We live in a world were security is very top of mind and companies and individuals are going to great lengths to protect their valuable data and assets. One of the trade-offs of having good security is that it tends to be very intrusive, this is just the nature of the job though, you have to examine and keep a very close eye on things to be able to effectively protect them. If you aren’t looking for anything then you’re not going to find anything until it’s too late.
In a computing environment this means you have to have special security applications running in the background to monitor for any malicious behavior or applications that might harm your files and data. This of course requires computing resources that add overhead to your computer which can take away resources and slow down the applications that you use. In a virtual environment this effect is amplified even more, because resources are shared by many VMs, the combined effect of all those VMs trying to protect themselves can really impact performance and steal away your valuable resources.
As a result of this performance vs security dilemma you need to ensure that you use good security products that are designed to to protect virtual environments with minimal impact on performance. To achieve this you need as small a security footprint as possible inside a VM, centralized security management and monitoring along with security tools that can integrate with vSphere using the vShield security APIs as shown below:
- Traditional IT security solutions rely on agents, which are not designed to operate in today’s complex virtual environments
- The agent-based approach to security diminishes the business value of virtualization and complicates management
- Virtualized data centers require a centralized approach that eliminates the need for agents on every VM
The paper helps you understand the challenges with security in a virtual environment, Bitdefender has also published a white paper entitled “Securing the virtual infrastructure without impacting performance” which demonstrates the impact that traditional A/V tools can have in a virtual environment compared to security tools that are optimized for virtualization. An example of the performance impact that they found is shown below:
Most notable is the impact that traditional A/V tools have on CPU which is pretty significant. To help provide the best security in your virtual environment with minimal performance impact I encourage you to give this papers a read and also check out their security tool designed specifically for virtualization, Gravity Zone: Security of Virtualized Environments. Based on competitive performance testing run with Login Virtual Session Indexer, (Login VSI), GravityZone – SVE has the lowest impact on applications running in virtualized environments, when compared to other virtualization security solutions. The net result of this is overall improved performance, increased resource availability and and better ROI on your investment in virtualization.