Software
News
5/12/2008
04:45 PM
Connect Directly
RSS
E-Mail
50%
50%

Virtualization Has A Security Blind Spot

Along with the flexibility and agility gained through virtualization comes a loss of visibility into network traffic.

The race is on. As organizations successfully slash the costs associated with buying, powering, and maintaining physical servers by embracing virtualization, are they leaving their systems vulnerable? Maybe so. Companies' efforts to virtualize are moving beyond the simple consolidation of servers and applications to fewer physical boxes, but there's an additional risk that can parallel the reward. And the risks lie not only where many might suspect--with the hypervisor or virtualization software itself--but also with the impact virtualization can have on traditional network and security controls.

InformationWeek Reports

Virtualization software, primarily the hypervisor, is no different than any other software application: It's bound to have defects and security bugs. What sets hypervisors apart is the risk of so-called "hyperjacking," a successful attack that leads to a compromised hypervisor, giving an attacker unfettered access to all virtual machines on the physical server. This could be quite the compromise, given that anywhere from a handful to dozens of VMs could be running on a single host.

While the consequences of a compromised host can be dire, it's generally thought that the vulnerabilities of the hypervisor are the least of a security professional's worries. "Virtualization security has nothing to do with the security of the hypervisor," says Andreas Antonopoulos, an analyst at Nemertes Research. "It has to do with the fact that we're fundamentally changing the IT architecture, operational patterns, deployment life cycles, and management methods of our servers. These issues will create more security issues for organizations than the hypervisor itself."

Along with the flexibility and agility gained through virtualization comes a security blind spot--the loss of visibility into network traffic. "You lose granularity on the network traffic between your virtual servers because that traffic never leaves the physical box, and your traditional security tools won't be able to analyze the traffic," says Lloyd Hession, an independent IT security consultant and former chief information security officer at financial network services firm BTRadianz.

Five Laws Of Virtualization Security
1 All existing OS-level attacks work in the exact same way
2 The hypervisor attack surface is additive to a system's risk profile
3 Separating functionality and/or content into virtual machines will reduce risk
4 Aggregating functions and resources onto a physical platform will increase risk
5 A system containing a trusted virtual machine on an untrusted host has a higher risk level than a system containing a trusted host with an untrusted VM
  Data: Burton Group
This lack of visibility into virtual network traffic is only likely to grow more troublesome as organizations move beyond simply stuffing less-than-mission-critical systems onto fewer physical hosts. More companies are beginning to manage more virtualized servers in the data center, and these servers are running mission-critical applications. Research firm IDC predicts that companies will invest nearly $11.7 billion in virtualization services by 2011, up from $5.5 billion in 2006.

Consider the experience of health care industry software services provider Quantros, which provides hospitals and health care providers with on-demand software that helps manage patient safety tracking, accreditation, and compliance. Last year, the company began investigating ways it could revamp its then-aging network. "Our network was expanding, and it was becoming cost-prohibitive to keep adding new physical servers," says Bryan Rood, director of Internet data center services at Quantros.

To help save costs while expanding its network, Quantros turned to VMware's ESX server virtualization platform to virtualize a number of its Web and development servers. "This was an ideal area of our infrastructure to start, and there was a strong business case for virtualizing these systems," Rood says.

BUILD ON SUCCESS
Following the initial success, more virtualization efforts got under way, including virtualizing systems used for quality assurance. It soon became clear that Quantros' servers, which today consist of 55 physical and 40 virtualized servers, faced security challenges. First, traditional network-based intrusion-prevention systems wouldn't be able to protect multiple virtual servers on a single host from attacks on each other. And maintenance and patching cycles grew challenging, as they always do. Also, considering the ease at which virtual servers can be dispatched, Rood needed a way to make sure each virtual system adhered to the company's strict security and patch-level policies.

Quantros turned to Blue Lane Technologies and its ServerShield, which not only successfully identified and protected Quantros' physical severs, but all of the virtualized instances on those servers as well, Rood says. Blue Lane, which has its roots as a virtual patch proxy, is enhancing its technology to better protect virtual environments. Last year, the vendor made available its VirtualShield, which is specifically designed for VM-to-VM traffic-flow analytics and enforcement.

DIG DEEPER
VIRTUAL RISK
Don't rush into virtualization without fully considering its impact on your information protection practices.
These are the types of security challenges that companies turning to virtualization need to be prepared for. "Most companies, when they started down this path, did so for their lab and testing systems. They found they could save some money and get additional business agility," says Kurt Roemer, chief security strategist at Citrix Systems. "But they didn't ask how virtualization would change their existing network infrastructures. The traditional controls are now abstracted."

That has security pros and audit teams a bit prickly. "They want to see how these virtualized environments will function and deliver the same security posture, availability, latency, and deliver on the SLAs that they enforced prior to moving to virtualization," says Chris Hoff, chief architect of security innovation at Unisys.

diagram: Virtualized Security In The Data Center

(click image for larger view)

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Google in the Enterprise Survey
Google in the Enterprise Survey
There's no doubt Google has made headway into businesses: Just 28 percent discourage or ban use of its productivity ­products, and 69 percent cite Google Apps' good or excellent ­mobility. But progress could still stall: 59 percent of nonusers ­distrust the security of Google's cloud. Its data privacy is an open question, and 37 percent worry about integration.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 24, 2014
Start improving branch office support by tapping public and private cloud resources to boost performance, increase worker productivity, and cut costs.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.