With the myriad cases of cyber-theft and security breaches that headline the news every day, it’s no wonder that system improvements are taking a back seat to security items within most IT organizations. While many vendors highlight new products or features as being better, cheaper, and/or faster, those items are having limited success compared to those that address being secure.
From an IT budget and resource perspective, making the decision to focus on cyber-theft prevention or security projects isn’t difficult: no CIO wants their company name associated with a major security breach and its downstream effects. As a result, this forces priority for security projects. While it is impossible for an enterprise to be 100% secure, getting as close as possible is the goal of every organization.
Some industries are more diligent about addressing security concerns than others. Of course, healthcare and finance immediately come to mind as ones that are tightly regulated and highly focused on data security. Unfortunately, every reader has likely received a letter from a healthcare provider or financial institution indicating that there has been a breach or a potential breach of data. While the information explaining the events leading up to the breach may be interesting, the fact is that your personal data may have fallen into the wrong hands. Hindsight is always 20/20, and the only course of action is to remedy the problem that allowed the breach and attempt to limit the downstream damage.
Picture an IT organization that is preparing to upgrade its virtualization infrastructure in order to take advantage of new features. Whether the upgrade includes a new hypervisor release or a new VDI version, the benefit is largely along the lines of better, cheaper, and/or faster. But then a potential security breach is discovered within the infrastructure, and “all hands on deck” are diverted to addressing that concern; better, cheaper, or faster sits on the back burner.
From a technology perspective, we’ve come to expect better, cheaper, and/or faster, but there is still a “so what?” void in terms of urgency. While better user experience, service improvement, and saving money are important, IT budget and resources are quickly prioritized elsewhere in favor of security requirements.
Surprisingly, many IT vendors haven’t jumped on the security bandwagon. Whether vendors claim their products address requirements for better, cheaper, or faster, the resultant call to action is minimal compared to that for security products. However, security isn’t limited to keeping data in exactly the right place: it encompasses access and monitoring as well. Within a virtualization infrastructure, controlling who can access what data, as well as how, when, and where, is important from a security perspective. Ask any information security or security architecture professional about the feasibility of incorporating a new product into the infrastructure, and one of the first questions will relate to documentation and reporting. Further, industry and technical audits often demand extensive documentation. There are quite a few new product announcements that neither focus directly on security, nor highlight their relevance with regard to access or documentation.
Monitoring solutions, for example, enable better a better user experience and cheaper support costs, because troubleshooting is more easily facilitated and issue resolution is faster, but what about security? Most people don’t think of monitoring products as security enablers, but with a breadth of reports and detailed data related to user access, they can be. For example, eG Innovations clearly understands the value-add of security, compliance and forensics tracking, but many vendors can’t clearly articulate this.
Let’s face it: the cybercriminals and hackers are focused on finding ways to steal identities, money, and information. They devote a tremendous amount of time and talent to drilling a virtual hole in the security on your infrastructure.
Where new virtualization products can combine better, cheaper, and/or faster in addition to tighter security, that’s a home run. As an industry analyst, I can say that many products are presented that address better, cheaper, and/or faster but totally miss the mark with regard to security, even if they actually have features that enable security. While vendors that stretch the technical aspects of the products in their marketing may be shunned, there are many that have real security features that aren’t presented.
As the excitement for Citrix Synergy, VMworld, and BriForum heats up, many vendors are determining their approach. Let’s hope that they can tell us what their new products do from a security perspective as well as how they are better, cheaper, and/or faster.