Virtual Security: Keeping the Spinning Plates Aloft

By Geoff Webb (Profile)

Share |

Tuesday, August 11th 2009

David Spathaky holds a unique place in history as a five-time world record holder for spinning plates. During a live television performance in 1996, he managed to keep 108 plates aloft and spinning merrily. So how do the challenges Mr. Spathaky faced with his 108 spinning plates compare to those faced by security professionals today? As far as ensuring their virtual environments are secure, there are five particular "spinning plates" of virtualization that security professionals must balance to prevent catastrophe.

#1: New versus Existing Technology to Support Virtualization Adoption

There is no doubt that the pace of virtualization adoption remains relentless. According to recent research from Ted Ritter at Nemertes Research, titled "Virtualization Security - Achieving Compliance for the Virtual Infrastructure," some 40 percent of application workload now resides in the virtual space; yet, virtual security technologies remain strangely absent from the corporate infrastructure. The same report shows that more than 70 percent have no plans to deploy these specialized virtualization security technologies in the near future.

Does this represent some form of mass complacency? Are enterprise security teams really so blasé about the risks to their virtual systems? Perhaps not. Instead, it seems they are far more pragmatic about security; rather than adopting a slew of new technologies, businesses are first leveraging their existing systems and applications prior to making new investments. As a result, they are finding that extending the existing security tools and practices to the virtual world is a pragmatic and cost effective approach, provided that they can be relied upon in the first place.

#2: Keeping Pace with Rate of New Threats

The need to ensure the confidentiality, integrity and availability of resources - especially data - has been the same since the ancient Greeks began using simple ciphers to encrypt military intelligence. The fact that data exists in a virtual world in no way lessens the pressure to secure it, but it does introduce many new challenges. In today's climate, the rate at which new threats develop and evolve is astounding, and such changes are increasingly difficult to navigate as a result. If the deployment of, and reliance upon, massive information technology infrastructure within business processes has accelerated this evolution of threat, then the growth of virtualization and cloud computing has the potential to mutate risks, threats and vulnerabilities beyond all recognition.

#3: A Vanishing Perimeter

There is the commonly cited aphorism regarding defense in-depth -that many layers of security are better than a single, perimeter defense. This makes perfect sense until you apply it to a world in which the infrastructure is changing so rapidly that there is no concept of "depth" at all. Layering security from firewall to DMZ to increasingly trusted zones all sounds sensible, but when all of the above reside within the same set of rapidly moving virtual structures, there is no meaningful perimeter.

Worse, in the presence of an all-powerful hypervisor, the software that manages and administers the virtual systems, the concepts of separation of duties and defense in-depth have even less meaning and are harder to enforce.

#4: Single Point of Failure