Virtualization's Next Frontier: Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Virtualization's Next Frontier: Security

Virtual machines can improve a system's security, but beware of the many pitfalls.

The good news about virtual machines is that they're easy to set up, they can run a variety of operating systems and applications on the same host, and they can isolate different workloads. That's also the bad news, particularly when it comes to protecting your proliferating virtual servers from attack. Time to seize on virtualization's ability to improve security while avoiding its security pitfalls.

Blue Lane Technologies last week introduced the equivalent of an intrusion-prevention system for virtual machines running the VMware Infrastructure 3 platform. Its VirtualShield software, which sits between the host system's hypervisor and its virtual machines, is designed to block malware from reaching the VMs, which are vulnerable if their applications don't have the latest patches.

VirtualShield "plays zone defense" for all of a server's virtual machines rather than guarding each one individually, says Allwyn Sequeira, senior VP of product operations for Blue Lane. "We emulate the behavior of a patch so you don't have to touch every server, although we're not replacing the patch itself," he says.

About two-thirds of the 150 IT executives recently surveyed by InformationWeek say their companies are implementing server virtualization. Deployments will only grow as Linux players ratchet up their support.

Red Hat has added the Xen open source hypervisor to its Enterprise Linux version 5, introduced last week. Also last week, Novell said that users of SAP NetWeaver and the mySAP Business Suite can implement instances of that software on virtual machines running on its SUSE Linux Enterprise Server 10, which ships with Xen. IBM has also contributed to virtualization security by developing an extension called sHype that ties security policies to virtual servers.

In a virtualized environment, IP addresses change as virtual machines are created, disbanded, or moved from one physical server to another. Because most security is designed to associate an IP address with a location, it becomes harder for firewalls and intrusion-prevention systems to recognize the need to protect virtual servers, says Andreas Antonopoulos, an analyst with Nemertes Research. "That's not a problem with virtualization; it's a problem with security," he adds.


Virtualization Security



>> Isolating virtual servers protects against buffer overflow attacks

>> Hypervisors permit a diversity of operating systems on same hardware

>> Little malware directed at hypervisors today

>> One infected virtual server can spread malware to others

>> Easier to create new servers that don't adhere to security policies

>> Timely patching more important than ever

A big concern for Paul Asadoorian, lead IT security engineer at Brown University, is the possibility that one compromised virtual machine could infect all VMs on a server. "So many people have their servers connected to a private network but still allow Web surfing from a virtual machine on that server," he says, a situation that defeats the purpose of closing a server off to the public network. One product, Reflex Security's Virtual Security Appliance, creates and enforces security policies between virtual servers and even virtual networks.

Virtual machines can, in fact, improve a system's security. When they're set up to run different applications within a host server, they can keep buffer overflow attacks from bringing down the entire server. That's because each virtual machine is allocated a certain amount of memory space and can't steal memory from an application running in another VM.

Virtualization also aids in disaster recovery by making IT environments more portable, says Burlington Coat Factory CTO Michael Prince. Another virtue of virtual server security is the ability to run multiple operating systems on the same server, creating a more diverse environment that can't be shut down by malware that targets Windows or Linux.

Blue Lane's VirtualShield buys companies time until they can patch the applications and operating systems on their virtual servers. It may not solve all of virtualization's security challenges, but it's a step in the right direction.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Python Beats R and SAS in Analytics Tool Survey
Jessica Davis, Senior Editor, Enterprise Apps,  9/3/2019
IT Careers: 10 Places to Look for Great Developers
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/4/2019
Cloud 2.0: A New Era for Public Cloud
Crystal Bedell, Technology Writer,  9/1/2019
Register for InformationWeek Newsletters
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll