Keeping an eye on the contents of a virtual machine is akin to sending the kids to the playroom. When it’s quiet, you start to get nervous. You wonder, is everything OK? Every once in a while, you need to open the door to see what’s going on in there.
That’s how I once heard Byron Blocker of the Government Printing Office describe the challenge of monitoring a virtualized data center.
Blocker’s comment stuck with me. In many ways, managing a roomful of servers in a federal data center can be like wrangling a roomful of children — each child is seemingly simple yet terribly complex and so vitally dear that you must establish extreme safety precautions to care for them.
The government’s continuing adoption of virtualization at its data centers only ups the ante because — as the IT officials in our cover story, “The Real Deal,” point out — virtualized environments require new monitoring approaches to ensure the security of the government’s data stores.
Agencies have three approaches that they can mix and match: Use the tools that come with their VM applications, tune up existing network monitors to spot questionable use patterns, and add new scanning applications primed for virtual setups.
None of the data center chiefs our writer talked to consider security challenges a reason to avoid virtualization, but they suggest that agencies consolidating to VMs plan for security before they begin their projects so they can provide sufficient network monitoring once they virtualize.
The before-not-after approach to security applies to all IT. And it’s pretty hard to go anywhere in government and not hear feds talking about security if they are remotely involved with technology in any way.
The cool part is that the folks charged with IT security are also talking more to one another and looking at security across the enterprise of interconnected federal systems. “The relationships are getting better every day,” says Mischel Kwon who, as director of the U.S. Computer Emergency Readiness Team, spends a large part of her time talking with IT and systems security officials in and outside of government.
Agencies really have little choice but to work together more and to focus on protecting data versus systems, says Patrick Howard, the Nuclear Regulatory Commission’s chief information security officer. “We’re so interconnected that we’re all exposed.”
To read about security management best practices and what you can do to protect data assets, flip to “Into the Light”
In this issue of FedTech, you can find more help with both virtualization and security: Get tips on protecting mobile users; learn about Hyper-V virtualization in Microsoft Windows Server 2008; and pick up best practices on network access control.
What’s more, we hope that you will be inspired by how feds just like you face the challenges of serving the mission by taking advantage of technology and looking toward what’s on the horizon.
Vanessa Jo Roberts