To bring VM sprawl under control, virtual deployments need the same controls as physical deployments.
Sure, security risks to your virtual systems exist. Some are rare, like virtual rootkit attacks and other theoretical vulnerabilities. Others are more practical, such as the potential loss of visibility into intraserver network traffic on a physical host. And because it's so easy to deploy virtual machines, it's easier than ever for servers to spawn like dandelions--so-called VM sprawl. This creates the risk of unauthorized, rogue servers being deployed.
But these risks are no different than the risks organizations face every day securing their physical networks. To bring VM sprawl under control, virtual deployments need the same controls as physical deployments. Server-hardening practices, penetration tests, and whatever procedures are followed by physical deployments must be followed by virtual ones. When it comes to securely introducing and managing virtualization to production environments, success in enforcing these basic practices is half the battle.
Security success has always involved the right mix of smart people, good processes, and solid technologies. What's made virtualization security different is that, until recently, few virtualization-specific security and management tools were available to get the job done. Fortunately, startups are rapidly filling this void.
Consider newcomers Altor Networks and Fortisphere. Both promise to help keep those sprouting VMs under control. Altor's Virtual Network Security Analyzer spots and manages virtualized network traffic, while Fortisphere's operational life cycle manager, Virtual Insight, inspects, tags, tracks, and reports on all virtual machines as they move throughout preproduction and production systems.
A number of startups are promising to bring established network security tools to the hypervisor.
Another startup, Blue Lane Technologies, provides virtual patch and security protection for hosted VMs as well as physical servers--a useful shield to help calm the maddening patching process.
One of the unique challenges to securing virtualized environments is the loss of visibility by traditional network security tools into intrahost VM traffic (see story, "Virtualization Has A Security Blind Spot"). As a workaround, many companies segment their intraserver traffic and route it to their wired network where it can be vetted by traditional intrusion-prevention systems, anti-malware software, and traffic analyzers.
This is a kludgy solution at best. What's needed is a way to bring those established network security tools to the hypervisor, and a number of startups are promising to do just that.
Catbird Networks' HypervisorShield protects the hypervisor management network from unauthorized access. The company also provides what it calls a VMware hypervisor-specific intrusion-prevention system for virtual subnets, so companies routing virtual traffic out to the physical wire may not have to perform such LAN gymnastics any longer. And Montego Networks' HyperSwitch integrates network policy enforcement and access control into virtual switches for policy-based virtual network partitioning and switching, as well as load balancing.
Then there's Reflex Security, an old-school IPS vendor that recently retooled itself to specialize in virtualization security. Its Virtual Security Appliance profiles virtualized assets and traffic flows and offers intrusion prevention, anti-malware, and other security capabilities to the hypervisor.
While business will have to keep an ear open for those theoretical hypervisor vulnerabilities, they'll want to keep both eyes focused on operational controls and choosing the virtualized security systems that make sense for their environments.
Google in the Enterprise SurveyThere's no doubt Google has made headway into businesses: Just 28 percent discourage or ban use of its productivity products, and 69 percent cite Google Apps' good or excellent mobility. But progress could still stall: 59 percent of nonusers distrust the security of Google's cloud. Its data privacy is an open question, and 37 percent worry about integration.
CIOs Get Smart About BIIT’s tried for years to simplify business intelligence efforts. Have visual analysis tools and Hadoop and NoSQL databases helped? Respondents to our 2014 InformationWeek Analytics, Business Intelligence, and Information Management Survey have a mixed outlook.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.