The security systems of businesses must "evolve" as they move from virtualised data centres towards private cloud infrastructures, according to analysts at Gartner.
Gartner predicts that by 2015, 40 percent of the security controls used within enterprise data centres will be virtualised, up from less than five percent in 2010.
"For most organisations, virtualisation will provide the foundation and the stepping-stone for the evolution to private cloud computing," said Gartner analyst Thomas Bittman. "However, the need for security must not be overlooked or 'bolted on' later during the transition to private cloud computing."
Bittman said "significant changes" will be required in how security is delivered. Whether supporting private cloud computing, public cloud computing, or both, security must become "adaptive" to support a model where workloads are "decoupled" from the physical hardware underneath, and "dynamically allocated to a fabric of computing resources", he said.
Fellow Gartner analyst Neil MacDonald said, "Policies tied to physical attributes, such as the server, internet protocol (IP) address, media access control (MAC) address or where physical host separation is used to provide isolation, break down with private cloud computing."
MacDonald said, "For many organisations, the virtualisation of security controls will provide the foundation to secure private cloud infrastructures, but alone, it will not be enough to create a secure private cloud."
To support secure private cloud computing, Gartner said security must include the following characteristics:
-It must be an integral, but a separately configurable part of the private cloud fabric
-Designed as a set of on-demand, elastic and programmable services
-Configured by policies tied to logical attributes to create "adaptive trust zones" capable of separating multiple tenants
Additional information on private cloud computing will be discussed at the Gartner Data Centre & IT Operations Summit in London on 22-23 November.
This story, "Gartner: Private cloud security must be built in from the start" was originally published by Computerworld UK.