Cloud computing and virtualization are an abstraction of computer resources. These authors note that the aim of virtual computing is to “improve resource utilization by providing unified integrated operating platform for users and applications based on aggregation of heterogeneous and autonomous resources” (Shengmei et al., 2011, pp. 174-179). Most recently, the use of virtualization and cloud computing have emerged as the best practices for enhancing system security, availability, reliability, cost reduction, and provide the required flexibility in system storage and network. However, Abhishek Ghosh and other authors point out that security challenges still exist in virtualization and cloud computing technologies (Ghosh, 2013, p. 1; Lombardi and Di Pietro, 2009, pp. 1-10).
Virtualization and cloud computing are a part of technological developments that have brought about security challenges with regard to “high-performance networks and complex applications” (McAfee, Inc., 2012, p. 3). One major security challenge with cloud computing is the loss of control among users. At the basic level, clients do not have an idea of the exact spot where their data are in the cloud. These technologies are mobile. This suggests that they are moveable, and service users cannot control these conditions. Data exposure to the network presents further security challenges. In addition, cloud providers also run systems they do not fully comprehend, which present challenges associated with infrastructure as a service. Thus, attacks can happen to both service providers and service users (Lombardi and Di Pietro, 2009, p. 4).
It is possible to secure data in virtualization and cloud computing technologies (McAfee, Inc., 2012, p. 3). Many organizations have adopted virtualization technologies (Grossman, 2009, pp. 23-27). This implies that organizations must enhance their IT security measures. Several security experts believe that virtualization and cloud computing require completely different IT security approaches. McAfee notes that in some cases, network security remains behind as technologies evolve. Thus, new technologies may emerge without systems, which should protect them. For instance, many firewall vendors did not realize that firewall was no longer effective for protecting system ports on its own. Firewall vendors took years to develop new security measures for new products like VoIP.
Therefore, the move to virtualization and cloud computing implies that organizations and security system vendors must rethink IT security approaches for network safety. However, one must recognize that virtualization and cloud computing are not entirely responsible for security challenges in IT infrastructures (Conway and Curry, 2012, pp. 1-10). Past experiences from IT applications have shown that an ineffective IT department has a key role in determining the IT security of an organization. This suggests that any organization that has a weak IT department will not solve its problem if it migrates to virtualization and cloud computing. In fact, the complexity of the system would increase its security challenges (Kaufman, 2009, pp. 61-64).
Software developers will experience different challenges in the product life cycle when developing virtualization and cloud computing technologies (Dillon, Chen & Chang, 2010, pp. 27-33). For instance, they need to understand that cloud computing technologies come “in four primary deployment models, which include public, community, private, and hybrid” (Conway and Curry, 2012, pp. 1-10). The first challenge would be to meet the users’ requirements on time and within the allocated budget. In most software development processes, users may alter several features to meet their requirements or new ideas. This is a major challenge in cloud computing and virtualization. Besides, the need to define clear enterprise architecture through virtualization and cloud computing could be expensive and time-consuming for an organization.
Cloud computing and virtualization are new technologies. Therefore, developments may lack a clear blueprint that indicates the system requirements for evaluation, verification, and testing. In such cases, developers may produce software products, which do not meet user requirements and security threats in network systems.
During product development, it may not be simple to meet security requirements for virtualization and cloud computing. Some reports from NASA indicated that it had several vendors to develop its cloud computing technologies. However, none of the developers was able to meet all IT security requirements and specifications. This experience indicates that cloud computing and virtualization are new technologies, which have overtaken vendors, particularly in the security and safety of users. In some cases, developers may lack a framework and oversight authority to ensure that the product meets its defined requirements.
Recommendation for the secure use of virtualization technology and cloud computing
Organizations must find solutions that can help them to overcome challenges associated with the use of virtualization and cloud computing. In this context, it is advisable for organizations to understand their operations, risks, gains, and opportunities that they can derive from these technologies. This would help them to plan and adopt virtualization and cloud computing with minimal risks.
- They should review virtualization and cloud computing against operating systems and other applications
- Use these technologies based on security specifications and requirements
- Review the product weaknesses
- All virtual machine should be secure
- Locate risky networks
- Initiate safe migration
- Always store encrypted data
- Test the system against potential hacking
Conway, Gerard, and Curry, Edward. (2012). Managing Cloud Computing: A Life-Cycle Approach. Web.
Dillon, T., Chen W., & Chang, E. (2010). Cloud Computing: Issues and Challenges. 24th IEEE International Conference on Advanced Information Networking and Applications (AINA) (pp. 27-33). New York: IEEE.
Ghosh, A. (2013). Security Risks of Virtualization in Data Center. Web.
Grossman, R. (2009). The Case for Cloud Computing. IT Professional, 11(2), 23-27.
Kaufman, L. (2009). Data Security in the World of Cloud Computing. IEEE Security and Privacy, 7(4), 61-64.
Lombardi, F. and Di Pietro, R. (2009). Secure virtualization for cloud computing. Journal of Network and Computer Applications, 1-10. Web.
McAfee, Inc. (2012). Database Security in Virtualization and Cloud Computing Environments: White Paper. Santa Clara, CA: McAfee, Inc.
Shengmei, L., Zhaoji, L., Xiaohua, C., Zhuolin, Y., and Jianyong, C. (2011). Virtualization security for cloud computing service. 2011 International Conference on Cloud and Service Computing (pp. 174-179). New York, NY: IEEE.