The challenge of securing virtualization operations

I have been very interested in virtualization security since early 2004 and it now seems like it has become a mainstream topic. Most of the focus however is on securing the technology of virtualization (the hypervisor) and providing virtualized security (usually as virtual appliances).

My focus nowadays is more on the operational impact of virtualized infrastructure and by extension the impact on security operations. After all, security controls (technology) are essential but without operational controls (people) they are not sufficient. So what is the operational impact of virtualization?

Virtualization technology is being applied across multiple IT silos: servers, applications, storage and networks. In every one of these domains, virtualization hides the physical infrastructure behind an abstraction layer and provides encapsulation of logical instances. When you’re looking for the root cause of a fault or a security alert you have to lift the veil and see behind the virtualization layer. This sounds a lot easier than it is in practice.

On top of the abstraction layer, virtual infrastructures are often very dynamic. Live migration technology (such as VMotion or XenMotion) allows virtual machines to move from host to host in near-real-time. On top of live migration there are other layered features like dynamic resource pools and high availability clusters. Together, these create an environment where virtual machines may move automatically to rebalance a load, reduce power consumption or in reaction to a hardware failure. Similar dynamic moves may be occurring in a virtual storage environment and (storage re-allocation) and in the network (load balancing, virtual LAN allocation). In a large virtual server pool this could create an almost constantly changing environment.

Furthermore, security operations must deal with an environment where servers come into existence and are decommissioned at an accelerated rate. Sine virtualization allows admins to virtually build, rack, run and decommission a server in a matter of minutes, the life cycle of a server becomes shorter. Servers evolve from being enduring and tangible to fleeting and ethereal. How do you troubleshoot or forensically analyze a server that only existed for a day? Where do you find its logs, its configuration?

Security operations in a virtual environment involve:

* Piercing the veil (correlating events above the abstraction layer with events below).

* Synchronizing timestamps globally.

* Collecting logs and configuration changes centrally.

* Tracking virtual machine identities independently of IP address.

* Tracking virtual machine life cycle and genealogy.

* Maintaining libraries of patched and hardened virtual machine images.

We have technology to deal with most of these problems and doubtless we will see startups emerge to address problems that are new and unique to this environment. Many of the challenges are only noticeable once virtualization technology has been adopted in production and deployed broadly in a data centre. They surely should be discussed at the early planning stages instead. The old management mantra is “you can’t manage what you don’t measure”. The mantra for security operations in a virtual environment is “you can’t secure it if you can’t even find it.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now