As you bring virtualisation into your IT infrastructure, you may have noticed a few security-related aspects that weren’t present in a purely physical ‘one-app-one-server’ environment.
First, of all, the virtual administrator (you or whoever) and the system hypervisor have significant new power over your population of servers. Secondly, ‘things’ exist at the virtualisation level that conventional monitoring at the physical level cannot detect.
Thirdly, files can skip blithely from one machine to another. In fact, the machines themselves have, logically speaking, become files. These things are reasons for implementing virtualisation in the first place – but they are also security weaknesses.
How should you handle these new challenges? Conventional agent-based based strategies may be either cost-inefficient or incomplete.
Even if you install anti-malware software for each virtual machine (which may be expensive), the time to download new signatures at server start-up may leave ‘instant-on’ virtual machines temporarily vulnerable. In addition, it does not address the potential security hole in the virtualisation hypervisor.
Plugging this gap is even more important in hosted virtualisation solutions that by default often have little or no hypervisor access controls.
Virtualisation implementations need to be tested to ensure that security events at all levels can be adequately monitored and alerts generated.
This includes the hypervisor and various guest operating systems that may be running, as well as the network communications between them. Access policies must be clear and appropriate.
Software updates must be checked regularly and frequently, for the hypervisor, host operating system, guest operating systems and applications.
And devices that leave the organisation’s virtualised environment must be properly ‘sanitised’ to make sure that all sensitive data is removed – a task that may be complicated by the fact that virtualisation leads to such data being potentially stored almost anywhere.