Security Management in a Virtual Environment

Mobile and handheld security are in demand, but the days of virtual security are not far away. Organizations worldwide are experimenting with virtualization technology, and most of these organizations will soon adopt the virtual environment. This point can easily be proved: at a recent RSA security conference held in San Francisco, one of the hot topics of discussion was virtual environment security. It is estimated that 40% of all the security software responsible for controlling data centers will be virtualized by 2015.

Security in virtual environments is entirely different from that in the physical world. There are times when intrusion prevention systems cannot be tuned well enough based on IP, MAC, or geography. Also, inside virtual environments, it is always a challenge to maintain the number of VMs (Virtual Machines) running and, secondly, to maintain the correct patch levels of every VM.

So before considering the jump toward virtualization, you should consider the following points:

1. Loading multiple copies of a security solution or a single copy

Even though we are talking about a virtual network, the concept of security solutions doesn’t change. Virtual environments make the best use of physical resources, but this doesn’t tell us how best to deploy the security solutions. For example, if 50 VMs are running on a server, having individual copies of antivirus software running on each system will bog down the server.

On the other hand, if only a single copy of the software is loaded at the server level, there will be obvious advantages of cost savings, processing time savings, etc., but will this approach be secure enough? So the same concern exists in the virtual world, just like in the physical world: security vs. efficiency. It is for the company or the organization to decide which security solution method best suits their needs.

2. Encryption for communication between VMs

Sometimes, multiple VMs are running on a single server in a virtualized environment. These VMs, in turn, are servers and clients of a single domain or application infrastructure that need to interact with each other. This raises the question of using plain text or encrypted text. If a single organization uses the whole server (collection of VMs), then the risks are small.

But if several different companies rent the cloud from a singer server, it becomes more essential to prevent information from being intercepted and misused. In this scenario, encryption is vital: without it, companies that are currently compliant with ISO standards can lose their compliance and certifications. Once again, each organization must weigh the pros and cons of using encryption.

3. Control over access to data

Access controls are applied to resources based on either a MAC address or IP address, or usernames in the physical world. However, these security policies are less effective in the virtual environment.

When VMs need to decide what resources are to be provided based on MAC and IP, there is the question of how to handle that in a Virtual Environment. The vigorous enforcement of security policies is critical, primarily when confidential data is used over an unsecured Wifi connection. VMs must enforce companies’ security policies just like in the physical world. The decision needs to be made in terms of the requested data and not regarding the IP or the MAC that is requesting the data.

4. Reading between the lines, or should we say links?

A virtual environment means virtual machines on top of a host operating system, whether a Citrix Xenserver, Hypervisor, or Microsoft Windows 2008. These can be attacked by VM-aware malware, and this problem is on the rise. A malware infection can occur via the internet, or VMs can infect each other internally once one VM is compromised. This is especially true when the VMs are configured to fail with the help of another link. So the question arises: is this other dedicated link protected enough?

Encryption and scanning are necessary to control the data communication between VMs through these channels.

The National Institute of Standards & Technology (NIST) has established guidelines on virtual environment security. Here is a summary of these guidelines:

  • Safety on the hypervisor should be as strong as those on the servers in the physical world
  • Procedures should be established for securely configuring VMs
  • The patch and vulnerability management systems of the physical world need to be extended to fit the virtual world