Virtualization boosts security threat

As IT managers increasingly turn to virtualization to reduce the number of servers they have to deal with, they may unknowingly also be increasing their security problems.

That’s because in a one-application/one-server environment, each server had its own firewall for protection. When multiple applications are crowded into one server, however, the potential for trouble from new attacks increases, especially if two applications within the virtualized environment talk to each other.

Unfortunately there are few virtual network firewalls on the market today to deal with this, says Ottawa-based Gartner analyst Greg Young. Nor will there be many more on the market 12 months from now. “Users are going to be challenged to find solutions in 2008,” says Young, a research vice-president who specializes in network security. “The choices are limited today.”

The potential problem, although only emerging now as the pace of virtualization picks up, is “significant,” he said; big enough that recently Young and two colleagues issued a warning to clients.

Young said the problem came to light when Gartner discovered that some of its customers, who in the past had good separation of their application layers, are now breaking their security rules due to virtualization.

It may be that in a particular data centre when applications were separated they didn’t talk to each other, but that could change once they are squeezed into a single environment, Young argues. And because network traffic between virtual machines isn’t visible, managers may not know about the problem. Isolating virtual machines doesn’t solve everything, he added. If traffic within the VM isn’t being monitored, the internal VM network could break down as a result of a simple misconfiguration.

There are software-based network firewalls that can reside in a dedicated virtual machine, Gartner notes, but they’re only able to enforce security policies between IP addresses they are configured to see.

One alternative, Young says, is to run traffic out of the virtual machine, through a hardware firewall and then back into the VM. But this would obviously slow network performance.

The lack of host-based firewalls from major enterprise firewall manufacturers has meant that small startups have an opportunity to make some ground, said Gartner.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now