Securing virtualized environments

IT departments are under immense pressure to deliver more functionality and capacity at a time when budgets are shrinking and costs are increasing. Mounting expenses from powering and cooling servers, coupled with the headache of managing the ever-expanding data center, make this a serious challenge. A traditional capital-expenditure approach to scalability is cost-prohibitive and simply not sustainable, which is causing a return to strategies for more centralized, integrated and, ultimately, business-friendly IT.

Virtualization is at the heart of this transformation. Through its ability to consolidate workloads and reduce the amount of time and energy IT spends purchasing, installing and maintaining racks of servers, virtualization allows organizations to meet expansion goals with fewer physical resources and reduced operational costs. Early adopters of the technology are also attaining additional returns on their investment through radically simplified systems management, data center automation and optimized server utilization. In short, both the expectations and benefits of virtualization are very real.

However, the ultimate success of virtualization extends beyond efficiency, performance and ease of use. It must be able to provide these benefits without compromising the overall security, reliability and availability of the IT infrastructure. Organizations already struggle to understand how best to stay ahead of today’s threats and address an endless array of compliance requirements. Whenever a new technology is introduced into the operating environment – especially one as profoundly game-changing as virtualization – this problem is exacerbated.

Virtualization introduces additional technical and operational components, capabilities, and responsibilities with the potential to create new security challenges. Initial concerns tend to focus on physical-to-virtual migrations, protection of the virtualization management stack, and visibility of virtual networks. However, as virtual data centers become more complex and dynamic, additional worries regarding workload isolation, multi-tenancy, mobility, virtual machine sprawl and trust relationships begin to surface. The result is a situation where the cost and complexity of maintaining security in a virtualized environment, or even worse – a breach due to the lack of appropriate protection capabilities, can outweigh the benefits of this exciting technology.

Negatively impacting security is never the intention of those deploying virtualization, but the potential readily exists. The reason for this is simple. Many characteristics and attributes of virtualization have inadvertent, yet influential, consequences on security. Even the most basic features greatly impact the day-to-day security responsibilities and processes used to achieve and maintain compliance. Physical servers and other computer resources are heavily shared; barriers between virtual machines are logical; and workloads can move around the data center in real-time. Understandably, people, processes and technology must adapt. To do so, administrators must fully understand the new risks and security challenges, some of which include the following:

In order to safely consolidate servers and allow a single physical server to host multiple virtual machines, virtualization uses logical isolation to provide the illusion of physical independence. No longer able to verify that machines are separated by network cables and other physical objects, IT must rely on the hypervisor and other software-based components to provide these assurances. This may not be a concern for simple consolidation within a small organizational unit, but it becomes increasingly important when workloads from users of different trust levels share the same hardware. To properly protect sensitive assets, administrators must pay special attention to configuration settings that impact virtual machine and network isolation, and monitor the entire infrastructure for changes resulting in leakage of sensitive data.

Server lifecycle and change management
Patch management and change management are vital to keeping operations running smoothly and safely. In fact, this is so important that many IT organizations have built an exact science around server maintenance, and spend a great deal of time and money executing it. Virtualization adds to this complexity by changing the rules of the game. Servers are no longer constantly running, virtual machines can be stopped, started, paused, and even rolled back to a previous state. The speed that machines are configured and deployed also increases. What used to take hours, now takes seconds. The result is a highly dynamic environment where machines can be quickly and easily introduced into the data center with little oversight and security flaws can be ignored or reintroduced based on virtual machine state. Security professionals must keep an eye on what virtual machines are being deployed, those that are currently running, when they were last patched, and who owns them.

Virtual machine mobility
Virtual machines have the ability to automatically move themselves and their resources to an alternate location. This capability, while highly desirable, can also create problems. In a traditional data center, the location of a server is static. It’s easy to identify the building, room and rack where they are stored. In a virtualized data center, this is not the case. Virtual machines may be spread across multiple physical servers as part of a resource pool, making them difficult to locate at any point in time. If configured for mobility, the virtual machine may dynamically move to another physical server, either automatically as part of a disaster preparedness plan or in response to a performance threshold. This aspect of virtualization adds flexibility, time and cost savings to the data center, but also introduces security concerns. Static policies and security technologies designed for traditional servers and networks may become easily confused. Security products must be able to operate intelligently across multiple physical and virtual environments, as well as become infrastructure-aware through integration of platform and management APIs. This allows administrators to accurately enforce policy and provide assurances over virtual machines, especially as they move around.

Virtual network security
Networks and servers are no longer two separate, distinct layers of the data center. Virtualization allows for the creation of sophisticated network environments, completely virtualized within the confines of the server itself. These virtual networks facilitate communications for virtual machines within the server and share many of the same features used by physical switches and other traditional networking gear. A physical port in the data center that used to represent a single server now represents tens or hundreds of virtual servers and drastically affects how we secure data center networks. Network traffic between virtual machines within the same physical server does not exit the machine and is not inspected by traditional network security appliances located on the physical network. These blind spots, especially between virtual machines of varying trust levels, should be properly protected with additional layers of defense running within the virtual infrastructure.

Separation of operational duties
Separation of duties and the policy of least privilege are important security principals used to limit the capabilities of IT administrators as they manage resources and perform routine tasks. Server management is usually handled by the server administrator, network management by the network administrator, while security professionals work with both teams and handle their own specific tasks. Virtualization has changed the natural boundaries between these responsibilities. Both server and network tasks can be managed from a single virtualization management console, which introduces new operational challenges that must be overcome. Organizations must clearly define proper identity and access management policies, allowing administrations and security professionals to properly maintain and secure the virtual environment without granting excessive authority to those who do not require it.

Additional layers of software
As virtualization is introduced into the data center, so are additional lines of code that make up the software needed to implement it – from the management consoles that control virtual machines to the hypervisors that provide the foundation for the technology itself. As such, the number of disclosed vulnerabilities related to virtualization software has risen significantly, with an overwhelming majority of these attributed to the popularity, accessibility and relative immaturity of x86 virtualization. Many disclosures can be attributed to third-party code packaged with the virtualization software stack. As such, vendors are taking measures to reduce the footprint of their software and dependency on uncontrolled code. However, it goes without saying that fault-free code is largely unattainable, especially as vendors integrate complex features into their platforms. Organizations should treat virtualization as they would any critical application and apply proper defenses to stay ahead of these threats.

No doubt about it, virtualization changes how we run, manage and store our applications and data. Moreover, the rate of change is happening faster than caution typically allows. Organizations migrating to virtualized environments need to “buckle up” now. They can do so by assessing the unique security challenges introduced by virtualization and confronting them with repeatable, measurable planning processes and solutions to manage new risks.

By planning for security up front and taking the time to understand how to properly integrate, deploy and manage security in these new environments, organizations can spare themselves from the pain of future security breaches, compliance violations and the costs of introducing security after the fact. This allows them to better understand and prioritize today’s risks, as well as build a strong security foundation that positions them to reap the full rewards of virtualization moving forward.