Jul 05, 2011

How does Virtualization help server and data security?

In a recent interview with the former CTO of Citrix, it was reported that virtualization's greatest benefit is to provide better security. How can this be? Is it because there are fewer physical servers to worry about?

A school of thought is that by lowering costs of software/database security software that it would become more accessible to SME's. If it is offered by a cloud provider, the costs of licensing, updates, and patching will be handled by the provider and thus distributed across many customers. Global corporations probably would not see this aspect but could benefit from the lower costs and perhaps add more(?). Try



Every server has to be "hardened" for facing the public on the internet, a process of running all the security patches from Microsoft, Apple, or the Linux community, as well as the updates for all the 3rd-party software that runs on them. So migrating several physical servers to virtual machines that run on fewer hardware servers admittedly adds one layer of complexity. However, if you're going to put forth the effort to do this migration, you'll likely have one or more IT professionals going through each server to make sure it's up-to-date. Traditional servers have a tendency to not be as well-maintained as virtual servers because the physical locations for a server may be disparate and spread throughout a wide geographic territory. But since virtual servers will exist in fewer locations by definition, it's more convenient for the server administrator to check in on the servers to make sure they're running fine and are up-to-date. So from a simple point of view, it makes sense that Virtual servers will be more secure because they're running on fewer and more similar hardware boxes, because they're easier to be reached by the people who have to service them, and because they're likely to get a lot of attention from IT professionals through the migration process.


The article did not discuss whatever other things that Citrix' former CTO is doing with his new venture, which we'll likely read about when they actually come to market with a finished product.

Answer this