Analytics Brief: Securing The New Data Center
Virtualization changes the rules for how companies secure their data and their computing infrastructure.
November 29, 2007
In a recent InformationWeek poll, 70% of respondents report they're running at least one virtualized server, yet less than 12% have a security strategy tailored to their virtual environment. Given the relative nascence of virtualization offerings for the x86 platform, this doesn't come as a shock, but that also doesn't mean it's acceptable. Of those without a security plan in place, almost half believe that virtual machines are as secure as traditional servers, while another 18% admit they don't know whether virtualization changes the rules of the game for security (see chart below of responses filtered for "no plan in place").
There's little doubt that virtualization is an important and disruptive technology that will, in a relatively short period, change the face of the data center. Because virtualization is so disruptive, it also will clearly change the rules for how enterprises secure their data and their computing infrastructure. And, while we don't believe that virtualization should remain off limits until a security strategy is fully nailed down, smart organizations will develop security and management strategies as they develop deployment plans for virtualization.
New threats to security come on two fronts. The first and most obvious is the additional software footprint represented by virtualization. On the desktop, virtualization is often implemented as an "application" that runs as a process under a desktop operating system, like Windows. For servers, hypervisors have emerged as the preferred method for introducing a hardware virtualization layer between the "bare metal" hardware and general-purpose operating systems.
As such, hypervisors represent a relatively slim attack vector as they're often implemented in less than 100,000 lines of code. When compared with the millions of lines that make up a general-purpose operating system, creating a bulletproof hypervisor is a more realistic goal, but flaws will still exist, and exploits will be created. All the major players report that building a secure hypervisor is a top priority. VMware's CTO, Mendel Rosenblum, goes so far as to boast that no security holes will show up in VMware's ESX product because of design flaws--of course, that leaves open the possibility of implementation errors. Unfortunately, the enterprise is left with little other than vendor assurances to work with. While tools exist to detect rootkits and other compromises on conventional operating systems, no tools exist to detect their presence in the hypervisor.
GETTING SECURE
Help will probably come in two forms. First, it's likely that as virtualization becomes more mainstream, hardware vendors will design end-user systems from the ground up to provide administrator-controlled VM partitions and hypervisor layers, making it harder for malware to enter systems.
A better fix uses the Trusted Platform Module found in most new x86 based systems. Using the TPM, software authenticity can be tested and inter-VM traffic can more easily be encrypted. Using the TPM's ability to sign software makes it easier to determine that a system image has been altered and that it should be assumed to be compromised. Since the TPM is designed to be a tamper-proof hardware approach to encryption and software signing, it should help substantially in validating that software of all stripes hasn't been corrupted by malware or by other means.
The other substantive threat is a byproduct of how multiple virtual machines communicate with each other on the same system; that, along with the ability to move running VMs from machine to machine, renders most network-based security products much less effective.
One of the first production uses for x86 virtualization has been server consolidation. The idea is that a single powerful server running a number of VMs can replace potentially dozens of older, lightly loaded individual servers. With so many VMs running on a system, the amount of communication between them can be significant. For intraserver communication between VMs, all virtualization products create a virtual switch, which is then shared by all VMs on the server. External network security tools from firewalls to intrusion detection and prevention systems to anomalous behavior detectors are all, by definition, blind to network traffic that never leaves the physical server.
One approach to securing multiple VMs on a single server is to ensure that all the VMs are running similar operating systems and that each has been properly patched. The notion is that if all systems running on a given server are similarly secure, their communications will be, too. Security products like host-based firewalls should be in place to provide what security they can.
A better solution is to use tools that are specifically intended to improve the security of virtualized environments.
Virtual appliances are, as the name suggests, VMs with a minimized and hardened operating system that's been configured to precisely meet the needs of the appliance's one application. The idea is to minimize or eliminate any operating system configuration work on the part of the end user, permitting rapid and consistent deployment with relatively little expertise required from the installer. Applications for virtual appliances range from grid computing to SaaS to security.
Though a virtual appliance can be created for any virtualization environment, VMware is ahead of the field and has created a marketplace along with a try-before-you-buy Web site. More than 100 security-related virtual appliances are listed on the site. Only a fraction of those are from commercial vendors. The rest are applications created by internal groups or open source collaborations.
Among the vendors listed are Astaro, with a unified threat management appliance; Blue Lane, with a virtual patching appliance; Catbird, with a security agent; and Reflex, with an intrusion prevention appliance. As this group indicates, virtual appliances, much as their physical-world kin do for the legacy data center, can fill many of the security gaps created by a virtualized environment.
Also In This Report
>> Chipset futures: We look at the latest offerings from Intel and AMD and analyze how their architectures affect security
>> From the experts: Insights from Intel's Steve Grobman, Citrix's Simon Crosby, and VMware's Mendel Rosenblum
Get the full-length report at businessinnovation.cmp.com/
governance
While the tools to create a secure virtualized environment are now showing up, it would be a mistake to think that virtualization security is just about buying a different set of security tools. Greg Shipley, CTO of security research company Neohapsis, offers this advice: "Take a hard look at what threats you actually think you're facing, and what tools or techniques (which might not involve a technology purchase!) are out there to help mitigate them." Shipley maintains a healthy skepticism of security software vendors. He "can't help but wonder if some of the vendors out there are simply looking at all the virtualization going on and saying, 'Hey, how do I sell security to all these VMware shops?' I think part of the burden on us users/consumers of the technology is to discuss what the true threat vectors are and then look to at tools."
Virtualization will change the face of computing from the desktop to the data center. Getting security right requires reassessing the approach to and goals for security. Platform and network security, which have been the mainstay of most security efforts to date, will give way to securing data and restricting its use to only those who are, by policy, allowed to use it.
Read more about:
2007You May Also Like