Welcome!

Agile Computing Authors: Liz McMillan, Yeshim Deniz, Elizabeth White, Zakia Bouachraoui, Pat Romanski

Related Topics: Agile Computing, Containers Expo Blog, @CloudExpo

Agile Computing: Article

Physical Is Not So Physical in a Virtualized Environment

Things to consider when virtualizing core infrastructure

I recently asked a CIO of a large Fortune 100 company how hard would it be for a person to pull the plug on a backbone switch in his datacenter. His answer was "Very difficult. We have lots of controls in place to ensure that level of access is protected." I then probed further and asked what type of controls he was referring to - card key access, locks on the racks, video cameras? He nodded at each one. I pulled up the virtual infrastructure management client on my computer and demonstrated how easy it is to power off the distributed virtual switch that he was planning to run across his datacenter - essentially, I right-mouse-clicked on the virtual machine (VM) and selected "Power Off." I then asked, simply, "How many people within your organization have access to virtual infrastructure?" He didn't know. This scenario is more common that you might think.

Virtualization is rapidly transforming the datacenter. Organizations are virtualizing servers, networking, and storage systems to create a new, much more dynamic cloud infrastructure. Virtual appliances, introduced by the major hypervisor vendors over the course of the last few years, have become the new form-factor for delivering business services. In the beginning, application vendors offered their solutions as pre-built virtual appliances, primarily to make installation easier; today, we see core infrastructure components - switches, firewalls, and management solutions - delivered as virtual appliances. The trend is accelerating.

The story of the Fortune 100 CIO highlights the issue that physical is not so physical in a virtualized environment. Virtual appliances are simply virtual machines, and for a person with virtual infrastructure access, physical controls do little to prevent harmful actions - like powering off a critical virtual appliance, whether by accident or on purpose. Essentially, the physical controls that prevent tampering with core infrastructure components are easily bypassed when it comes to virtualization since everything can be managed over the network. This has implications with regard to security as well as compliance.

Industry and regulatory initiatives such as PCI DSS and HIPAA require adequate controls be in place to protect private data, such as payment card or patient health information (PHI). Many times, these controls include network security components such as firewalls and intrusion detection systems. When critical controls are virtualized, how do you ensure compliance if they can be manipulated or powered off through the virtualization management layer?

Follow these four guidelines when considering virtual appliances for core infrastructure to avoid being vulnerable:

  1. Determine the policies necessary for virtualized infrastructure components in your environment.
  2. Ensure strict access control and policy enforcement for management of virtual appliances.
  3. Confirm with your assessors what safeguards must be in place around virtualized controls as relates to compliance.
  4. Make sure you have all management operations logged in granular detail for security forensics and compliance.

More Stories By Eric Chiu

Eric Chiu is CEO and founder of HyTrust, an early stage startup focused on secure virtualization management and compliance. He has in-depth knowledge about what’s needed to achieve the same level of operational readiness in virtual, as in physical I.T. infrastructures. Previously Eric served in executive roles at Cemaphore, MailFrontier, mySimon, and was a venture capitalist at Brentwood/Redpoint, Pinnacle, and M&A at Robertson, Stephens and Company.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
SYS-CON Events announced today that IoT Global Network has been named “Media Sponsor” of SYS-CON's @ThingsExpo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. The IoT Global Network is a platform where you can connect with industry experts and network across the IoT community to build the successful IoT business of the future.
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear these words all day every day... lofty goals but how do we make it real? Add to that, that simply put, people don't like change. But what if we could implement and utilize these enterprise tools in a fast and "Non-Disruptive" way, enabling us to glean insights about our business, identify and reduce exposure, risk and liability, and secure business continuity?
DXWorldEXPO LLC announced today that Telecom Reseller has been named "Media Sponsor" of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...