Virtualisation brings enormous benefits to organisations everywhere, fundamentally altering the way in which they do business. It’s not a new concept, of course, but we are now seeing it being applied across areas that go way beyond simply machines and hosts.
Let’s look first at the virtualised world itself and its adoption among organisations: Enterprises are now operating at around 50-55% virtualisation in their data centres, with the goal of taking that to 90% or even higher. It’s a huge opportunity and a massive challenge, especially when it comes to security; because security has always struggled to keep up in the virtualised environment.
Generally speaking, there is a ‘tax’ to be paid when you put security into such an environment and usually that tax relates to performance – everything tends to run much slower. The upshot is that you no longer have the capacity you want and need – which runs counter to the whole point of having virtualisation in the first place. You want to be able to make things happen instantly in business time, rather than IT time.
For Symantec, security within the data centre is critical, especially as today’s threats become more advanced and more sophisticated every day. The ideal solution is to automate all of the security in the virtual environment, so it is integrated into the fabric of the virtual network itself – which is precisely what Symantec is doing today: enabling businesses to embed and apply their security policies directly within that fabric.
Compare this to a fairly typical scenario where you have, say, a physical server and 10 virtual machines. When you introduce security to that set-up, you get a significant drop in performance – anything up to 25-40% – because you have to scan all of the machines’ files to detect any potential issues. However, when you actually embed your security at the hypervisor, rather than inside each virtual machine (or workload) you get much better performance, but can still operate a different security policy for different machines that follows each of those machines right across its lifecycle. So, wherever that machine functions, wherever you move it to, the security protecting it is always ‘instant on’.
Beyond that, you can create a policy whereby you understand exactly what is required of your server and then lock it down, so it only does what it needs to do. Take a cash machine, for instance. Here, you can pre-programme it by turning off everything other than the need to dispense money – a process that is also known as ‘hardening’.
Apply this to any server and you prepare a ‘whitelist’ that disables whatever it doesn’t need to do, so it isn’t constantly searching for an infinite number of ‘bad things’ that could happen. Instead, you narrow the list down to 7-8 things that you need to watch out for. That means, if a new zero-day attack surfaces, for example, it doesn’t even come into play as far as your virtualised data centre is concerned, because your server isn’t trying to perform actions outside of the list. It has been locked down to known good behaviour.
This is what Symantec’s solutions offer, which raises the question: Why aren’t more organisations operating in this way?