Artificial Intelligence Authors: Pat Romanski, Liz McMillan, Yeshim Deniz, Zakia Bouachraoui, Elizabeth White

Related Topics: Artificial Intelligence, Containers Expo Blog

Artificial Intelligence: Article

The Machine Is Now the Data . . . How Does That Affect Compliance?

Five questions that CIOs should ask virtualization vendors as it relates to compliance

In IT terms, virtualization is cool. The rewards include cost savings, agility, and flexibility. Enterprises reap the benefits of virtualization through a much more efficient use of IT personnel and resources, faster delivery time of applications, higher availability/service levels, and additional capabilities such as high availability and disaster recovery. No wonder data centers worldwide are being transformed by going virtual.

Now for the bad news: there are definitely serious drawbacks, especially around compliance. If you think about virtualization, the hypervisor is now the lowest part of the stack, existing below the operating system and application. The virtual infrastructure is also a platform, which provides a lot of management functionality, as well as capabilities that historically used to require physical data center access (migrate virtual machine, reconfigure virtual network, copy/snapshot virtual machine). Therefore, companies that are subject to compliance regulations need to ensure that the virtual infrastructure meets compliance standards. For example, strict role-based access control needs to be enforced at the virtualization level, and detailed audit logs need to be mandated.

In addition, virtualization creates a much more dynamic environment with a much higher rate of change. For example, with live migration, a virtual machine can be moved from one physical host to another instantaneously. With DRS (Dynamic Resource Scheduler), live migrations can be set to happen automatically for load balancing - for a company running DRS, a typical VM could move three to four times a day. Of course, the new "dynamicism" and much higher rates of change means that organizations need to find different ways to map and enforce policy around their IT environments. Monolithic mappings and central database policy management systems can't keep up with such a fluid environment.

With virtualization - for the first time - the machine becomes the data. A server that used to be thought of as a physical box is now a flat file that can be copied, moved around, accessed, and exported. This presents at least two major problems for, say, multinational conglomerates. The first is data security - given that the VM is now portable, someone can copy or snapshot a VM, take it home and run it on any hypervisor. The second - and often more overlooked - problem is that because of portability, many multinationals are potentially in violation of export control laws and tightly coupled compliance regulations like Sarbanes-Oxley.

Export control laws have strict mandates around the ability to export technologies and systems. These apply not only to products being sold internationally but also to internal technologies and systems. Therefore, any foreign subsidiary is under the mandate of export control laws, and companies need to pay strict attention to what is moving internationally between offices.

This was a lot easier in the physical server world - moving a system from a data center in the U.S. to one in, say, France meant putting it in a box and calling the shipper. With virtualization, the machine is now considered data and can be copied easily across WAN connections.

With that in mind, here are the five questions that CIOs should ask virtualization vendors as it relates to compliance:

  • Visibility/Reporting: What does each vendor provide to give me a continuous - summary and in-depth - look at my environment?
  • Isolation: What are the vendors providing to enable isolation and proof?
  • Access Management: What levels of control are provided for adequate role separation and access management to the virtual infrastructure for management and user access? How granular is the logging?
  • Portability control: Which controls are provided to limit who can snapshot and make copies of virtual machines, and where they can be copied, moved or archived?
  • Automation: What is available to enable automated configuration and patch management?

At the end of the day, the ideal is to guarantee that you are not breaking any laws when you run virtualized data centers.

More Stories By Eric Chiu

Eric Chiu is CEO and founder of HyTrust, an early stage startup focused on secure virtualization management and compliance. He has in-depth knowledge about what’s needed to achieve the same level of operational readiness in virtual, as in physical I.T. infrastructures. Previously Eric served in executive roles at Cemaphore, MailFrontier, mySimon, and was a venture capitalist at Brentwood/Redpoint, Pinnacle, and M&A at Robertson, Stephens and Company.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

IoT & Smart Cities Stories
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or per...
A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to great conferences, helping you discover new conferences and increase your return on investment.
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...