How to scan for malware in the private cloud – without the performance hit

Chief security officers and their teams have the unenviable task of striking the proper balance between cybersecurity protections and business efficiency and flexibility. Layer on too many security controls and processes and your business productivity can take a hit. Scale back security too far and you put your company’s data, operations, and reputation at serious risk.

This security/productivity balance can prove especially challenging when you add cloud computing to the mix. Whether private cloud, public cloud, or a hybrid mix, cloud deployments introduce security challenges and needs that sometimes require solutions different from those that work perfectly well in traditional IT environments.

Most people associate cloud security concerns with the placement of sensitive data in public cloud data centers, or the transmission of data between public and private clouds. But many of the security challenges associated with private cloud computing can be traced to the virtualized infrastructure that gives these environments their flexibility, efficiency, and easy scalability. Most notably, implementing hundreds or thousands of virtual machines with traditional antivirus (AV) solutions can be like pouring molasses into the gears of your business operations.

The problem is that AV programs designed to run their scans on physical servers can siphon off too much memory and processing power when they’re deployed on every virtual machine in your private cloud environment. These resource demands can dramatically reduce the VMs’ ability to perform their core business functions whilst decreasing VM consolidation ratios.

Solving the AV cloud conundrum

This AV-cloud disconnect is no minor issue. In a 2015 SANS Institute survey, 9% of IT security professionals admitted to experiencing breaches to their public or private cloud infrastructures. Of those that had suffered cloud breaches, 55% said they were hit by a malware or botnet infection, the top form of attack experienced.

Faced with these hard realities, more companies are turning to AV solutions designed specifically to protect virtualized environments. The concept involves offloading AV scanning, configuration and .DAT update operations to a security virtual appliance (SVA). Cleared files (or those signed by trusted certificates) reside in the SVA’s global cache and can be called by the VMs without having to go through additional scanning.

One large retailer with hundreds of locations worldwide needed to protect an IT environment that includes more than 25,000 virtual clients, 5,000 virtual servers, and 50 VMware hosts. After deploying a solution that centralized the AV function on an SVA, the retailer was able to update one SVA per hypervisor instead of having to redeploy and update software on each client.

Offloading the AV function from the VMs in cloud environments not only helps keep day-to-day business operations running smoothly, it can also prevent debilitating “antivirus storms” that sometimes occur when a non-optimized AV solution simultaneously scans multiple VMs on a server. When it comes to securing your virtualized cloud environments, you shouldn’t have to compromise on business productivity, efficiency, or TCO.


Copyright © 2016 IDG Communications, Inc.