Virtualization's Next Frontier: Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Virtualization's Next Frontier: Security

Virtual machines can improve a system's security, but beware of the many pitfalls.

The good news about virtual machines is that they're easy to set up, they can run a variety of operating systems and applications on the same host, and they can isolate different workloads. That's also the bad news, particularly when it comes to protecting your proliferating virtual servers from attack. Time to seize on virtualization's ability to improve security while avoiding its security pitfalls.

Blue Lane Technologies last week introduced the equivalent of an intrusion-prevention system for virtual machines running the VMware Infrastructure 3 platform. Its VirtualShield software, which sits between the host system's hypervisor and its virtual machines, is designed to block malware from reaching the VMs, which are vulnerable if their applications don't have the latest patches.

VirtualShield "plays zone defense" for all of a server's virtual machines rather than guarding each one individually, says Allwyn Sequeira, senior VP of product operations for Blue Lane. "We emulate the behavior of a patch so you don't have to touch every server, although we're not replacing the patch itself," he says.

About two-thirds of the 150 IT executives recently surveyed by InformationWeek say their companies are implementing server virtualization. Deployments will only grow as Linux players ratchet up their support.

Red Hat has added the Xen open source hypervisor to its Enterprise Linux version 5, introduced last week. Also last week, Novell said that users of SAP NetWeaver and the mySAP Business Suite can implement instances of that software on virtual machines running on its SUSE Linux Enterprise Server 10, which ships with Xen. IBM has also contributed to virtualization security by developing an extension called sHype that ties security policies to virtual servers.

In a virtualized environment, IP addresses change as virtual machines are created, disbanded, or moved from one physical server to another. Because most security is designed to associate an IP address with a location, it becomes harder for firewalls and intrusion-prevention systems to recognize the need to protect virtual servers, says Andreas Antonopoulos, an analyst with Nemertes Research. "That's not a problem with virtualization; it's a problem with security," he adds.

FEAR OF INFECTION

Virtualization Security

Pros

Cons

>> Isolating virtual servers protects against buffer overflow attacks

>> Hypervisors permit a diversity of operating systems on same hardware

>> Little malware directed at hypervisors today

>> One infected virtual server can spread malware to others

>> Easier to create new servers that don't adhere to security policies

>> Timely patching more important than ever

A big concern for Paul Asadoorian, lead IT security engineer at Brown University, is the possibility that one compromised virtual machine could infect all VMs on a server. "So many people have their servers connected to a private network but still allow Web surfing from a virtual machine on that server," he says, a situation that defeats the purpose of closing a server off to the public network. One product, Reflex Security's Virtual Security Appliance, creates and enforces security policies between virtual servers and even virtual networks.

Virtual machines can, in fact, improve a system's security. When they're set up to run different applications within a host server, they can keep buffer overflow attacks from bringing down the entire server. That's because each virtual machine is allocated a certain amount of memory space and can't steal memory from an application running in another VM.

Virtualization also aids in disaster recovery by making IT environments more portable, says Burlington Coat Factory CTO Michael Prince. Another virtue of virtual server security is the ability to run multiple operating systems on the same server, creating a more diverse environment that can't be shut down by malware that targets Windows or Linux.

Blue Lane's VirtualShield buys companies time until they can patch the applications and operating systems on their virtual servers. It may not solve all of virtualization's security challenges, but it's a step in the right direction.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2019 State of DevOps
2019 State of DevOps
DevOps is needed in today's business environment, where improved application security is essential and users demand more applications, services, and features fast. We sought to see where DevOps adoption and deployment stand, this report summarizes our survey findings. Find out what the survey revealed today.
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
How to Convince Wary Customers to Share Personal Information
John Edwards, Technology Journalist & Author,  6/17/2019
Commentary
The Art and Science of Robot Wrangling in the AI Era
Guest Commentary, Guest Commentary,  6/11/2019
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll