their traditional perimeter defences for virtual or hybrid environments because they are not aware there is a better alternative, added Ryan.

"They understand it's a pain but aren't necessarily aware of the solutions out there," he said. "You could be doing something in an operational way in your home or life until someone comes in and says ‘hey, there's a better way of doing it'. From my own personal experience, I used to cut and paste all the time on spreadsheets until someone showed me pivot tables - I wasted 10 years of my life!"

Walker at Trend Micro agreed: "Partners need to be making sure their customers are getting the best from the investments they have made in the virtual infrastructure they've sold to them," he said.