In a report on this transition, Gartner predicts that by 2015, 40% of security controls in enterprise datacentres will be virtualised, up from less than 5% in 2010.
"For most organisations, virtualisation will provide the foundation and the stepping stone for the evolution to private cloud computing," said Thomas Bittman, analyst at Gartner.
"However, the need for security must not be overlooked or 'bolted on' later during the transition to private cloud computing," he said.
While the fundamental principles of information security remain the same, the way organisations provision and deliver security services must change, said Bittman.
Whether supporting private cloud computing, public cloud computing, or both, security must become adaptive to support a model where workloads are decoupled from the physical hardware underneath and dynamically allocated to a fabric of computing resources, he said.
Security policies that are tied to physical attributes, such as the servers, IP addresses, MAC addresses, and network isolation break down with private cloud computing, said Gartner analyst Neil MacDonald.
"For many organisations, the virtualisation of security controls will provide the foundation to secure private cloud infrastructures, but alone, it will not be enough to create a secure private cloud," he said.
Gartner estimates that by 2015, 70% of organisations will allow server workloads of different trust levels to share the same physical hardware within their own datacentre, except where explicitly prohibited by a regulatory or auditor compliance concern.
According to Gartner, security for private clouds must conform to six attributes: elastic services, programmable infrastructure, policies based on logical attributes, adaptive trust zones, separate configurability, and the ability to federate policies and identity.
This story was first published by Computer Weekly