Red Hat 블로그
I’ve previously discussed how modernizing virtualization can help you get things done faster and save you time and money. In this post I focus on today’s issues surrounding security issues or features and compliance. How can you use modernizing virtualization as a means to help stay safer and in control--while following the rules laid down by government and regulators?
Today, information security must adapt to a changing landscape. Whether it’s providing customers and partners with access to certain systems and data or allowing employees to use their own smartphones and laptops, there is no longer a single perimeter. Both regulatory compliance and the sheer intensity and sophistication of cyber-attacks further require an IT security strategy that runs deeper and is more multi-faceted than the traditional norm in most organizations.
A virtualization modernization strategy can help you address a number of security and compliance challenges.
Organizations need to pay increasingly close attention to the compliance ramifications of infrastructures that are increasingly shared with partners and others--or at least need to exchange information in more secure ways.
For example, the Payment Card Industry (PCI) Data Security Standard (DSS) continues to mature and require more stringent enforcement of its requirements. In general, centralized, policy-driven management provides a strong base for segregation of data and applications, proper application of security controls, and support more stringent operational monitoring requirements.
Red Hat CloudForms helps you gain control of a virtualization environment, whether dedicated or shared. It provides robust mechanisms for cloud infrastructure with advanced virtualization management controls, private or hybrid cloud management capabilities, and operational visibility. This includes aggregate logging capabilities that let you segregate, log, and allocate resources by user, group, location, or other attributes. Among other benefits, this helps you to find systems that are out of compliance so that you can take quick remedial action.
As with all aspects of datacenter operations, automation is a key aspect of operating a modern virtualized environment. It can reduce the amount of sysadmin work that is required. However, it’s also a way to document processes and reduce error-prone manual procedures. Human error is consistently cited as a major cause of security breaches and outages.(1)
Automation is especially relevant when systems must be repeatedly configured in a way that meets specific security and compliance standards, such as the aforementioned PCI-DSS.Red Hat CloudForms provides automated provisioning and management while also monitoring for configuration drift and remediating as needed. In this series of posts, I have focused on the three pragmatic areas of value associated with modernizing virtualization that are top of mind for many IT leaders we speak with. While new technologies and approaches like IoT, mobile, containers, and microservices grab a lot of the press, simply improving the efficiency of existing virtualization infrastructures can unlock significant value. And, in the process, you can simultaneously start to build a foundation for adopting those new technologies and approaches in the future.
Learn more about making your infrastructure investments work for you with Red Hat
1 For example, Joel Dolisey writes in InformationWeek that “While there's a lot of hype about hacking and DDoS attacks, the reality is most network outages are caused by an organization’s own people.” http://www.networkcomputing.com/networking/how-avoid-network-outages-go…
About the authors
Gordon Haff is a technology evangelist and has been at Red Hat for more than 10 years. Prior to Red Hat, as an IT industry analyst, Gordon wrote hundreds of research notes, was frequently quoted in publications such as The New York Times on a wide range of IT topics, and advised clients on product and marketing strategies.
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies.