As more businesses move from enterprise models into the cloud and begin to virtualize more of the network stack, the harsh light of security begins to pool from beneath the doorjamb. High availability networks that use virtual servers and cloud functionality generate challenges unheard of in traditional enterprise computing, so as a result the industry needs to rise to meet those challenges.

Juniper Networks is one such industry luminary whose Chief Security Architect, Chris Hoff, visited with Wikibon Co-Founder Dave Vellante and SiliconANGLE Founder John Furrier in theCube at VMworld 2011.

“A good majority of their security applications are already virtualized for QFabric,” Chris said when asked about security and virtualization by Furrier, citing Juniper Network’s flagship data center virtualization architecture QFabric. “With cloud and virtualized networks you’re dealing with the need to deliver services in a very flexible way.”

When pressed about if the cloud would pave the way for better security, Chris asks: Better than what?

Ultimately what virtualization and cloud does is drive our attention back to things that matter most: protecting information. Security in the cloud, using virtualization, is all about micro-environments and being able to control what goes in, goes on, and goes out through a security interface. By being able to collapse the perimeter that a security app needs to defend, it means that it can be much more focused on its own particular process.

Virtulization took the problems of mainframes with mandatory access control and later networks with salutary access control, poorly designed user credential frameworks, and nonexistent process security by squeezing them down to their focused components.

This, the simple nature of virtualization—of divorcing applications, data, and processes from hardware—dovetails nicely with a conversation between Furrier, Vellante, and Steve Herrod, CTO of VMware about how security apps function when reified in virtualized environments.

As virtualization shrinks the bubbles that contain the data and processes that need to be protected, virtualized firewalls, defensive perimeters, monitoring, and management can be added directly between the functionality and the rest of the network. It greatly simplifies how security applications can be applied to data flowing through a network and even allow for specialized (or even generic) policies to be applied globally and locally for different partitions of the network while still harnessing them from a central management interface.

Since each virtual machine exists in its own space that’s not tied down to a data center, a network of cables, of a specific piece of hardware, it simplifies the entire architecture when it comes to protecting that virtual machine.

The fact that Juniper Networks builds this capability directly into their data center virtualization architecture means that they’ve thought long and hard about the implications of virtual machines and their nature.