Compliance in a virtual world

A corporate development VP discusses the benefits and dangers of virtualization and the enterprise.

With Kurt Johnson, corporate development VP at Courion Corp.

Question: Virtualization is expected to be huge this year, from what we've read. What is it about virtualization that makes it so popular?

Johnson: Virtualization is all about the ability to deliver any application or data to anybody at any time over any device. This is what it is all about. Mobile workers need access more than ever to critical apps. Sometimes they may be working in their office on a desktop, sometimes on a laptop in a hotel room, sometimes on a home PC, and sometimes over a PDA. Virtualization delivers the applications more efficiently to enable this type of "anytime access." In addition, it can be extremely costly for IT organizations to deliver this by installing client software on every device. It could also create huge network bandwidth issues. Virtualization not only enables this access, but does so in a far more inexpensive manner and without bogging down network performance.

Question: Doesn't it raise compliance or security issues similar to those brought to light when the mobile and home-based workforces first began to emerge?

Johnson: Yes it does. The key to virtualization is ensuring that anybody can access applications and data any time, anywhere and over any device. The key is controlling whether these users should be able to access this information. One common aspect of compliance and security is making sure organizations have the proper controls in place so users can only access what they should. The focus is putting in place policies and procedures to ensure users only have access to the applications and data that they should based on their job or role in the organization. This task is only further complicated with virtualization. Any time you make it easier for users to access critical data and applications, it raises the need to ensure only the right users are accessing that information.

Question: How should companies plan to address these issues while maintaining the benefit of virtualized environments?

Johnson: These concerns should never inhibit organizations from taking advantage of the business requirements that virtualization offers. The key is to ensure policies are in place to control this access and that they are being enforced. One great way to do this is via automated provisioning that puts control in the hands of line of business managers to give them the ability to create access only where appropriate and for appropriate individuals. It is also important that there are periodic checks of users' access to make sure it is in line with corporate policy. ... This is the key -- to create policy, enforce policy, validate that policy is being followed, and remediate anything out of sync with policy.

This 3 Questions originally appeared in a weekly report from IT Business Edge.

Dig Deeper on Network virtualization technology and services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.