In-Depth
Overcoming Security Objections to a Virtual Infrastructure
Proper planning that includes addressing security will help you reap the benefits of virtualization and satisfy those who ensure business continuity and protect corporate data.
by Mike Wronski
In these tough times, the promise of potential savings from the deployment of virtualization is hard to ignore. IT teams understand the concepts of consolidation to gain better hardware utilization, increased flexibility, and increased manageability. However, in many cases project roadblocks arise from concerns about network and data security in virtualized environments. Security of a new environment is always an important consideration, but often the security objections to virtualization are due to a lack of knowledge of or involvement in the virtualization project. With proper planning and involvement, common security objections can be removed.
A common and hotly debated objection comes from the threat of hypervisor escape. Under this scenario, it may be possible to directly attack the hypervisor from a single compromised virtual machine. If successful, the attacker would then gain access to all virtual machines running on that server.
Today, this type of attack is only theoretical but definitely plausible considering hypervisors are software, and software will always have its share of defects. However, as an objection to virtualization, the relatively low likelihood of a potential breach does not warrant halting virtualization initiatives. Of the attack vectors available in a data center -- virtualized or not -- it is far more likely that breaches will come from simple misconfiguration or exposure due to missing operating system patches than from a successful hypervisor escape.
The theoretical aspect of escape does not minimize the need to segment the virtual network using the same criteria of business criticality and data sensitivity defined by security best practices. In other words, virtualization does not automatically equate to “putting all your eggs in one basket.” Proper segmentation -- one that combines physical and virtual segmentation -- can produce solid zone segmentation of critical workload. Virtual network segmentation allows deployment of guests of different sensitivity levels onto shared infrastructure while enforcing policy based segmentation (without requiring physical hardware), which translates to better utilization of the shared computing resource.
Today, virtual segmentation is available through an array of virtual security appliances, differentiated more by their management options and user interface than the technical implementation of segmentation. VMware is introducing the VMsafe API in an upcoming release, enabling security vendors to offer products that segment and protect the network in a more optimized fashion. Imagine the ability to write comprehensive network policy that is bound to the guest and is enforceable regardless of location in the virtual infrastructure. A well-segmented network helps to protect against today’s real threats and the theoretical threats of tomorrow.
Another major objection is also one of virtualization’s strengths: agility. The virtual data center is a dynamic environment. It offers ease of virtual machine deployment and configuration change which translates to an environment that can quickly adapt to business needs. In a virtualized data center, administrators can deploy and clone virtual machines, migrate guests to other servers, and alter resource (CPU, RAM, disk) allocations with point-and-click simplicity. The flip side to such an environment is that malicious or accidental actions can have far-reaching and potentially disruptive consequences. Dynamic and rapid change can lead to increased risk from misconfiguration, an inability to track virtual machines (i.e., virtual sprawl), or guard against operational policy violations.
For example, in the simple case of accidental misconfiguration, a critical Web server has its network interfaces mapped to the wrong physical network by altering a VLAN ID and connectivity is lost. Determining the root cause of this simple misconfiguration can be hugely time consuming. With multiple administrators, no physical cables to trace, thousands of guests, and many similarly named virtual networks, finding the offending configuration change becomes the virtual equivalent to finding a needle in a haystack.
The most efficient way to rein in the dynamic environment that virtualization creates is by enhancing existing operational policies that provide a deeper understanding of both the virtual and physical network. As experienced IT professionals know, a policy is only as good as the discipline by which it is adhered to. To ensure that policy is followed, purpose-built tools that can monitor, track, and audit the activity in the virtual environment should be deployed. However, to be truly effective, these tools must also provide the visualization and “traceability” needed to understand how and where virtual machines are being deployed. They must create an auditable evidence record of who is administering those machines and what changes are being made to the virtual machines and to the virtual infrastructure. With such an audit tool in place, the outage created by a simple configuration mistake described above can be traced back and quickly rectified.
One last cause for security objections stems from a lack of inclusion or consideration of information security departments when planning virtualization deployments. It is important to involve these teams from the beginning. In many cases, objections are due to a limited understanding of virtualization and the available options.
The situation can be compounded by existing network security and visibility tools not providing the same detailed information for virtual networks that security teams are accustomed to. In the traditional, non-virtualized network, it is possible to take inventory of servers, trace cables, and use network based tools to discover networks and servers. Once virtualized, much of that ability is lost. Virtualization makes it possible to create networks that existing tools simply can’t see.
Virtual security appliances that provide network-level intelligence can fill the gaps left by legacy tools. Another benefit of virtualization allows these appliances to provide highly accurate network maps and guest inventory that is not possible using tools that leverage passive network discovery methods. With the right tools in place, visualization and inventory accuracy can actually be more effective in virtual environments.
Though hypervisor vendor management tools can provide some basic visualization, those tools are designed for the virtual administrator. A tool that can provide a view of the entire environment and present security in this context will ensure security teams have the visibility and control they need to fulfill their duty to protect their infrastructure.
The simple lesson to be learned here is that virtualization, like any new technology, will present its own security challenges. However, with proper planning and a concerted effort to make security part of that planning process, it will be possible to reap the benefits of virtualization and satisfy those whose job it is to ensure business continuity and protect corporate data.
Mike Wronski is a vice president of product management for Reflex Systems, a provider of virtualization management and security solutions based in Atlanta, GA. You can reach the author at mike@reflexsystems.com