Over the past few years, virtualization has gained a lot of attention as widespread use of virtualized servers has escalated in the enterprise and in the cloud. Organizations have realized great benefits from virtualization technology, including optimized use of network systems and resources, reduced expenditures on power and physical infrastructure, and simplified management.
Many IT professionals are starting to investigate how this new technology makes their networks and data centers less secure than non-virtualized environments. Unfortunately, as with the introduction of any new technology, “newness” often overrides common sense and, as such, it seems that almost every virtualization solution has been designed with security as an after-thought or--even worse--ignored completely.
Organizations that are deploying virtualization technologies need to understand the unique security concerns that are introduced by the technology, as well as the solutions that can be immediately deployed and those further down the roadmap.
New Network Security Challenges
A benefit of virtualization is that many physical servers can be collapsed onto a single server, which reduces the need for additional equipment. However, in the absence of physical network aggregation points, like a switch or router, organizations can potentially lose the vital ability to watch all network traffic due to these “blind spots.” Businesses that deploy virtualized servers must analyze and evaluate solutions that can provide the requisite visibility into network conversations and activities within the virtualized environment.
A hypervisor acts as the gatekeeper of the virtualized machine. Although there are different types of hypervisors available, one thing that is certain is that it is new software that must be vetted based on its impact to the security posture. Malicious code, which will compromise vulnerabilities in the software, will almost certainly be developed and organizations will need to consider security controls that can detect and isolate potential threats to the hypervisor software.
The Double-Edged Sword of Simplified Server Management
There’s no doubt that a virtualized environment enables simplified management in many areas. With a few keyboard clicks, a systems administrator can quickly add, delete, and optimize servers on the network, making the tedious task of unboxing, configuring, and deploying racks of servers a thing of the past.
However, the flip side to this simplified management is what some are calling virtual “sprawl,” that is, uncontrolled growth in the use of virtualized servers. Organizations must be aware of this potential problem and ensure controls are put in place to minimize the risk.
Protect the Network through Common Sense
To some IT professionals, meeting the security challenges introduced by virtualization may seem daunting. Most security concerns, including those around virtualization, can be addressed, however, through existing common-sense security practices that span people, process, and technology. The following practical controls -- including securing virtual and physical servers in a uniform fashion, enforcing change control policies, and increasing visibility -- will greatly improve an organization’s ability to mitigate the risk of potential threats introduced by a virtualized environment.
Since virtual servers are just as susceptible to vulnerabilities as physical servers, organizations must define and implement appropriate security measures to protect the applications and information that reside on a virtualized server. This includes a set of server-side security applications, such as firewalls, antivirus, host intrusion protection, and server/application monitoring solutions. The fact that a virtualized environment may introduce visibility gaps is even more important in these environments where server-side security solutions are deployed.
Virtualized sprawl is a real risk to an enterprise. The ease in which new services can be introduced is exciting, but can also quickly spiral out of control leaving areas where services are quickly compromised. Organizations should adhere to strict change controls so that the new process of adding a new virtual server is no different than adding a physical server.
Leveraging effective monitoring technologies for the virtual hosts and at network aggregation points can significantly improve an organization’s ability to detect and mitigate network threats. Improving this ability further is the use of network behavior solutions that can detect anomalies that fingerprint threats, which may not be detected by other security solutions. Organizations that have invested in enterprise-wide network monitoring and behavior analysis solutions gain a significant advantage in detecting and isolating threats to the virtual and physical infrastructure.
Tools Exist Today to Support IT Security Best Practices for Cloud Computing
The phrase Virtual Network Security Management, or vNSM, is not widely used, but it is an appropriate reference that highlights how best-in-class network management solutions extend beyond the traditional and into the virtual realm. Specific features that provide immediate value to virtual server deployments include complete log management capabilities and security information and event management (SIEM) solutions.
While log management is a powerful network security tool, one of its major shortcomings is its ability to adapt to new surveillance sources beyond simple logging. However, some vendors offer more flexible and adaptable log management capabilities that collect and manage network and security events from virtual deployments including, virtual servers, third-party virtual security solutions, and traditional security applications.
Once all of the relevant events and logs are collected, it is critical to correlate that data to quickly isolate event patterns that might indicate a security threat. It is important to select a SIEM offering that enables the creation of custom rules and processes to monitor specific virtual threats, including virtual sprawl, virtual hacking, and hypervisor threats.
Security policies for cloud computing and the virtual world are still being defined and, like any new technology, virtualization introduces new security challenges. Like the physical server environment, the implementation of well thought out security controls will greatly improve an organization’s ability to manage the security implications of virtual technologies.
Preventative maintenance, through the use of common sense management approaches, coupled with the technical support of a capable network and security management offering, are key considerations that IT professionals must consider when moving into this space. Only then, can an organization look itself in the mirror and ask if they truly have the upper hand in combating threats, regardless of where they reside on the network or in the virtual cloud.