In my daily conversations with clients on virtualization security, one of the issues that we frequently discuss is whether or not they need virtualized security controls like firewalls and intrusion prevention systems to isolate and inspect traffic between virtual machines.
One line of reasoning goes like this: If the workloads in the VMs have similar trust levels, we don’t need these controls between VMs because we don’t have these types of controls between servers of similar trust levels in our physical environments.
While this is true, it assumes that we merely want to replicate what we have done in the physical world in the virtual world. In physical environments, we sprinkle security controls here and there in part because we constrained by the cost and physical limitations of physical appliances. But, what if you could deploy security controls like firewalls and IPSs with a push of a button in the form of software-based appliances? What if a virtualized security control was a tenth or a hundredth of the cost of the physical appliance-based physical control it replaced?
Virtualization offers us a clean slate — a chance to do things differently. Radically differently.
We’ve ended up with today’s security architectures where the limitations and costs of physical controls played a major factor in their placement. Virtualization changes the cost economics and lowers barriers to deployment and adoption. Security architectures will absolutely change — and improve — as a result.
Ask yourself – if firewalls and IPSs were essentially free and could be deployed anywhere they were needed at little or no incremental cost, would you change how you secure your infrastructure?
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.