Externalization is Key to Virtual Scalability
The trend toward operating in a virtual environment is led by its business benefits as virtual machines can operate over open systems, platforms and protocols, and are portable across systems. Implementing the appropriate security controls in a virtual environment must account for the dynamic nature of virtual machines (VM) themselves - while simultaneously overcompensating for the barrage of novel exploits that are sure to follow the new technology platform. As a result, the security complexities facing virtualized infrastructures can be easily overlooked - and potentially catastrophic.
Many companies don’t realize that the success of large scale virtualization efforts depends on the degree to which services required to operate the virtual machines can be externalized. As more services are included within a VM, the amount of management and maintenance required significantly increases for that machine. While small deployments may be able to manage the burden, large scale deployments often buckle under the pressure and fail.
In a physical server environment, a security approach is formed around the chipset, firmware, operating system, networking, application settings and the available external services. Typically, virtualization projects are designed for a particular application or departmental need and rarely tap into the broader services offered across the corporate network. As more and more of these virtual applications were designed and deployed, organizations recognized the scale that could be realized by tapping into the services available to the physical counterparts. As a result, virtualization design and deployment standards came into effect. Running on top of the existing hardware platform, these simple virtual machines embed their own operating system, file system, access controls, credential management, network interfaces, databases, application servers, web servers and more.
Analysts predict that as companies rush to benefit from virtual systems and applications, more than 60% of virtual machines deployed will be less secure than their physical counterparts. As virtualization becomes the standard against which all applications will be deployed, companies must be able to rationalize and normalize the services used by the virtual environment.
Driven by the potential cost reductions gained through server consolidation, the virtualization movement has delivered multiple benefits and proven deployments over the past few years. Yet without proper security planning, virtualization could come at a cost that greatly outweighs the potential savings. By proactively addressing these security concerns, companies can save a tremendous amount of administrative overhead and close several potential security gaps.
Authentication and Access Controls
Authentication and access control are the fundamental components of any security design. Knowing who, or what, is connecting to your system and what permissions they have is critical to secure the system and its data. With virtualization, several decisions need to be made to ensure that the appropriate controls are put into place:
