Securing Your Virtualized Data Center
Virtualization has become all the rage for companies interested in optimizing their servers and storage systems. This shift in data center architecture allows IT organizations to reduce operational costs and increase flexibility and responsiveness to changing business demands.
But in this rush to virtualize, security can fall by the wayside. And this lack of security is likely preventing many enterprises from experiencing the full benefits of this major network transformation.
Organizations must be mindful that virtual servers require different security measures. Traditional, static security measures such as firewalls, VLANs and other specialized security appliances simply don’t make the grade in this new world of virtualization, so enterprises have to seek out alternatives if they want to create the next generation data center.
Instead of rigid security walls, virtualized server environments need flexible virtual shields. Shields are dynamic. Shields can move with the servers they protect, so they can be brought quickly to the point of attack. And shields can be orchestrated ondemand by a management system.
To get a third-party perspective on the topic, Network Computing provides “Gartner: Virtualization Can Weaken Security,” which presents research that suggest that virtual servers will be less secure than physical servers through 2009.
According to the Dark Reading article “VMs Create Potential Risks,” there’s no guarantee that your security policies from physical servers will carry over to your virtual ones. The article looks closely at several of the biggest security risks and how to mitigate the threats to your systems. InformationWeek’s article “Virtualization’s Next Frontier: Security” elaborates on the pros and cons of virtualization security and some of the solutions currently on the market.
All of this may sound grim for enterprise IT departments, but there is a bright side. A number of vendors are addressing exactly this issue of security for virtual resources. As we see in Network Computing’s in-depth review, “A Look at Blue Lane VirtualShield,” there are products on the market that will eliminate malicious content from network traffic before it hits your virtual servers.
As you transition to a virtualized environment, turn to the Virtualization Security Playbook, brought to you by CMP Technology, AMD and Blue Lane, as your go-to resource for all the latest information about securing your most valuable IT assets against increasingly aggressive attacks.
Fritz Nelson
Senior Vice President
CMP Integrated Marketing Solutions
Gartner: Virtualization Can Weaken Security
Research firms says companies that adopt virtualization without having best practices in place run the risk of jeopardizing enterprise security
April 5, 2007
By Amy Larsen DeCarlo
Gartner will present research later this month that suggests that companies that hurry to implement virtualization technology without first implementing best practices for security may be in for trouble. The analyst firm said the combination of immature security tools for virtualized environments and the failure of companies to set and carry out appropriate policies to protect virtual machines (VMs) means that these virtual servers will be less secure than physical machines through 2009.
As is the case with any new technology that becomes an obvious target for security threats, Gartner said companies need to proceed with caution as they deploy VMs. The research firm suggested that too many businesses try to take the same approach to securing their virtual servers that they use to protect physical servers. This leaves VMs exposed to threats.
Gartner said effective security for virtualized environments ideally should begin before an organization even picks vendors or products.
Neil MacDonald, vice president and Gartner Fellow, will present Gartner’s findings at the Gartner Symposium/ITxpo 2007: Emerging Trends, being held in San Francisco from April 22nd to April 26th.
NWC Analysis
Let’s catalog Gartner’s observations first:
1. Virtualization software—such as hypervisors—represents a new layer of privileged software that will be attacked and must be protected.
2. The loss of separation of duties for administrative tasks, which can lead to a breakdown of defense in-depth.***
3. Patching, signature updates, and protection from tampering for offline VM and VM "appliance" images.
4. Patching and secure confirmation management of VM appliances where the underlying OS and configuration are not accessible.
5. Limited visibility into the host OS and virtual network to find vulnerabilities and assess correct configuration.
