Infrastructure Virtualization Risks and Mitigations
The current best practice is to run one application (for example, a web server or database server) per physical server. While this is good for preventing unwanted interaction between applications and ensuring compatibility with the underlying operating system, it leaves much of the machine's computing capacity unused. As an organization's IT needs grow, more and more servers are added to accommodate new applications or increased workload. This proliferation of servers makes managing the data center more complex since IT needs to set up, monitor, and service a large amount of equipment. And, cost increases with each additional server purchased - not just in terms of the computer itself, but in the cost of supplying electricity and cooling to its ongoing operation.
Infrastructure virtualization is technology that allows multiple server instances to run on a single physical server. Using software called a hypervisor, multiple applications can be run on a single machine while still preventing them from conflicting with each another. Since more applications can be run per machine, we can reduce the number of machines in use, which will reduce power and cooling costs in the data center. With electricity alone accounting for 20% of the cost of operating a data center, consolidating servers has significant cost saving potential (Rasmussen). Additional benefits include faster setup, increased staff productivity, and the ability to run multiple operating systems (Coutinho).
Despite the many benefits of infrastructure virtualization, it is not without risk. In a recent survey, 33% of the IT professionals questioned reported that virtualization acutally makes security harder (Messmer). And, while virtual systems are anticipated to become more secure than physical servers five years from now, 60% of today’s virtual systems are less secure than the physical ones they replaced (Kaplan). The most important thing for IT managers to remember is that managing servers in a virtual environment is not the same as managing a traditional physical environment.
One of the most critical concerns in a virtualized environment is update and patch management. Since the hypervisor and the management software underpin all the virtual machines, any out-of-date or unpatched VM software can leave scores of servers vulnerable. In fact, some current malware can take advantage of virtual systems – 200K malicious programs targeted at virtual systems were identified as of November 2008 (Zetlin). If the hypervisor is compromised, all systems running on top of it would be vulnerable. For this reason, IT departments should treat their virtualization platforms as the most important in the data center (Brodkin). The patch management process for the hypervisor needs to be run in parallel with the existing process for the operating systems to ensure full platform security (Shackleford).
While the benefits are tempting, a virtualization program shouldn't be rolled out hastily. As with any project that alters an organization's IT architecture, a phased approach can mitigate implementation risk and allow the IT staff to learn the technology on a smaller scale first (Kaplan). Virtualizing smaller, non-critical applications first, such as print servers, can also reduce risk. And, not all applications may be candidates for virtualization - some organizations have decided that critical applications or data stores are too sensitive and will be left on standard physical servers (Mitchell).
40 percent of companies surveyed reported that they started their virtualization project without any involvement from the security department (Mitchell). In a rush to manage cost and increase responsiveness to the business, these IT departments put the organization's data at risk. Any virtualization project requires that security personnel be involved from the beginning. Bringing security into the fold early on keeps risk exposure down and can actually keep project costs low by avoiding the rework associated with adding security measures after the fact (Mitchell).
Maintaining adequate separation of duties (SoD) is critical for maintaining a secure IT environment and achieving regulatory compliance. In a non-virtualized world, maintaining SoD is easier and more straightforward as organizations already have SoD processes in place for adding new servers. Virtualization technology allows a single administrator to create and deploy servers. Experts recommend using a similar process for VM creation as what they would do for a physical server to ensure that all functions, such as administration, security, storage, and disaster recovery, are aware (Mitchell).
The ease at which new servers can be created and moved also highlights the need for staff oversight. A careless or malicious administrator could create new unlicensed, undocumented, unsecured servers or move VMs outside of the secure zone on demand (Mitchell). Regardless, proper policies and procedures need to be established in order to define what is an is not an acceptable way to manage VMs (Shackelford). Hytrust offers a logging application that can monitor and record this activity to ensure compliance with policy (Mitchell).
While virtualization is a good way to solve physical server over-abundance, virtual servers are so easy to create that they can proliferate and create management issues, as well. Each VM is a server that requires maintenance, such as virus scans and software updates. Creating VMs and then forgetting about them can lead to system vulnerabilities on the network (Brodkin). If creating a new VM is treated like buying a new physical machine, companies can avoid ending up with excess VMs. IT must also realize that managing virtual servers is not the same as managing physical servers. Some configurations and tasks may need to be done differently in a virtual environment. One company reports having to change its standard server virus scanning schedule since all VMs running scans concurrently eats up too much I/O capacity (Brodkin). Also, defining a consistent naming system to identify VMs is also a good idea - using messy or inconsistent naming conventions can lead to confusion (McLaughlin).
Sound network security practices are also critical for maintaining security in a virtualized environment. Isolating VMs into separate zones is a best practice for applying security policy and controlling access. Also, implementing VLANs and ensuring that routers and subnets are configured properly can regulate traffic between VMs (Mitchell). Virtual firewalls are not yet a mature product, but ones from companies such as Altor or Reflex Systems can also ensure compliance by regulating inter-VM traffic (Fogarty). In addition to securing and regulating traffic between VMs, companies should also ensure that traffic between VMs and the management tools is secure by using SSL and IPSec, and also by using role-based access control to limit access to the tools (Shackelford, Mitchell).
Traditional network monitoring tools are not always able to provide the same level of visibility into virtual servers as they can with physical ones. Traffic between VMs hosted on the same machine is handled by the hypervisor, meaning that it doesn't leave through the NIC (Shackleford). Using a monitoring tool such as Altor allows security personnel and administrators to monitor network traffic between VMs to maintain control and enforce policy (Altor). Gartner recommends that organizations require the same level of monitoring for virtual machines as for physical ones (Kaplan). Another potential risk here is that IT personnel will have to learn and use another set of tools, making administration more complex. To combat this, experts recommend using tools that can monitor both physical and virtual environments but this is not always possible given that this technology is still young and undergoing rapid development (Mitchell).
Despite their power and importance, hypervisors are relatively small applications - VMWare ESXi is only about 100MB compared to Windows 7 at about 5GB (Mitchell, Lowyat.net). One reason having such a lean application at this layer is that it provides a small surface to attack. However, some software applications such as, Trend Micro's Deep Security, are installed at the hypervisor layer, providing more opportunities for compromise (VMWare). While VMWare has a certification program for these types of applications, named VMSafe, experts recommend avoiding them altogether (Mitchell).
Virtualizing servers can help to reduce cost and improve IT efficiency by reducing the number of physical computers required to deliver the company's IT services. However, as with any other IT project, it carries significant security risk that must be actively managed throughout the project. The best ways to mitigate these risk are to involve the security department from the beginning, take a phased development approach, and develop policies that define how the organization will use this technology.
1. Brodkin, Jon. "Burning question: How can security risks be mitigated in virtualized systems?" Computerworld. N.p., n.d. Web. 15 Nov. 2010. <http://news.idg.no/cw/art.cfm?id=E3B6DE73-1A64-67EA-E4CD42C65CF77E6D>.
2. Coutinho, Nathan. "6 Tips to Better Small Business Server Virtualization." Small Business Computing. N.p., n.d. Web. 15 Nov. 2010. <http://www.smallbusinesscomputing.com/testdrive/article.php/3872826/6-Tips-to-Better-Small-Business-Server-Virtualization.htm>.
3. Fogarty, Kevin. "Server Virtualization: Top Five Security Concerns." CIO. N.p., n.d. Web. 15 Nov. 2010. <http://www.cio.com/article/492605/Server_Virtualization_Top_Five_Security_Concerns>.
4. Kaplan, Dan. "Gartner: Virtualization security will take time." SC Magazine US. N.p., n.d. Web. 15 Nov. 2010. <http://www.scmagazineus.com/gartner-virtualization-security-will-take-time/article/165932/>.
5. McLaughlin, Laurianne. "Top Ten Virtualization Risks Hiding in Your Company." CIO. N.p., n.d. Web. 15 Nov. 2010. <http://advice.cio.com/laurianne_mclaughlin/top_ten_virtualization_risks_hiding_in_your_company>.
6. Messmer, Ellen. "Security of virtualization, cloud computing divides IT and security pros." Network World. N.p., n.d. Web. 15 Nov. 2010. <http://www.networkworld.com/news/2010/022210-virtualization-cloud-security-debate.html>.
7. Mitchell, Robert L.. "The Scary Side of Virtualization." Computerworld. N.p., n.d. Web. 15 Nov. 2010. <http://www.computerworld.com/s/article/352141/The_Scary_Side_of_Virtualization?taxonomyId=17>.
8. Mitchell, Robert L.. "Hypervisor as virtualization's enforcer?" Computerworld. N.p., n.d. Web. 15 Nov. 2010. <http://www.computerworld.com/s/article/9179910/Hypervisor_as_virtualization_s_enforcer_>.
9. Rasmussen, Neil. "Determining Total Cost of Ownership for Data Center and Network Room Infrastructure" APC. N.p., n.d. 15 Nov. 2010. <http://www.apcmedia.com/salestools/CMRP-5T9PQG_R4_EN.pdf>.
10. Shackleford, Dave. "An introduction to virtualization security." Help Net Security. N.p., n.d. Web. 15 Nov. 2010. <http://www.net-security.org/article.php?id=1397>.
11. "Virtualization Security Monitoring | Altor Networks Virtual Security." Altor Networks. N.p., n.d. Web. 15 Nov. 2010. <http://www.altornetworks.com/products/monitoring/>.
12. "VMware VMsafe Security Technology Solutions for Virtual Infrastructures." VMware. N.p., n.d. Web. 15 Nov. 2010. <http://www.vmware.com/technical-resources/security/vmsafe/partner-solutions.html>.
13. "Windows 7 Fresh Installed Size." Lowyat.NET. N.p., n.d. Web. 15 Nov. 2010. <http://forum.lowyat.net/topic/967724>.
14. Zetlin, Minda. "The Downside to Virtualization: Security Risks." Inc Magazine. N.p., n.d. Web. 15 Nov. 2010. <http://technology.inc.com/security/articles/200904/virtualization.html>.