Gartner Blog Network

Security Observations from Gartner’s Data Center Summit

by Neil MacDonald  |  December 9, 2011  |  1 Comment

I’m just back from Gartner’s US 2011 Data Center Summit held this week in Las Vegas. In my previous post, I talked about information security vendor’s concerns on the potential impact of the Eurozone crisis on information security spending.

Here, I want to outline the top security-related  issues and concerns that I discussed with attendees at the conference:

  • Interest in securing the next-generation virtualized data center remains high with most of the questions focused on the separation of workloads of different trust levels (e.g. PCI, DMZ, dev/test) in virtualized environments. In most cases, this will involve the use of software-based virtualized security controls. Specific to PCI, one attendee indicated their QSA had accepted PCI and non-PCI related workloads on the same physical host without all workloads being considered in scope (in this case, they used externalized physical firewall-based separation).
  • Several attendees asked if I was aware of any publicized incidents of hypervisor breaches. I’m not, but that doesn’t mean that they won’t (or haven’t) happened. The vulnerabilities are there. It will happen, it’s just a matter of time – hackers are quite aware that a successful attack at this layer represents an opportunity to penetrate the entire machine regardless of the security controls within each host.
  • I had several questions on optimizing antimalware scanning in a virtualized environment. Trend Micro has been an early innovator here with its integration with VMware’s vShield Endpoint APIs, but there are other options and approaches, each with pros and cons.
  • In terms of cloud security, most questions revolved around extending enterprise virtualized data centers to public cloud IaaS providers in hybrid scenarios and how to protect this.
  • The second most common cloud security issue discussed was the use of encryption and other approaches to securing data in the cloud. Since cloud isn’t one thing, our approaches to securing data in the cloud will be different at different layers.

It was a great conference with record-setting attendance. It’s clear to me that virtualization, mobilization and cloud computing are transforming the enterprise data center and that information security needs to evolve to support this. Based on the interests from attendees of the conference in information security, I’d say they feel exactly the same way.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: cloud  cloud-security  next-generation-data-center  next-generation-security-infrastructure  virtualization  virtualization-security  

Tags: cloud-security  gartnerdc  hypervisor-security  information-security  next-generation-data-center  next-generation-security-infrastructure  virtualization-security  vshield  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Thoughts on Security Observations from Gartner’s Data Center Summit

  1. Chris Gillan says:


    I enjoyed your post. Very interesting. We’re seeing a new trend where cloud providers are building encryption directly into the fabric of their cloud infrastructures.

    We’re also seeing from our customers that encryption and tighter security is being “designed in” to the new web application stack up front as upposed to being tacked on after the fact. I think this is a good trend, showing that companies are becoming much more proactive, earlier in the planning process.

    -Chris Gillan
    Co-Founder, Gazzang

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.