4 Virtualization Security Basics to Watch

Virtualization security remains a moving target right now, as experts debate approaches and new technologies try to fill gaps. Here are 4 basics that remain important for IT.

By Kevin Fogarty
Wed, March 09, 2011
. What's this?

CIO — While mobile and smartphone security is the hot topic of the moment among virtualization security gurus, plenty of other virtualization security topics demand IT's attention right now. At the recent RSA Security Conference in San Francisco, the interest in virtualization security ran high  with good reason. Different IT departments are at different points on their virtualization journeys, of course, and some are still thinking about security in the old physical world terms, analysts say.

"There's still a lot of question about how to approach security on virtualized servers," says Phil Hochmuth, program manager for security products at IDC.

By 2012 half of all the workloads run in corporate data centers will run on virtualized platforms — whether virtual servers or cloud platforms; by 2015, 40 percent of the security software that controls inside corporate data centers will be fully virtualized, according to a November, 2010 report from Gartner.

Basic security tools such as intrusion protection don't work well with virtual machines because they're harder to define by geography, IP or MAC address, and it's hard for external software to see or filter communications between VMs on a single physical server, notes Neil MacDonald, VP and Gartner Fellow, who co-wrote the report.

With most tools, it's hard for IT to even know how many of the VMs on a particular server even have all their patches up to date, Hochmuth says.

Here are some virtualization security questions to consider when making plans for your environment:

1. Is a slow server is safe server?
Just as in physical servers, adding security software adds to the workload, eats resources and lowers performance. Virtualized servers make more efficient use of their resources than physical servers, but that doesn't mean it's obvious where and how to apply security.

"It sounds pretty basic, but there is a lot of disagreement about whether it's better to have agents inside every virtual machine to secure them, or if that's too much of a drain on resources and that having something that can watch a group of VMs is better," Hochmuth says.

Run an agent on each of the 30 VMs in a quad-processing server and you get overhead equal to running 30 copies of the security software — because that's what you're doing.

The other major alternative — running one piece of software on the physical server that can observe all the VMs and their operating systems — is more elegant in concept, but may not be as secure, or may not be all that efficient either.

Hochmuth recommends "a really pragmatic proof of concept" comparing the impact on performance of several vendors' products. Even if the test tells you nothing about how good the security is, "it will tell you which products bog down the particular workloads you're running more than you find acceptable," he says.

2. Should you even let the VMs talk to each other without encryption?
Virtualizing servers means more than just being able to cram several operating systems into one box; it means creating a network inside that box across which the VMs have to communicate with each other, applications running on other servers, and the Internet, according to Matt Sarrell, executive director of security test/analysis firm Sarrell Group.

Much of the drive toward encryption in virtual environments comes from organizations that need to be able to demonstrate a good chain of custody for data under HIPAA or other privacy regulations, according to Sarrell.

That same encryption can help lock the doors on malware that can infect a hypervisor or OS on which a VM runs in a data center, however, keeping the rest of the VMs safe even if one is compromised.

Encrypting data streaming to and from VMs running in either a public or private cloud can also reinforce the doors between your VMs and the neighbors' in public clouds, Hochmuth says.

"Shared-server public clouds are like living in an apartment building, so your security may depend on how safely your neighbors are acting," he says. "Encrypting your VMs and the data can make that situation a little more secure, but again, at a potential risk of a performance hit."

Continue Reading

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
White Papers »
Virtualizing the Client - The HP Way
HP VirtualSystem delivers best-in-class virtualization, with integrated software, services, infrastructure, and management - all delivered as one proven solution.

Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
Using HP's Converged Storage to Develop/Enhance Business Resiliency in VMware Environments
In this report, Enterprise Strategy Group reviews how HP's portfolio of hardware, software, and services can provide the foundational support for VMware environments. When it comes to business continuity, HP Converged Storage streamlines virtualization initiatives, accelerating realization of the business benefits that contribute to IT's ability to maintain high service levels and customer satisfaction.

Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
AlertBoot Case Study
When AlertBoot switched to the cloud it needed a load balancing solution that would support its migration and prevent as much downtime as possible. The company chose Riverbed® Stingray™ Traffic Manager to use while transitioning its infrastructure to an entirely virtualized environment. The move was a complete success, at one-third the cost of comparable hardware solutions.
Gilt Groupe Case Study
With over 5,000 requests per second during peak periods, online retailer Gilt Groupe could lose a large percentage of its daily profits in just 10 minutes of downtime. After choosing the Riverbed® Stingray™ Traffic Manager as its load balancing solution, visits to the site have increased thanks to improved customer satisfaction. Real-time traffic views and tracking also make it easy to strategize and plan for the future.
See Tickets Case Study
With 85 percent of its ticket sales made online, See Tickets needed a robust, secure, highly accessible website. The company chose the Riverbed® Stingray™ Traffic Manager to ensure that its site was always online and fast, even during extreme peaks in traffic. Now the company's valued customers receive optimal online service.
Triboo Case Study
Triboo specializes in managing e-commerce activities and performance marketing for many Italian companies. The company's website was struggling to support over 2 million page views and 45 million hits each day, so they turned to Riverbed® Stingray™ Traffic Manager. Now Triboo enjoys high website availability and scalability, and its customers enjoy an outstanding online experience.
Webcasts »
Virtualization Success is a Team Effort
As greater numbers of datacenter servers transition from the physical to the virtual world, the components of virtualization success come to the fore. What scores of organizations have discovered is that success is derived from an optimal pairing of the right software platform with the right hardware platform.
Virtualizing More While Improving Your Risk Posture - Industry Leaders Offer Definitive Choice to Cloud Security
Second in a three-part series discussing the "4 Must Haves" in virtualization security designed to help large organizations understand the challenges of securing virtualized environments while positioning themselves to take advantage of future IT and business opportunities.

Gain insights into next generation, virtualization-optimized solutions to help you drive:

+ Faster time-to-value from your security initiatives
+ Provide corporate with visibility and enable a state of continuous compliance
+ Reduce risk via automated configuration and policy-based access and enforcement engine
Today's NAS: A Solution Beyond Old Limits
Date: Tuesday, July 17, 2012 2:00 PM EDT

Traditional NAS systems don't scale beyond fixed limits. Proliferation of NAS systems leads to management challenges. Many organizations also use traditional block-based SAN solutions for transactional systems like databases and email. Having separate block and file storage also adds to management challenges.
Introduction to Virtualization
Have you been thinking about what it would take to start using virtualization? Or do you know the basics and want to find out more? No problem. This webcast is designed for anyone with little to no knowledge of virtualization technology. Attend this webcast to learn:

-A basic overview of the business value of the technology and some key capabilities that make virtualization so valuable to IT and the businesses you serve.
-The basics for creating virtual machines and the key choices that can be made along the route to deployment.
Capacity Management As You Know It Is Dead: How to Optimize Infrastructure Planning and Gain Control in Large-Scale Virtual & Cloud
Capacity management may not be dead yet, but with the adoption of private clouds it's barely recognizable. Join Andrew Hillier as he outlines best practices for gaining control over dynamic capacity supply and workload demand in large scale virtual and cloud infrastructure. Hear how leading Fortune 500 organizations increased agility, reduced risk and costs by optimizing infrastructure planning and management processes.
Virtualizing Disaster Recovery and Business Continuity
Disaster recovery is a form of insurance to protect your IT assets when a disaster strikes. Learn how to protect your business in this insightful webinar.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Virtualizing the Client - The HP Way

Using HP's Converged Storage to Develop/Enhance Business Resiliency in VMware Environments

AlertBoot Case Study

Gilt Groupe Case Study

See Tickets Case Study

Triboo Case Study

Riverbed Stingray Traffic Manager VA Performance on vSphere 4

Traffic Management vSphere Benchmarks on Cisco

Virtualization: Benefits, Challenges, and Solutions

CIO Magazine, Desktop Virtualization: The key to embracing the consumerization of IT

IDG Tech Dossier: Converged Storage ~ A Next Gen Virtualized Architecture

IDG Tech Dossier: Converged Storage ~ Utility Storage: The Ideal Platform for Virtual and Cloud Computing

SMBs Get Virtualization, Plus the Benefits of High Core Count Processors

Virtualized for Agility

The Accelerated SMB: Moving at the Speed of Virtualization

Nemertes Research PilotHouse Awards: Server for Virtualization

How Blade Centers Impact Data Center Management and Agility

Forrester on the Converged Infrastructure

A Comprehensive Framework for Securing Virtualized Data Centers

Dell 3-2-1 Reference Configurations: High-availability virtualization with Dell PowerEdge R515 servers
Sponsored Links

Master the cloud with the power of convergence from HP

Connect with IT leaders redefining mobility at the Enterprise Mobile Hub

Choose New and manage one device instead of 170

Choose New for 8x the firewall and NAT performance

Check out a smart way of mobilizing your business with enterprise-ready Samsung Mobile.

Redefine your data center with HP servers.

Enhance your business with Windstream IT Solutions. Speak to someone local.

BlackBerry® Mobile Fusion. Different mobile devices. One platform.

Click to see how Accenture has delivered high performance to clients

CYBERMARYLAND | Learn Why Maryland is the Epicenter for Cybersecurity

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Cognizant. Leading in Business, Application & Technology Services

Collaboration: driving better business outcomes

Gain cutting-edge insights at MIT in 2-5 day executive programs.

Complimentary Gartner Report on BYOD: Media Tablets & Beyond. View Now

Elevate storage agility and efficiency with HP 3PAR storage.

Choose New and slash the number of devices you manage

Customized information views & Twitter events at New Fulcrum Point

Splunk translates machine data into "aha" moments for IT and the business.

ManageEngine Desktop Central - Automate and Audit Your Desktop Management! Learn More...

Cloud Readiness Starts with Intel® Technology

High performance. Delivered. Click to see Accenture's client successes

Visit the Virtually There Learning Page to learn how to use virtualization to your competitive advantage.

Free: Hunter Muller's "The Transformational CIO."

Join us for an upcoming Microsoft 365 live online demo event.

Discover your easiest path to unified communications

Virtualizing Your Infrastructure Just Got Easier

Connect with global CIOs now at Enterprise CIO Forum

Resource Center
buy a link »
Ads by TechWords