While attending VMWorld this past summer, I found myself sitting outside a restaurant waiting for a colleague when a fellow attendee sat down beside me. After about 5 minutes had passed, he pointed to my attendee badge and asked me which company I was with. I explained to him that I was attending to get some more insight into how virtualization has affected traditional security, and that I was learning how to bridge the knowledge gap between virtualization specialists and security specialists. It turns out that he was a virtualization administrator, working for a significant US company that had strict security policies.
This is the first time I found myself starting a dialogue that would repeat many times over during the next few months. It starts like this:
“As an infrastructure guy, I am measured against keeping our virtualized environment afloat and optimized. Unfortunately, I also have to adhere to our corporate security policies, and this means that an instance of anti-x is installed on every single one of my VMs. I have several thousand VMs running at the same time, and guess what happens when there is a virus scan?”
Yes, the dreaded Anti-X Storm. Killer of Hypervisors.
This is one of the most common issues I run up against. How do you balance the requirements for security (absolutely important) and the optimization of virtual environments, let alone, how do you get the Infrastructure guys even talking to the Security guys? That is the basic premise for this blog, and the underlying goal of most of the conversations I have. In order to maximize the benefits of virtualization or cloud environments there must be stronger integration between the two teams. There also needs to be an open dialogue when it comes to projects that involve either team in order to ensure alignment of corporate objectives and avoid a potential conflict of priorities.