Server Virtualization Security Concerns
Server virtualization is fueling the transformation of today's data centers. The technology increases availability, reduces IT costs, and supports future business growth. It also enables organizations to better prepare for broader cloud and service-based computing opportunities. The need for increased computing efficiency, while lowering costs, has driven the rapid adoption of virtualization technologies.
In an uncertain economy, server virtualization continues to grow. However, its rapid adoption inherently can cause disruptive qualities (i.e. overhauled infrastructure and delivery of a new model) changes the natural order of the data center and raises security issues.
It's critical for companies to secure their virtual server environments, particularly as virtualization adoption becomes more pervasive across servers, but also storage, operating systems, desktop and network resources. Here's a look at some of the top virtual server security concerns for organizations and how to better manage them, while preparing for virtualization's reach further into the data center.
Management, Responsibility and Policies
The overarching issue with managing virtualization is who is responsible for virtual resources. Unlike physical servers, which are the direct responsibility of administrators in whose physical domain they reside, the responsibility for virtual servers is often unclear. When it comes to virtualization, the following questions should be posed: Who is in charge, who should have access, and who should configure and secure these environments? Is it the business-unit, the server administrator, or a centralized master administrator?
When trying to address these questions, a simple rule to follow is to put the same controls on a critical virtual server that you would place on a physical server. For instance, if you would not give out the root password for your SAP server to anyone other than a master administrator, set the same rules for administering your virtual SAP server.
Deploying secure virtual solutions comes down to defining and managing policies across the new landscape. When confronting the issue of virtual security, IT administrators need to create the right policies to safely guard their systems. However, these policies must also be flexible enough to ensure that they don't prove too restrictive. IT managers need to question if all the benefits of server virtualization are being achieved with their current security policies. An ideal solution ensures that users retain control of their infrastructure by assuring virtualization is not bypassing existing security controls. This requires a much greater level of central approval and control.
Compliance issues can arise as a set of virtual servers becomes an invisible network with few controls. This can be especially problematic for data center managers who aren't specifically tasked with monitoring all the minute interactions of the virtual machines (VMs) inside each host. As virtualization continues to move into the mainstream, there are a number of compliance mandates that will inevitably impact their use. For example, one of these compliance mandates is the Payment Card Industry Data Security Standard (PCI-DSS).