Analyst Insight Series: Virtualization Virtue #2: Stronger Cloud Security and Fault Tolerance

Guest post by Jean Atelsek, S&P Global Market Intelligence

This blog is the second in our series on the benefits and trends of virtualization (read the first blog here, and a companion to the 451 Research Business Impact Brief "The virtues of virtualization."

Securing infrastructure, applications and data has always been a tall order for IT, and it grows taller in modern distributed environments: attack vectors multiply as endpoints are added, and access and identity management becomes more complex. The inherent security enabled by virtualization is a key factor behind the staying power of virtual machines in today's IT estates. VM isolation, network micro-segmentation and live migration allow operations teams to protect the environment and secure data while maintaining high availability.

The scale and sophistication of cyberattacks has surged with growing internet connectivity and AI-driven automation: NIST's National Vulnerability Database shows that in 2024, a record-breaking 40,009 new common vulnerabilities and exposures (CVEs) were discovered, up 38% from the prior year. 451 Research's Voice of the Enterprise: Information Security, Budgets & Outlook 2024 survey reveals the impact on security teams, with cloud security, AI/ML implementation, GenAI, and data privacy cited as the top pain points.

Not long ago, securing applications was seen as an afterthought, with controls applied after development and before deployment into production, but in today's dynamic environments this is no longer sufficient. The key is to "shift left" and apply controls by default without losing up-to-the-minute availability of resources for developers. Virtualization accomplishes this by creating an isolated environment for each virtual machine, thereby reducing the attack surface, ideally with out-of-the-box configurations for protecting data, implementing hardening and security best practices, authenticating users (including non-human identities such as AI agents), and rotating certificates automatically.

To ensure high availability, VMs benefit from redundancy-periodically saving snapshots in a remote location so configurations can be restored in case of an outage-and the ability to do live migration between physical hosts. Because virtualization defines machine characteristics in software, failover can be "designed in" to the environment to automatically recover without impacting the user experience. This advantage applies not only during emergencies but also when upgrading underlying hardware. Enterprises don't have the luxury of starting with a clean sheet of paper when their servers, storage, and networking equipment need to be refreshed-"keeping the lights on" is a necessity for mission-critical workloads that may embody the core of a business's DNA. The ability to replicate and test applications on net-new infrastructure without interrupting customer-facing services gives companies the assurance they need to swap out aging devices for more efficient and performant equipment.

Micro-segmentation offers similar protection for networks: by virtually breaking the network into small, isolated and individually addressable segments, the blast radius of any attack is reduced, limiting lateral movement if an environment is breached. This, along with granular access controls, makes it possible to architect a virtual environment with safeguards at multiple layers, with encryption at the VM, storage and networking levels.

The same principles apply when it comes to securing data. Because virtualization compartmentalizes the IT environment and enables fine-grained access control, extra security can be applied to sensitive information, and encryption can be enforced in transit and at rest via policies that protect data as it moves through the environment. This protection can extend to data in use, with secure enclaves for processing data when applications are running.

Such capabilities are prerequisite to meeting data privacy standards in the financial services, payments and healthcare domains, as well as for enabling fast recovery from a disaster or security breach. Along with key management, the added safety of encrypting image snapshots and virtual disks can limit the impact of incidents and speed time to resolution.

Taken together, these benefits-secure VM configurations by default, high availability, network micro-segmentation, data protection and access control-make virtualization a fundamental ingredient for protecting modern IT estates. While many thought application containers, which can run without a hypervisor, would reduce the need for VMs, their versatility and value in securing infrastructure, applications and data keeps them going strong.

Looking ahead: we will discuss Virtualization Virtue #3: Supporting application modernization

About the Author:

Jean Atelsek is a senior research analyst working across the Cloud & Managed Services Transformation channel and digital economics unit of 451 Research, a technology research group within S&P Global Market Intelligence. She covers vendors and technologies that manage or optimize public and private cloud total cost of operations, performance or consumption. This includes FinOps products, platforms and providers that help organizations forecast, analyze and optimize cloud spending based on data collected from the IT environment. ​In the cloud-native universe, Jean focuses on container-native software and platforms, serverless architectures, service mesh, and the converging worlds of observability, runtime policy enforcement and application networking. She also covers technology accelerators for application modernization, including the application of natural language processing and generative AI to effect code translation.