Meeting the top 3 CIO Strategies
Melissa Stevens 270005B76W MELISSAS@US.IBM.COM | | Tags:  ibmsecurity security
0 Comments | 2,602 Visits
This post was contributed by Richard Mayo,World Wide Product Marketing Manager - Tivoli Endpoint Manager.
In the 2011 IBM CIO survey, virtualization and cloud both ranked in the top 4 “Most Important Visionary Plan Elements” with the interest in cloud almost doubling from 2009 to 2011. In a recent Gartner CIO survey, I thought it was also interesting to see the CIOs ranking of their top 3 IT strategies. This year number 1 was delivering business solutions, number 2 was reducing IT costs and 3 was developing or managing a flexible infrastructure. With virtualization and cloud computing, customers can certainly make their infrastructures more flexible, reduce cost and provide a platform for quickly delivering business solutions. The survey went on to state that the 30% of tier 1 workloads that are virtualized today will grow to 45% by the end of 2013. However, this means that to get the flexible infrastructure they desire that more and more workloads will be virtualized and more virtual images will be created which has implications for IT in managing and securing these virtual images. Of course a lot of customers believe they will have a nice homogenous VM environment to manage which will help make the problems more manageable. However, as time goes on I tend to think this will not be the case (read my recent post, Hypervisors on the Patio, to find out why).
As customers face managing the growing number of virtual machines, the first order of business will be discovering, analyzing and consolidating all these virtual images into a unified library. This will involve finding existing images in various image libraries across your infrastructure, analyzing them for duplicates and hopefully greatly reducing the duplicate images, (which if left unchecked can negate the cost savings of virtualization). Once you have your virtual house in order, the next issue is maintaining compliance (avoiding those nasty virtual machine drift issues, which can sink your cost savings) while maintaining patch compliance across all these virtual machines to maintain security. There is also the issue of offline virtual machines that may be offline for weeks or months, especially in test environments. You need to insure that these offline VMs can be brought online in a secure environment and patched before being used. As you can see, while virtualization and cloud computing can deliver the benefits that CIOs are demanding, the proper management of the environment is critical to achieving these objectives and maintaining security.
For more information on meeting these challenges, you can read Simplify security management in the cloud, which discusses delivering and securing virtual and cloud services. There is also a great article that looks at some of the new capabilities in this area: Building a Smarter Cloud: Automatic Security Assessment and Provisioning.
Connect with IBM Security on Twitter @IBMSecurity.