As data centre virtualisation reaches new levels of adoption, there is a growing need among New Zealand businesses for security solutions that can address this new reality of expanding virtualisation and the security challenges that it presents. It is estimated that more than 16% of workloads are already running on virtual machines (VMs) and this number is expected to grow to 50% by 2012 (Gartner, October 2009). Clearly virtualisation is moving to the mainstream and may soon be overtaking non-virtualised environments as a method for deploying applications.
According to a January 2010 Phenom Institute report, the top reasons for customers to move to virtual servers for their applications are:
• To cut costs via server consolidation (81%);
• To improve disaster recovery (DR) and backup plans (63%);
• To provision computing resources to end users more quickly (55%);
• To offer more flexibility to the business (53%);
• To provide competitive advantage (13%).
Addressing virtualisation security challenges
Recognising these trends for the broad adoption of virtualisation raises the question: will moving to virtualisation make security for the network easier or more difficult to achieve?
In a recent report conducted by Applied Research (2010 State of Enterprise Security Survey – Global Data), some 2,100 of the top IT and security managers were surveyed about their opinions regarding this question. The results reflected a definite lack of consensus. The report showed that one third of the group thought virtualisation and cloud computing make security "harder”, while another third said it was "more or less the same”, and the remainder said it was "easier”.
The results seem to indicate that some organisations are either in the process of defining policy for virtual environments, or have chosen to postpone that effort until a later date. Perhaps, as a result of this failure to tackle the security question when deploying virtualised servers, there are some experts who believe that the majority of virtual deployments may be less secure than physical deployments.
Neal MacDonald, of Gartner Group, has estimated that "60% of virtualised servers will be less secure than the physical servers they replace”.
Understanding security hype
While there are real challenges to deploying applications securely in a virtual environment, there is also a fair amount of hype surrounding the topic. Potential attack scenarios that are being discussed, but are unlikely to be encountered with any frequency, include:
Hyper-jacking: Attacks targeted at subverting or layering a rogue hypervisor on a virtual server.
VM Escape: An exploit that enables a hacker to move from within a VM to the hypervisor.
VM Hopping: An instance in which one VM is able to gain access to another VM.
VM Theft: Unauthorised acquisition of a file containing VM.
VM Sprawl: The proliferation of virtualised server workloads.
Evaluating virtualisation security
The virtualisation environment is not inherently insecure. However, some virtualised workloads today are being deployed in an insecure manner. This is a result of the immaturity of virtualisation security tools and processes, and limited security training of staff, resellers, and consultants associated with virtualisation. A key factor to consider when approaching virtualisation security is that the hypervisor becomes a high-value target of attack because of its control over the entire virtual environment, presenting the following risks:
• A hypervisor attack could allow unauthorised access to all hosted workloads;
• A hypervisor Denial of Service (DoS) attack could cascade to all hosted workloads;
• Increasing third-party integrations can expand the attack surface;
• Incorrect or unauthorised configurations may magnify risk exposure;
• Organisations may have to immediately implement untested vulnerability patches or leave at risk a system with an exposed critical vulnerability;
• Hypervisors must be considered mission critical and secured appropriately, much like operating systems, and require security because of the risks to the system and applications.
Provisioning and management of virtual switches may also present some unique security challenges. In most cases, these functions are performed by those who manage the applications within an organisation – the operations and server teams.
Since much of this activity is out of the control and view of the networking and security teams, it often results in a situation where there is little or no integration with standard security controls or security tools. This contributes to an overall lack of visibility, added difficulty in detecting topology and making configuration changes, and the absence of configuring auditing that would be common practice in the physical network.
Implementing trust zones
For the physical network, organisations are used to setting up segmented areas or trust zones, to keep applications and associated data with different levels of sensitivity and user permissions from one another. In the virtual environment, workloads of different trust levels may operate on the same physical server or vSwitch, so they do not follow the physical standards for zone separation.
The virtual machines need their own efficient zone definitions and policies to be adequately protected, but the distributed vSwitch increases the risk of incorrect or unauthorised virtual machine configurations. Therefore, the ability to maintain trust zone definition through the workload lifecycle, as well as the auditing of zones to make sure that they have workload compliance, is very important.
Tackling the security challenge
As organisations move more of their production workloads and mission-critical assets to a virtualised infrastructure, addressing security is increasingly important. Virtualisation brings a range of distinct challenges, but with a fresh approach, new ways of managing security concerns, and tools and solutions to address the unique requirements of the virtualised data centre environment, these challenges can be managed to allow the organisation to benefit from virtualisation.