Organizations must be mindful that virtual servers require different security measures. Traditional, static security measures such as firewalls, VLANs and other specialized security appliances simply don’t make the grade in this new world of virtualization, so enterprises have to seek out alternatives if they want to create the next generation data center.
Instead of rigid security walls, virtualized server environments need flexible virtual shields. Shields are dynamic. Shields can move with the servers they protect, so they can be brought quickly to the point of attack. And shields can be orchestrated ondemand by a management system.
To get a third-party perspective on the topic, Network Computing provides “Gartner: Virtualization Can Weaken Security,” which presents research that suggest that virtual servers will be less secure than physical servers through 2009.
According to the Dark Reading article “VMs Create Potential Risks,” there’s no guarantee that your security policies from physical servers will carry over to your virtual ones. The article looks closely at several of the biggest security risks and how to mitigate the threats to your systems. InformationWeek’s article “Virtualization’s Next Frontier: Security” elaborates on the pros and cons of virtualization security and some of the solutions currently on the market.
All of this may sound grim for enterprise IT departments, but there is a bright side. A number of vendors are addressing exactly this issue of security for virtual resources. As we see in Network Computing’s in-depth review, “A Look at Blue Lane VirtualShield,” there are products on the market that will eliminate malicious content from network traffic before it hits your virtual servers.
As you transition to a virtualized environment, turn to the Virtualization Security Playbook, brought to you by CMP Technology, AMD and Blue Lane, as your go-to resource for all the latest information about securing your most valuable IT assets against increasingly aggressive attacks.
Gartner: Virtualization Can Weaken Security
April 5, 2007
By Amy Larsen DeCarlo
Gartner will present research later this month that suggests that companies that hurry to implement virtualization technology without first implementing best practices for security may be in for trouble. The analyst firm said the combination of immature security tools for virtualized environments and the failure of companies to set and carry out appropriate policies to protect virtual machines (VMs) means that these virtual servers will be less secure than physical machines through 2009.
As is the case with any new technology that becomes an obvious target for security threats, Gartner said companies need to proceed with caution as they deploy VMs. The research firm suggested that too many businesses try to take the same approach to securing their virtual servers that they use to protect physical servers. This leaves VMs exposed to threats.
Gartner said effective security for virtualized environments ideally should begin before an organization even picks vendors or products. Neil MacDonald, vice president and Gartner Fellow, will present Gartner’s findings at the Gartner Symposium/ITxpo 2007: Emerging Trends, being held in San Francisco from April 22nd to April 26th.
VMs Create Potential Risks
FEBRUARY 21, 2007
By Kelly Jackson Higgins
Those tens of thousands of virtual servers spawned from your thousands of physical ones offer no guarantee your security policies will carry over, and can leave you with a security time bomb ticking away in your data center, according to vendors and some experts.
“Virtualization is both an opportunity and a threat,” says Patrick Lin, senior director of product management for VMWare. “But one of the key things about hypervisors is their design is simpler than the modern operating system. As a result, they are simpler to harden and lock down, and there are not as many vulnerabilities.”
“On the flip side, it’s a new layer that’s another opportunity for attack,” he says. Hypervisors are programs that allow multiple operating systems to use the same hardware. But these programs can also breed complexity, and with complexity comes security problems.
Virtualization security solutions so far have been focused mostly on the hypervisor: IBM, for instance, recently unveiled SHype, a new secure hypervisor technology that ties security policies to virtual machines. IBM won’t give specifics on its internal plans for the technology, but it has provided some elements of SHype to the Xen Open Source Project.
