With virtualization technologies becoming pervasive in the data center, SunGard Availability Services outlined five essential steps for addressing virtualization security challenges:
- Include security in total cost of ownership calculations
- Make security a priority in the virtualization design phase
- Monitor the invisible network
- Control portable storage
- Stay current on virtualization security research.
The steps reflect the strategic belief that information security must be integral to the assessment, design and implementation phases of virtualized environments to protect data assets and meet compliance requirements. With many organizations focusing on virtualization benefits, they must also examine core risks before it is too late – meaning security needs to be built in from the start.
SunGard recommends including the following steps when planning security as organizations look to implement virtualization technologies:
Include security in total cost of ownership calculations. A top driver when considering virtualization is cost savings achieved through improving server utilization and server consolidation in the data center – savings based on hardware, data center footprint, and provisioning cost reductions. Security needs to be factored into these calculations to provide a complete picture. For example, virtual appliances that provide monitoring, intrusion detection, patch validation and tracking, and other security services may need to be installed on each physical platform. This can reduce the number of virtual servers supported per physical host, impacting ROI.
Make security a priority in the virtualization design phase. Organizations need to monitor security metrics along with performance within the virtual world – requiring intelligent choices to be made in isolating applications and systems. For example, isolating credit card information to a single virtual environment can greatly reduce the PCI compliance footprint for e-commerce merchants. However, placing the Internet-facing Web server that takes credit card information on the same physical host as the application server checking inventory and the database managing order tracking increases the risk of data compromise.
Monitor the invisible network. While a physical server environment passes data traffic across a physical network that can be monitored, a virtual server connects to a virtual network – making it difficult to monitor and protect data in transit between virtual machines. This is driving proven solutions in the physical world, such as intrusion detection and sniffers, to be adapted for virtual environments. Other solutions on the horizon include increased monitoring at the hypervisor level, virtual patch management and tools to conduct security investigations on virtualized systems.
Control portable storage. Controlling the use of personal data storage devices has never been more important than in a virtualized environment. Virtualization is an excellent technology to enhance recovery due to the portable nature and size of virtual server images. Organizations can copy their system images to a hard drive and bring them to a recovery site, connect them to the replicated data, and be hours ahead on their recovery timeline. However, USB flash drives, secure digital cards, and iPods can provide gigabytes of portable storage to any user – suitable to copy a few server images and walk out the door. Having a management solution for these devices is necessary to protect sensitive, personally identifiable and proprietary business information typically present in a server image.
Stay current on virtualization security research. At the 2008 DEFCON conference, a leading security researcher demonstrated multiple ways to compromise hypervisors, which in turn compromise the virtual hosts, exposing corporate assets such as credit card information, salaries and benefits, and proprietary business strategies and research. Keep in mind these potential attacks are only the tip of the iceberg and organizations need to stay current to deploy appropriate countermeasures and, in some cases, other controls to address a problem for which there is no current solution.