Story image

Virtualisation provides single point of defence.

01 Nov 12

The stellar rise of virtualisation raises interesting and unique security challenges for most organisations. Not least amongst them is the notion that with virtualisation 'all the eggs are in one basket', as many guest workloads that require security may be located on a single host system. This means that if that single host system gets compromised, all the data within the guest operating environments potentially gets lost.

The benefit of a virtualised approach is that although there may be one single point of compromise - the host server - security measures only need to focus on that single host system. Growing up in Scotland gave me plenty of exposure to historic castles. Imagine you are building different walls to protect many different smallholdings. Moving all those environments to a single, large castle means that one can deploy different layers of stronger security at a lower cost and with easier management that maintaining many different fortifications.

For example, a single castle may have an outer wall, an inner wall, a moat, be strategically placed on the landscape and may even have a garrison of soldiers within to patrol the walls: far more security and much easier to protect than trying to defend individual farmhouses in the valley below. Detection of breaches also becomes an easier task. That’s why virtual environments can be made more secure than physical ones - there are more logical boundaries that can be defended than physical ones.

However, securing against intrusion or attack from outside is one thing. More common is attack from within the organisation. It is often accidental but can lead to data loss that is damaging to the business, and sometimes with a crippling effect. Therefore it is also worth considering security in business continuity terms: “What is the financial security of my business in the event of a major data loss?” This loss could be due to malicious intrusion but may be inadvertent deletion, hardware failure or a even natural disaster. Any security plan needs to take these scenarios into consideration.

Auditing and log management for virtualisation infrastructure

Any security plan should also have at least partial emphasis on reporting. In virtualised environments that may encompass intrusion detection systems and anti-malware reporting at the hypervisor level. Equally important is the ability to track changes in the virtual environment and look for patterns that may be indicative of malicious activity or offer signs that data loss may be imminent. In industries with strict regulatory and/or compliance requirements, organisations are well advised to use tools that provide tight administrative control. Audit logs provide forensic information if a breach has occurred.

Being able to identify who did what, where and when can be useful for recognising a guilty party but also provides insight when the security breach is inadvertent. This is not necessarily to apportion blame, but simply to ensure that any outage can be avoided in the future. Monitoring and alerting on the underlying virtual infrastructure might provide early warning signs of an outage, and steps can then be taken to avoid breaches in the future.

Consider the consequences of data loss

In most environments, the risk is less among the virtual machines and more with the basic security controls of the infrastructure itself as well as appropriate reporting and administration solutions.

Tools dedicated to virtualisation in virtual environments make it easier to implement multiple layers of security around one object: the host containing those sensitive guest workloads, rather than around many systems. The flexibility and capability of both virtualisation hypervisor technology and its supporting vendor ecosystems also allow to replicate entire guest workloads from host to host across geographies, and the best virtualisation-dedicated backup solutions allow recovery of individual data items and even entire virtual systems within minutes.

So when considering security for virtual environments take a step back and consider what the high-level goals are: to keep your data securely intact and prevent data loss in all its forms.

MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Schneider Electric's bets for the 2019 data centre industry
From IT and telco merging to the renaissance of liquid cooling, here are the company's top predictions for the year ahead.
China to usurp Europe in becoming AI research world leader
A new study has found China is outpacing Europe and the US in terms of AI research output and growth.
Google says ‘circular economy’ needed for data centres
Google's Sustainability Officer believes major changes are critical in data centres to emulate the cyclical life of nature.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.