“Virtualization holds enormous promise as the solution to the cost and complexity of managing security. In addition to a significant reduction in hardware and maintenance costs, as well as energy consumption, security virtualization also provides a flexible architecture that can help companies meet growing bandwidth demands, support cloud computing environments and effectively protect sensitive data from attacks.
But for all the benefits of virtualization, there remain key challenges when it comes to these high-performance, latency-sensitive applications. IT staff are wary about betting too much of their performance- and risk-sensitive IT infrastructure on a still-emerging technology. Also, because fewer people are virtualizing their security infrastructure, there is a general lack of experience—from both the vendors and the users—about the issues involved and know-how about how to solve them.
Securing network traffic in virtualized environments is extremely difficult for IT security staff to enforce and maintain as virtualized applications pass information back and forth and cross virtual “trust boundaries.” In an effort to enforce security policies between virtualized applications, IT staff end up creating virtual machine (VM) sprawl – caused by sets of security VMs for each boundary transition on the same servers – which has the potential to introduce even higher levels of risk to the organization as well as further degrade network performance. In short, IT has inadvertently transferred their problems from managing physical appliance sprawl to managing virtual appliance sprawl.”