Forrester Research released this week a new Technology Adoption Profile (TAP) report on Virtual Security in the Data Center. The research report, which was commissioned by Cisco, asked enterprise data center owners how they were currently addressing security and compliance issues on their virtual applications, and how they anticipate incorporating new technology going forward.
There were a number of very revealing insights that the market research showed:
- Security and compliance concerns are still the biggest obstacle to virtualizing key applications, with performance and quality of service guarantees also being prominent.
- Server virtualization is increasing to a wider variety of mission-critical and compliance-oriented applications, exposing the limitations of traditional hardware-oriented security solutions that are not designed for virtual workloads.
- The majority of new investment in data center security solutions is going towards virtual security solutions such as Cisco’s Virtual Security Gateway for Nexus 1000V, and the ASA 1000V Cloud Firewall.
- While existing security appliances are used to protect client traffic into the data center, virtualization-aware security solutions are required for the rapidly growing east-west traffic between virtual applications, and for multi-tenant scenarios in public and private cloud deployments.
A senior network engineer at a European telecom operator interviewed for the report indicated, “We secure the network architecture today using a hardware firewall that we have already implemented. But we see that this kind of solution needs to be changed and migrated.” The limitations organizations are running up against involve policies that require VM’s to be isolated from each other even if they are running on the same server or hypervisor (whether they are separate tenants or applications at varying compliance levels). And existing security appliances don’t adequately account for VM mobility and do not easily scale as workload capacity expands, undermining many of the benefits of virtualization.
The organizations surveyed indicated they would be investing in virtual firewalls going forward as they were reaching the limits of leveraging existing appliance-based solutions. This varied from putting a virtual firewall into each server or hypervisors, to planning on sharing a virtual firewall running on a separate server (or appliance) between several applications (and relying on the virtual switch to steer traffic to the virtual firewall). These results reflect what Cisco has been seeing with our own customers’ deployments of VSG and the Nexus 1000V. While firewall security services were still the most common requirement today, there is a growing need for both virtual VPN and intrusion prevention services for virtual applications.
We’d like to send out a special thanks to the good folks over at Forrester Research who we worked with on this project (particularly John Kindervag), who gathered the market data and analyzed the market trends of how quickly customers were adopting these virtualization-aware security solutions in their data center.