Most organizations in the banking industry have already discovered the potential that server virtualization offers to reduce costs while enabling greater agility and IT responsiveness. Organizations that have embraced virtualization are gaining advantage, and perhaps more importantly in today's economy, driving real savings to the bottom line. Data centers are cheaper with virtualization, often significantly so. A recent IDC study estimated that by adopting virtualization, organizations can expect savings of 35 to 52 percent in infrastructure costs, which is a significant part of an average data center budget. The more you virtualize, the more you save. Server virtualization breaks the bond between physical resources and the software that uses them, delivering immediate benefits such as:

Ultimately, virtualization can be used to significantly improve scalability, availability and business continuity for the banking industry. But the benefits come with major challenges; especially when it comes to management, control and compliance. Unfortunately, the characteristics that make virtualization a game-changer also create issues when it comes to management and control. Governance that relies on physical-era assumptions, such as physical server identity, data separation and isolation, does not work with server virtualization. Take Sarbanes-Oxley (SOX), regulatory compliance for example. There are a number of common IT controls and best practices that will be affected by virtualization. First, most organizations reduce the nuisance of SOX compliance by segregating affected applications using infrastructure to restrict servers to a specific sub-network. This works well in the "physical" data center, but a VM's mobility can ignore this restraint. Are you supposed to audit every virtual host? And even if you did, could you confidently identify a SOX applicable VM that now resides on another virtual host outside the containment zone? Second, chronological event data needs to be collected so that system and data processing can be reviewed, examined and reconstructed as required. The underlying assumption that systems stay where they are placed makes it easy to match server logs with systems installed on them. But what if systems, or parts thereof, are moved as a result of maintenance, load balancing or disaster recovery? How do you ensure that various event logs are kept straight, especially if a VM was moved onto another host for a period of time and then returned to its original one? Finally, access control is a specific requirement of SOX for application users as well as IT administrators. Virtualization can change this dynamic considerably. Take for example, the provisioning of a new server. In the "physical" data center this was a well established and auditable procedure. In the "virtual world" however, a server can be created with a couple of clicks of a mouse, and theoretically, if a server can be seen on the network, a VM can be deployed to it, with or without the normal approvals that the old process required. Virtualization is going to have an impact on the way audits are performed and compliance, especially when it comes to existing traditional (i.e. physical based) processes and procedures. In many ways a server is a server, and there are a lot of commonalities between the virtual and physical kind. To some degree the requirements haven't changed, but the implementation has. For example:

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access