Server Virtualization Security Concerns

By Chris Whitener
published: Wednesday, August 26 2009

Server virtualization is fueling the transformation of today's data centers. The technology increases availability, reduces IT costs, and supports future business growth. It also enables organizations to better prepare for broader cloud and service-based computing opportunities. The need for increased computing efficiency, while lowering costs, has driven the rapid adoption of virtualization technologies.  

In an uncertain economy, server virtualization continues to grow. However, its rapid adoption inherently can cause disruptive qualities (i.e. overhauled infrastructure and delivery of a new model) changes the natural order of the data center and raises security issues.

It's critical for companies to secure their virtual server environments, particularly as virtualization adoption becomes more pervasive across servers, but also storage, operating systems, desktop and network resources. Here's a look at some of the top virtual server security concerns for organizations and how to better manage them, while preparing for virtualization's reach further into the data center.

Management, Responsibility and Policies

The overarching issue with managing virtualization is who is responsible for virtual resources. Unlike physical servers, which are the direct responsibility of administrators in whose physical domain they reside, the responsibility for virtual servers is often unclear. When it comes to virtualization, the following questions should be posed: Who is in charge, who should have access, and who should configure and secure these environments? Is it the business-unit, the server administrator, or a centralized master administrator?

When trying to address these questions, a simple rule to follow is to put the same controls on a critical virtual server that you would place on a physical server. For instance, if you would not give out the root password for your SAP server to anyone other than a master administrator, set the same rules for administering your virtual SAP server.

Deploying secure virtual solutions comes down to defining and managing policies across the new landscape. When confronting the issue of virtual security, IT administrators need to create the right policies to safely guard their systems. However, these policies must also be flexible enough to ensure that they don't prove too restrictive. IT managers need to question if all the benefits of server virtualization are being achieved with their current security policies. An ideal solution ensures that users retain control of their infrastructure by assuring virtualization is not bypassing existing security controls. This requires a much greater level of central approval and control.

Compliance

Compliance issues can arise as a set of virtual servers becomes an invisible network with few controls. This can be especially problematic for data center managers who aren't specifically tasked with monitoring all the minute interactions of the virtual machines (VMs) inside each host. As virtualization continues to move into the mainstream, there are a number of compliance mandates that will inevitably impact their use. For example, one of these compliance mandates is the Payment Card Industry Data Security Standard (PCI-DSS).

In retail, the regulation that defines credit card processing [PCI-DSS Requirement 2.2.1], calls for companies to "implement only one primary function per server." This leaves open a significant degree of interpretation. Some retailers may interpret this to be subject to only physical servers while others have limited it to strictly deployment of virtual servers. Due to this ambiguity in the standard, individual companies are applying different approaches to the use of virtualization for processing of credit card information. This creates business risk by exposing cardholder data and non-compliance with new industry mandates which must be managed. Using an experienced integrator solves this problem. That said, the PCI Security Standards Council recently reactivated a Special Interest Group (SIG) to offer clarity on some of the issues auditors and customers are facing in regards to virtualization. The group is expected to deliver a first round of recommendations before the end of 2009.

In dealing with compliance issues for server virtualization, companies need to understand their risk. Establishing a secure audit trail as proof for compliance for internal and external auditors, with real-time alerts and process alignment remains a priority for virtual environments. If a company has a realistic handle on its risk, it is easier to address auditor concerns and ensure that any issues are fixed.

VM's are popular as they allow organizations to maintain legacy services, operating systems (OSs) and applications while still moving forward with data center optimization efforts. Yet, without a clear plan to manage the process of moving off those legacy systems, risks remain and may create a significant new security risk to the business. There is an assumption that the security used in the legacy systems provides the same protection in a virtualized environment. It is not safe for companies to presume this as the security systems might not work in the same way, leaving companies open to security breaches that they assumed were secured.

Securing and Monitoring Virtualization

A critical challenge of moving server virtualization into production environments is securing and monitoring platforms to address security gaps. Unlike the OS/applications running on bare metal, VMs running inside a virtualization platform are moving parts of the system. VM administrators can copy and move VM images from one server to another, taking the full content of that VM, OS and supported applications along in the transfer. IT also has the ability to pause, copy and move VMs in a running state from one system to another.

This flexibility, of course, can also open up gaps in security. As virtual machines frequently come on- and off-line or move from server to server as needs shift, security controls need to mirror those activities. Also, as VMs migrate from one server to another, they may open the door for threats and attacks to spread undetected by traditional firewalls. An ideal way to deal with such security gaps is to leverage advanced log event management technology. This allows companies to monitor various virtualization infrastructure components to detect what is happening inside the virtualization platform. This would include monitoring specific events, failed logins and other actions that can be deemed policy violations. It also enables organizations to understand what privileged users are doing to individual virtual machines in a detailed fashion.

Additional concerns arise due to the fact that VMs are more transient than traditional systems in terms of setup and uptime. This creates several risk scenarios in which VMs are less likely to be online for security scans, upgrades and patches. When things go wrong, identifying root cause is also more difficult as VMs come and go, or snapshots and checkpoints are rolled back over time. It is critical that organizations deploy software management solutions available today to manage both offline VMs and physical servers to avoid these security issues.

Since more VMs can exist in a data center than physical servers, securing them against a virus outbreak is sometimes complex. With more VMs, viruses are able to spread exponentially, attacking more servers than in a purely physical server environment. Traditional network management tools can't "see" VM-to-VM traffic. To assist in this situation, pools of VMs on different physical machines need to be interconnected on their own private network with full access to security features such as mutual authentication and encryption.

VM images are contained in files. As a result, there is increased risk due to the ease in which these files can be replicated. Several options are available to manage this particular issue. Confidential data should not be easily accessible in the VM image itself. At a minimum, it is important for companies to encrypt this data or store it in a separate storage location (this can be virtualized or physical). Also, enforcing a VM image from the network enables greater control by ensuring minimal access to those images and adding authentication.

VM Sprawl and Motion

Many companies are becoming increasingly concerned with VM sprawl. In addition to increased management complexity and rising data center costs, there is a growing concern of a lack of controls available to keep business unit managers from spawning off new servers on their own. Adding to this concern is that these new servers may have been created without ensuring they are properly managed and secure.

A critical issue related to VM sprawl and the ease of movement of VM's across physical hardware is the suitability of the supporting environment. The main problem is that different VM workloads often have different environmental requirements regarding storage, compute and networking. Managing this risk requires clear association of VM workloads with groupings of appropriate elements, as well as ensuring that the required security posture is maintained.

When looking at software management solutions it is necessary for companies to evaluate their ability to support policy-based dynamic allocation of VM's to the appropriate environment. This is often called a "sandbox." Sandboxes are a security mechanism for separating running programs. They are often used to execute untested code or programs from unverified third-parties, suppliers or users. This secures an application in such a way that it prevents the application from writing outside of its sandbox and prevents viruses and other malicious activities invited into the system from doing damage.

It's also important to maintain an audit log of all related activities. A roaming snapshot of what is going on allows administrators to go back and verify, optimize and monitor user activity and access to maintain an accurate snapshot. By running compliance related applications in the same sandbox, separate from other more general applications, companies can decrease the risk of data leakage. This allows them to maintain an appropriate security posture and policy-based isolation of VM's based on traditional data classifications.

To reduce VM sprawl, companies should take the time to train administrators in virtual infrastructure development, management, and security. They require a clear understanding of virtualization technologies and its uniqueness from traditional IT infrastructure. IT staff must have the right tools to manage effectively, but they also need to be trained to correctly manage the new infrastructure.

Security Improvements

Organizations can continue to improve their security posture with some additional suggestions: 

• Decrease server downtime - VM's can be backed up while fully running, so make certain that your systems continue to run to ensure live backups. Recovery is quick if a system fails and administrators perform either live backups or timed snapshots. If recovery becomes necessary, the rollback is then as simple as reverting to the latest snapshot.
• Improve IT productivity - Companies can achieve increased security and manageability by utilizing an approved golden image that provides one desktop with various user profiles housed behind the firewall. In doing so, companies can significantly improve productivity that helps to improve IT operations, by ensuring that each VM used -- whether in development, test or production, is created from an approved golden image.
• Increase agility - In moving to an "everything as a service" model, companies can define and apply appropriate data classification and separation. This also enables companies to appropriately choose between private and public cloud solutions with more ease and confidence.  This is because virtualization allows for implementations that are more easily managed and deployed in a cloud environment by referencing Service Oriented Architectures.

As virtualization continues to fuel the evolution of the data center, it is crucial to adopt security practices, policies and solutions that extend beyond the physical boundaries and treat the virtual infrastructure with the same diligence. Understanding your company's security risk profile, and applying the appropriate levels of security allows your business to benefit significantly from virtual solutions, while setting the stage for further data center innovations. 

 

Chris Whitener is chief security strategist for HP and leads the company's enterprise security strategy. In this role, he manages the HP Security Office and sets the direction for HP's security and standards initiatives, in addition to coordinating product roadmap activities across all business units.

Two years ago, Whitener unveiled HP Secure Advantage, the company's security initiative and portfolio designed to help customers reduce cost, risk and complexity. He also serves as general manager of HP's Atalla Security Products, which pioneered the use of hardware-based security appliance products used to safeguard financial transactions worldwide. 

Previously, Whitener was vice president of engineering at Global Village communications, and then OneWorld Systems, both communications startups in networking and wireless products. Prior to that, he was manager and strategic director for all manageability and supportability products at Tandem Computers Inc.

Whitener has degrees in psychology and philosophy and completed post-graduate work in computer science at the University of North Carolina at Chapel Hill.