Why Virtualization Security?
Can’t My Existing Physical Security Protect Virtual Systems?
Physical security devices were not designed to protect the new virtual components architecture of virtualization. Such “traditional” security depends on physical devices deployed on the perimeter of the data center or on physical networks. These physical devices depend on network inspection and are thus blind to the significant security-related activity within virtual infrastructure, whose networks they cannot see.
Virtualization brings four significant changes to security:
- A new virtual network fabric, blind to physical security devices
- A new threat surface: the hypervisor
- An all-powerful virtual administrator, collapsing roles
- Machines becoming files, leading to mobility, rapid change and opportunity for theft
Each of these changes brings unique security challenges.
Security professionals need to recognize what is new and adapt their security practices to accommodate. If not, virtualization will pose a significant security risk. Indeed, in recognition of these changes, independent 3rd party standards bodies, such as PCI and NIST, have modified their own regulations. Their updated specifications acknowledge that without appropriate technology and training, virtualization and cloud systems will introduce significant security and compliance gaps. Such gaps include unprotected networks, access control failures, loss of change controls, new threat surfaces, breakdowns in separation of duties and escalation of privilege. Virtualization security addresses these potential gaps while also reducing cost and complexity.
|Security Impact||Vitualization Security|
|Collapse of Roles||Hypervisor APIs; Access Control Solutions|
|Invisible Networks||IDS/IPS, Firewalls on the inside|
|VM Change||NAC, config and change management, VI and Hypervisor APIs on the inside|
|New SuperOS||Hypervisor Monitoring and Audit|
Positive Impact of Virtualization On Security
While IT does need to update their own security practices and corporate governance in the face of virtualization, the net impact of virtualization on security can be extremely beneficial. Virtualization improves security by making it more fluid and context-aware. This means security is more accurate, easier to manage and less expensive to deploy than traditional physical security.
Security in a virtualized data center can also be more fully automated. Virtualization security gives data center administrators the power to automatically provision secure machines, automatically have security policies follow desktops when they move, automatically set up firewall rulesets for classes of servers and automatically quarantine compromised or out of compliance assets, amongst many examples.
With the right technology and processes, virtualization has the power to make data centers even more secure and compliant than their physical counterparts.