Virtualisation delivers data protection, says security expert

The technology is now beginning to deliver on that promise as suppliers announce products with a clear implementation of wider, more finely grained data controls, Baize said.

Enterprises are becoming more comfortable with virtualisation, noted Baize, who is also senior director of the product security office at RSA, the security division of EMC.

But, he said, increasingly security-aware enterprises are now demanding greater visibility of what is happening in the virtual environment.

Virtual desktops are a good example of how virtualisation can already provide a greater level of security, Baize told Computer Weekly.

Virtualisation enables IT departments to maintain a consistent configuration and patch levels. Virtualisation can also isolate corporate workloads from the rest of the desktop, he said.

According to Baize, this is especially useful as a growing number of employees are buying their own laptops for combined work and private use.

EMC is planning to roll out virtual desktops to all employees so they can run and isolate their work environments on any PC or laptop computer, he said.

Because it is largely enabled by virtualisation, cloud computing can provide greater clarity of where virtual workloads are at any given moment. They can also shed light on compliance with internal or external policies or regulations.

"The latest virtualisation products are designed to enable CIOs to manage compliance across physical, virtual and cloud computing environment," said Baize.

After giving the enterprise greater visibility of the virtual environment, the next step was giving the enterprise greater control over workloads, he said.

Baize cites as an example, Intel's work with VMWare and EMC to tie virtual machine workloads with specific hardware.

This means businesses can now define policies to restrict workloads involving sensitive data to hardware located in the European Union to comply with regional data protection directives.

"It is an important step forward to be able to work across physical, virtual and cloud environments because we are likely to see them co-existing for quite a while," said Baize.

All new investment by business organisations is likely to focus on technologies that will remain relevant in a cloud computing environment, he added.

This is particularly true of security, as it becomes part of the cloud and virtualisation budget because of the increased number of critical applications moving into these environments.

Rather than being an afterthought, security will become increasingly integrated into future technology planning and investment alongside compliance and risk management, according to Baize.

"Visibility into risk is important and will remain highly necessary in the cloud," he said.

This story was first published by Computer Weekly

What’s hot on Infosecurity Magazine?