Welcome!

Artificial Intelligence Authors: Yeshim Deniz, Liz McMillan, William Schmarzo, Pat Romanski, Rene Buest

Related Topics: Artificial Intelligence, Containers Expo Blog

Artificial Intelligence: Article

The Machine Is Now the Data . . . How Does That Affect Compliance?

Five questions that CIOs should ask virtualization vendors as it relates to compliance

In IT terms, virtualization is cool. The rewards include cost savings, agility, and flexibility. Enterprises reap the benefits of virtualization through a much more efficient use of IT personnel and resources, faster delivery time of applications, higher availability/service levels, and additional capabilities such as high availability and disaster recovery. No wonder data centers worldwide are being transformed by going virtual.

Now for the bad news: there are definitely serious drawbacks, especially around compliance. If you think about virtualization, the hypervisor is now the lowest part of the stack, existing below the operating system and application. The virtual infrastructure is also a platform, which provides a lot of management functionality, as well as capabilities that historically used to require physical data center access (migrate virtual machine, reconfigure virtual network, copy/snapshot virtual machine). Therefore, companies that are subject to compliance regulations need to ensure that the virtual infrastructure meets compliance standards. For example, strict role-based access control needs to be enforced at the virtualization level, and detailed audit logs need to be mandated.

In addition, virtualization creates a much more dynamic environment with a much higher rate of change. For example, with live migration, a virtual machine can be moved from one physical host to another instantaneously. With DRS (Dynamic Resource Scheduler), live migrations can be set to happen automatically for load balancing - for a company running DRS, a typical VM could move three to four times a day. Of course, the new "dynamicism" and much higher rates of change means that organizations need to find different ways to map and enforce policy around their IT environments. Monolithic mappings and central database policy management systems can't keep up with such a fluid environment.

With virtualization - for the first time - the machine becomes the data. A server that used to be thought of as a physical box is now a flat file that can be copied, moved around, accessed, and exported. This presents at least two major problems for, say, multinational conglomerates. The first is data security - given that the VM is now portable, someone can copy or snapshot a VM, take it home and run it on any hypervisor. The second - and often more overlooked - problem is that because of portability, many multinationals are potentially in violation of export control laws and tightly coupled compliance regulations like Sarbanes-Oxley.

Export control laws have strict mandates around the ability to export technologies and systems. These apply not only to products being sold internationally but also to internal technologies and systems. Therefore, any foreign subsidiary is under the mandate of export control laws, and companies need to pay strict attention to what is moving internationally between offices.

This was a lot easier in the physical server world - moving a system from a data center in the U.S. to one in, say, France meant putting it in a box and calling the shipper. With virtualization, the machine is now considered data and can be copied easily across WAN connections.

With that in mind, here are the five questions that CIOs should ask virtualization vendors as it relates to compliance:

  • Visibility/Reporting: What does each vendor provide to give me a continuous - summary and in-depth - look at my environment?
  • Isolation: What are the vendors providing to enable isolation and proof?
  • Access Management: What levels of control are provided for adequate role separation and access management to the virtual infrastructure for management and user access? How granular is the logging?
  • Portability control: Which controls are provided to limit who can snapshot and make copies of virtual machines, and where they can be copied, moved or archived?
  • Automation: What is available to enable automated configuration and patch management?

At the end of the day, the ideal is to guarantee that you are not breaking any laws when you run virtualized data centers.

More Stories By Eric Chiu

Eric Chiu is CEO and founder of HyTrust, an early stage startup focused on secure virtualization management and compliance. He has in-depth knowledge about what’s needed to achieve the same level of operational readiness in virtual, as in physical I.T. infrastructures. Previously Eric served in executive roles at Cemaphore, MailFrontier, mySimon, and was a venture capitalist at Brentwood/Redpoint, Pinnacle, and M&A at Robertson, Stephens and Company.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
SYS-CON Events announced today that Calligo, an innovative cloud service provider offering mid-sized companies the highest levels of data privacy and security, has been named "Bronze Sponsor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Calligo offers unparalleled application performance guarantees, commercial flexibility and a personalised support service from its globally located cloud plat...
"We provide IoT solutions. We provide the most compatible solutions for many applications. Our solutions are industry agnostic and also protocol agnostic," explained Richard Han, Head of Sales and Marketing and Engineering at Systena America, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
"The Striim platform is a full end-to-end streaming integration and analytics platform that is middleware that covers a lot of different use cases," explained Steve Wilkes, Founder and CTO at Striim, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
"We've been engaging with a lot of customers including Panasonic, we've been involved with Cisco and now we're working with the U.S. government - the Department of Homeland Security," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are focused on SAP running in the clouds, to make this super easy because we believe in the tremendous value of those powerful worlds - SAP and the cloud," explained Frank Stienhans, CTO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
DX World EXPO, LLC., a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
"MobiDev is a Ukraine-based software development company. We do mobile development, and we're specialists in that. But we do full stack software development for entrepreneurs, for emerging companies, and for enterprise ventures," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
While the focus and objectives of IoT initiatives are many and diverse, they all share a few common attributes, and one of those is the network. Commonly, that network includes the Internet, over which there isn't any real control for performance and availability. Or is there? The current state of the art for Big Data analytics, as applied to network telemetry, offers new opportunities for improving and assuring operational integrity. In his session at @ThingsExpo, Jim Frey, Vice President of S...
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
In his opening keynote at 20th Cloud Expo, Michael Maximilien, Research Scientist, Architect, and Engineer at IBM, discussed the full potential of the cloud and social data requires artificial intelligence. By mixing Cloud Foundry and the rich set of Watson services, IBM's Bluemix is the best cloud operating system for enterprises today, providing rapid development and deployment of applications that can take advantage of the rich catalog of Watson services to help drive insights from the vast t...
SYS-CON Events announced today that EnterpriseTech has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. EnterpriseTech is a professional resource for news and intelligence covering the migration of high-end technologies into the enterprise and business-IT industry, with a special focus on high-tech solutions in new product development, workload management, increased effic...
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
SYS-CON Events announced today that Cloud Academy named "Bronze Sponsor" of 21st International Cloud Expo which will take place October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara, CA. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud com...
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and ...
SYS-CON Events announced today that CHEETAH Training & Innovation will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CHEETAH Training & Innovation is a cloud consulting and IT training firm specializing in improving clients cloud strategies and infrastructures for medium to large companies.
SYS-CON Events announced today that Datanami has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datanami is a communication channel dedicated to providing insight, analysis and up-to-the-minute information about emerging trends and solutions in Big Data. The publication sheds light on all cutting-edge technologies including networking, storage and applications, and thei...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...