In a report on this transition, Gartner predicts that by 2015, 40% of security controls in enterprise datacenters will be virtualized, up from less than 5% in 2010.
"For most organizations, virtualization will provide the foundation and the stepping stone for the evolution to private cloud computing," said Thomas Bittman, analyst at Gartner.
"However, the need for security must not be overlooked or 'bolted on' later during the transition to private cloud computing," he said.
While the fundamental principles of information security remain the same, the way organizations provision and deliver security services must change, said Bittman.
Whether supporting private cloud computing, public cloud computing, or both, security must become adaptive to support a model where workloads are decoupled from the physical hardware underneath and dynamically allocated to a fabric of computing resources, he said.
Security policies that are tied to physical attributes, such as the servers, IP addresses, MAC addresses, and network isolation break down with private cloud computing, said Gartner analyst Neil MacDonald.
"For many organizations, the virtualization of security controls will provide the foundation to secure private cloud infrastructures, but alone, it will not be enough to create a secure private cloud," he said.
Gartner estimates that by 2015, 70% of organizations will allow server workloads of different trust levels to share the same physical hardware within their own datacenter, except where explicitly prohibited by a regulatory or auditor compliance concern.
According to Gartner, security for private clouds must conform to six attributes: elastic services, programmable infrastructure, policies based on logical attributes, adaptive trust zones, separate configurability, and the ability to federate policies and identity.
This story was first published by Computer Weekly