But, on the other hand, the company could position virtual routers and firewalls in the cloud, avoiding the inefficiency of routing traffic through the data center. "That is where we are seeing a lot of interest," Tuchler says.
Challenges of Virtualized Security: Managing VMs, Avoiding Resource Constraints
While virtualized security isn't necessarily an onerous burden, the complexity involved will vary. "It depends on each individual scenario," says Maria Horton, CEO of EmeSec, an information assurance and cybersecurity firm based in Reston, Va.
Horton says one particular challenge in virtual security is keeping tabs on the migration of virtual machines and virtual apps among servers or data centers. She says customers who want to monitor configurations, as well as ongoing changes to those settings, will find that process difficult if they don't know exactly where their applications and data reside.
"Configuration management is a big deal, so we can monitor and see where we are," Horton says. "If we don't know where the data is, how would we know if it is compromised?"
Hill points to another concern: The problem of patching software is somewhat increased in a virtual environment. A single virtual host on a single virtual machine results in two operating systems that require patching and updating, he says.
"That is a small increase in complexity," Hill adds, "but we already find that some organizations do not apply patches in a timely manner to all of their physical security appliances. The problem may be exacerbated when many virtual machines are hosted on a single physical machine."
His advice for organizations securing virtual networks, then, is to combine the old with the new. "I have the same recommendation I would have for a physical deployment: Keep it simple to make it easier to manage-and be aware of the few extra oddities involved in virtual environments."
Sign up for CIO Asia eNewsletters.