This week, CPI and leading security vendor Trend Micro brought together CIOs and IT managers across two verticals – oil and gas, and government – to discuss the pitfalls of virtualisation and how they could better secure their journey to a virtualised environment.
“We started virtualising early and have almost 80% of our servers virtualised right now. We are currently using a managed security solution for this virtualised environment. However, we are always interested in understanding what else the market has to offer in terms of virtualised security solutions,” said Ayman Al-Issa, information security section lead at the Abu Dhabi Marine Operating Company (ADMA).
Being one of the more mature users with virtualisation at the oil and gas roundtable, Al-Issa gave valuable inputs to the other IT managers on how they could plan, design, choose, implement and manage the right security solution in their virtualised environments.
Al-Issa also pointed out that with new technologies like virtualisation, and especially when it comes to security within that implementation, it is essential for every IT decision maker to do research.
“CIOs and IT managers have to do their homework when it comes to virtualisation and security. Solutions might have high performance metrics, and they might work great in certain environments, but if you have not done your homework and you do not understand how it might fit in your organisation, then you have not done your project justice,” he stated.
“We are currently looking at virtualisation and trying to understand how it can be implemented to help us function better in our organisation. We are trying to plan on security from day one, and not just look at it as an addition, to ensure that our environment starts out secure and remains secure,” said Manoj Stanley, IT administrator at Bin Hamoodah’s GASOS.
Oil and gas IT decision makers also encouraged security vendors like Trend Micro to look into areas of industrial security, specifically touching upon areas that cover data collection, transportation and analysis from oil rigs, and produce more focused and specialised solutions addressing the specific needs.
End-users gathered at the government roundtable echoed their peers in the oil and gas roundtable, and even entered into a heated debate on whether virtualisation and cloud computing can be counted as new technologies and if they could prove beneficial for every organisation.
“Virtualisation can potentially offer benefits. However, I believe an organisation has to reach a certain level of maturity in order to consider the technology. If an organisation’s current infrastructure is giving it regular RoI, and it has a problem with getting increased capex budgets or trained manpower to handle virtualisation, then it should probably not invest in the technology just yet,” stated Ramdas Sunkari, head of IT at UAE’s Ministry of Higher Education and Scientific Research.
“We are currently planning on a massive infrastructure project for Khalifa Port and this will involve virtualisation. Being a Greenfield project, we are planning and designing now to get every aspect of it right and to ensure that we get RoI on our investments the right way,” stated Taha Al Hasmi, IT manager at Abu Dhabi Terminals.
While all of them agreed that virtualisation can prove beneficial in the long run, the end-users were also concerned about the on-the-ground challenges they were facing, especially with regards to training. They stated that due to internal policies and guidelines, they were curtailed from taking training initiatives as and when required, and believed that this could be an issue when they embarked on a virtualisation journey.
Peter Craig, EMEA product manager for Trend Micro stated that IT managers should look at virtualisation in a step-by-step fashion. “Organisations should move non-critical apps to a virtualised environment first, and then the more mission-critical ones. This will give them adequate time to build-up skills in existing IT personnel. This might prove to be a pragmatic approach and will lead to better benefits,” he stated.
Craig also spoke at length about Trend Micro’s virtualisation security product – Deep Security – and how it can help end-users in the UAE handle their virtualised environment and ensure that all of their virtual machines (VMs) operate securely and at optimal performance levels.
“The solution is tightly integrated and specially designed for VMWare ESX/ESXi environments and it addresses both active and dormant VMs. Deep Security combines intrusion detection and prevention, firewall, integrity monitoring, log inspection, and agentless anti-malware capabilities to helps prevent data breaches and ensure business continuity. This dynamic, centrally managed solution also supports compliance with important standards and regulations such as PCI, FISMA, and HIPAA,” said Craig.
Craig also said that Trend Micro is looking at increased integration with Microsoft’s Hyper-V also going forward, and it was a part of the plans for the product roadmap.
At the end of the roundtables, CIOs from both oil and gas, and government entities requested vendors providing virtualisation and security solutions to work on increased integration, and offer more solutions that are easily inter-operable with each other.
They also expressed interest in better, cost-effective training and people development offerings that could be tailored to fit their needs.
“Vendors should also be ready to offer consultation and even perform proof-of-concepts – free of cost if possible – such that users in the region can understand the potential benefits easily and better. This will help us approach our management with benefits in a more effective fashion, and ensure that we have the right budgets in place to ensure that we invest right, for the right virtualised environment,” concluded Sunkari.