May 2010
Addressing the most common Security Risks in Datacenter Virtualization projects

Industry experts are calling it the dynamic datacenter. You’ve already seen server virtualization take a firm foothold in your datacenter. And now you’ll need to redefine your datacenter once again to prepare for hosted virtual desktops and private and public clouds. In a new Gartner Research Note, analyst Neil MacDonald offers expert advice on how to avoid the security pitfalls that are plaguing many enterprises.

Source: Gartner Research Note, Neil MacDonald

Customer Speak “[Trend Micro Data Loss Prevention] has given us peace of mind without taking up much of our time. It’s been very straightforward—we set up our own custom policies and defined open, semi-confidential, and highly classified levels of protection for our engineering drawings and documents.”

Survey data from Gartner conferences in late 2009 indicated that about 40% of virtualization deployment projects were undertaken without involving the information security team in the initial architecture and planning stages — an improvement from the same survey a year earlier where 50% indicated that they didn't proactively involve information security. Typically, the operations teams will argue that nothing has really changed — they already have skills and processes to secure workloads, OSs and the hardware underneath. While true, this argument ignores the new layer of software in the form of a hypervisor and virtual machine monitor (VMM) that is introduced when workloads are virtualized.

"Virtualization is not inherently insecure. However, most virtualized workloads are being deployed insecurely."

- Neil MacDonald, VP & Gartner Fellow

The argument also ignores other concerns, such as the potential loss of separation of duties (SOD) and workload segregation that may be undermined in a virtualized environment. In many cases, additional tools aren't necessary, and simply updating existing processes is all that is needed. In other cases, additional tools or training may be required. Ideally, all of these needs would be identified proactively, so that, where changes to processes or training or additional or updated tools are needed, funding from the server consolidation project is still available.

»  Click to find out how to address Security Risks in Data Center Virtualization Projects
Solutions for privacy, disclosure and encryption
“Enterprises are faced with addressing several common compliance requirements across multiple geographies and industries. These include protecting confidential data in common usage scenarios, notifying relevant parties when this data is disclosed, and securing this information with data loss prevention and encryption technologies. Factors—such as finding accurate, usable, and cost-effective solutions to meet these requirements—can make the difference between achieving compliance goals and leaving the organization vulnerable to data loss and non-compliance.”

»  Learn more about solutions designed to help organizations meet their compliance requirements

THREAT UPDATE
 
The Evolution of Botnets
Understanding USB Malware
March 2010 Threat Roundup
Other Articles
 
The Growing Importance of E-Discovery to Your Business
Need for Greater Web Security
Mobile Data is at High Risk: Learn how to stop data loss from laptops and PCs
Blog Articles
 
PDF Exploit Becomes a Little More Sophisticated
ZeuS/ZBOT Tries Out File Infection
Fake IT Email Notification Spreads Malicious PDF

What our Customers Say

"It was very important that Trend Micro™ InterScan™ Messaging Security was certified as VMware Ready. Within our organization's virtualization initiatives, deploying a virtual appliance provided lower total cost of ownership and ease of management compared to our previous hardware appliance solution."

-- Mark L. Smith
Network Administrator
Ochsner Health System

“Our virtualization efforts are helping us reduce the total cost of ownership for our servers…Trend Micro InterScan Web Security Virtual Appliance product is a good solution in this environment, helping us to achieve our security goals and also take advantage of the cost savings and other benefits of virtualization.”

-- Dmitriy Patrin
Chief Information Security Officer
Far Eastern Branches,
Russian Railways
Copyright © 2010 Trend Micro Incorporated. All rights reserved.