Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

Security Observations from Gartner’s Data Center Summit

by Neil MacDonald  |  December 9, 2011  |  1 Comment

I’m just back from Gartner’s US 2011 Data Center Summit held this week in Las Vegas. In my previous post, I talked about information security vendor’s concerns on the potential impact of the Eurozone crisis on information security spending.

Here, I want to outline the top security-related  issues and concerns that I discussed with attendees at the conference:

  • Interest in securing the next-generation virtualized data center remains high with most of the questions focused on the separation of workloads of different trust levels (e.g. PCI, DMZ, dev/test) in virtualized environments. In most cases, this will involve the use of software-based virtualized security controls. Specific to PCI, one attendee indicated their QSA had accepted PCI and non-PCI related workloads on the same physical host without all workloads being considered in scope (in this case, they used externalized physical firewall-based separation).
  • Several attendees asked if I was aware of any publicized incidents of hypervisor breaches. I’m not, but that doesn’t mean that they won’t (or haven’t) happened. The vulnerabilities are there. It will happen, it’s just a matter of time – hackers are quite aware that a successful attack at this layer represents an opportunity to penetrate the entire machine regardless of the security controls within each host.
  • I had several questions on optimizing antimalware scanning in a virtualized environment. Trend Micro has been an early innovator here with its integration with VMware’s vShield Endpoint APIs, but there are other options and approaches, each with pros and cons.
  • In terms of cloud security, most questions revolved around extending enterprise virtualized data centers to public cloud IaaS providers in hybrid scenarios and how to protect this.
  • The second most common cloud security issue discussed was the use of encryption and other approaches to securing data in the cloud. Since cloud isn’t one thing, our approaches to securing data in the cloud will be different at different layers.

It was a great conference with record-setting attendance. It’s clear to me that virtualization, mobilization and cloud computing are transforming the enterprise data center and that information security needs to evolve to support this. Based on the interests from attendees of the conference in information security, I’d say they feel exactly the same way.

1 Comment »

Category: Cloud Cloud Security Next-generation Data Center Next-generation Security Infrastructure Virtualization Virtualization Security     Tags: , , , , , , ,

1 response so far ↓

  • 1 Chris Gillan   December 9, 2011 at 4:10 pm

    Neil-

    I enjoyed your post. Very interesting. We’re seeing a new trend where cloud providers are building encryption directly into the fabric of their cloud infrastructures.

    We’re also seeing from our customers that encryption and tighter security is being “designed in” to the new web application stack up front as upposed to being tacked on after the fact. I think this is a good trend, showing that companies are becoming much more proactive, earlier in the planning process.

    -Chris Gillan
    Co-Founder, Gazzang