Virtualized security, or security virtualization, refers to security solutions that are software-based and designed to work within a virtualized IT environment. This differs from traditional, hardware-based network security, which is static and runs on devices such as traditional firewalls, routers, and switches.
In contrast to hardware-based security, virtualized security is flexible and dynamic. Instead of being tied to a device, it can be deployed anywhere in the network and is often cloud-based. This is key for virtualized networks, in which operators spin up workloads and applications dynamically; virtualized security allows security services and functions to move around with those dynamically created workloads.
Cloud security considerations (such as isolating multitenant environments in public cloud environments) are also important to virtualized security. The flexibility of virtualized security is helpful for securing hybrid and multi-cloud environments, where data and workloads migrate around a complicated ecosystem involving multiple vendors.
Virtualized security is now effectively necessary to keep up with the complex security demands of a virtualized network, plus it’s more flexible and efficient than traditional physical security. Here are some of its specific benefits:
Virtualized security can take the functions of traditional security hardware appliances (such as firewalls and antivirus protection) and deploy them via software. In addition, virtualized security can also perform additional security functions. These functions are only possible due to the advantages of virtualization, and are designed to address the specific security needs of a virtualized environment.
For example, an enterprise can insert security controls (such as encryption) between the application layer and the underlying infrastructure, or use strategies such as micro-segmentation to reduce the potential attack surface.
Virtualized security can be implemented as an application directly on a bare metal hypervisor (a position it can leverage to provide effective application monitoring) or as a hosted service on a virtual machine. In either case, it can be quickly deployed where it is most effective, unlike physical security, which is tied to a specific device.
The increased complexity of virtualized security can be a challenge for IT, which in turn leads to increased risk. It’s harder to keep track of workloads and applications in a virtualized environment as they migrate across servers, which makes it more difficult to monitor security policies and configurations. And the ease of spinning up virtual machines can also contribute to security holes.
It’s important to note, however, that many of these risks are already present in a virtualized environment, whether security services are virtualized or not. Following enterprise security best practices (such as spinning down virtual machines when they are no longer needed and using automation to keep security policies up to date) can help mitigate such risks.
Traditional physical security is hardware-based, and as a result, it’s inflexible and static. The traditional approach depends on devices deployed at strategic points across a network and is often focused on protecting the network perimeter (as with a traditional firewall). However, the perimeter of a virtualized, cloud-based network is necessarily porous and workloads and applications are dynamically created, increasing the potential attack surface.
Traditional security also relies heavily upon port and protocol filtering, an approach that’s ineffective in a virtualized environment where addresses and ports are assigned dynamically. In such an environment, traditional hardware-based security is not enough; a cloud-based network requires virtualized security that can move around the network along with workloads and applications.
There are many features and types of virtualized security, encompassing network security, application security, and cloud security. Some virtualized security technologies are essentially updated, virtualized versions of traditional security technology (such as next-generation firewalls). Others are innovative new technologies that are built into the very fabric of the virtualized network.
Some common types of virtualized security features include: