The stellar rise of virtualisation raises interesting and unique security challenges for most organisations. Not least amongst them is the notion that with virtualisation 'all the eggs are in one basket', as many guest workloads that require security may be located on a single host system. This means that if that single host system gets compromised, all the data within the guest operating environments potentially gets lost.
The benefit of a virtualised approach is that although there may be one single point of compromise - the host server - security measures only need to focus on that single host system. Growing up in Scotland gave me plenty of exposure to historic castles. Imagine you are building different walls to protect many different smallholdings. Moving all those environments to a single, large castle means that one can deploy different layers of stronger security at a lower cost and with easier management that maintaining many different fortifications.
For example, a single castle may have an outer wall, an inner wall, a moat, be strategically placed on the landscape and may even have a garrison of soldiers within to patrol the walls: far more security and much easier to protect than trying to defend individual farmhouses in the valley below. Detection of breaches also becomes an easier task. That’s why virtual environments can be made more secure than physical ones - there are more logical boundaries that can be defended than physical ones.
However, securing against intrusion or attack from outside is one thing. More common is attack from within the organisation. It is often accidental but can lead to data loss that is damaging to the business, and sometimes with a crippling effect. Therefore it is also worth considering security in business continuity terms: “What is the financial security of my business in the event of a major data loss?” This loss could be due to malicious intrusion but may be inadvertent deletion, hardware failure or a even natural disaster. Any security plan needs to take these scenarios into consideration.
Auditing and log management for virtualisation infrastructure
Any security plan should also have at least partial emphasis on reporting. In virtualised environments that may encompass intrusion detection systems and anti-malware reporting at the hypervisor level. Equally important is the ability to track changes in the virtual environment and look for patterns that may be indicative of malicious activity or offer signs that data loss may be imminent. In industries with strict regulatory and/or compliance requirements, organisations are well advised to use tools that provide tight administrative control. Audit logs provide forensic information if a breach has occurred.
Being able to identify who did what, where and when can be useful for recognising a guilty party but also provides insight when the security breach is inadvertent. This is not necessarily to apportion blame, but simply to ensure that any outage can be avoided in the future. Monitoring and alerting on the underlying virtual infrastructure might provide early warning signs of an outage, and steps can then be taken to avoid breaches in the future.
Consider the consequences of data loss
In most environments, the risk is less among the virtual machines and more with the basic security controls of the infrastructure itself as well as appropriate reporting and administration solutions.
Tools dedicated to virtualisation in virtual environments make it easier to implement multiple layers of security around one object: the host containing those sensitive guest workloads, rather than around many systems. The flexibility and capability of both virtualisation hypervisor technology and its supporting vendor ecosystems also allow to replicate entire guest workloads from host to host across geographies, and the best virtualisation-dedicated backup solutions allow recovery of individual data items and even entire virtual systems within minutes.
So when considering security for virtual environments take a step back and consider what the high-level goals are: to keep your data securely intact and prevent data loss in all its forms.