Virtualized Security Offers Challenges (But Not as Many as You Think)
Small and medium-sized businesses are beginning to find that virtualized network security isn't as different as physical network security as they thought. This makes cloud adoption simpler, but it also presents unique challenges.
Thu, March 07, 2013
CIO — Securing virtualized network resources may seem somewhat exotic on the surface, but the task isn't necessarily all that complicated. It may even have a familiar ring.
At dinCloud, a Los Angeles-based cloud service provider that offers hosted virtual desktops, servers and cloud storage, providing security for its small and medium-sized customers proved a fairly straightforward task.
"I just think it's blocking and tackling," dinCloud CTO Barry Weber says of virtualization security. "I don't think virtualization by itself creates a significant security issue. The only thing it adds is a layer of complexity; there are potential additional vulnerabilities. But the flip-side of that is there is still a ton of physical equipment—and that physical equipment and virtual equipment can be protected in very standard ways that are time-tested."
With that in mind, dinCloud deploys virtual firewalls from Vyatta (now a Broacde Communications Systems company). When a customer orders its first server, the initial step in creating a private cloud, dinCloud spins up a virtual firewall. Customers can then carve up their private IP address space however they wish.
The virtual firewalls also help bridge virtual and physical resources. "Most of our customers are hybrid customers," Weber explains. "They need not only a cloud environment, but connectivity to one or more on-premises locations."
Weber says Vyatta helps dinCloud offer different IPsec tunneling options, based on a customer's desired level of security and firewall parameters. Customers use the same parameters on the virtual side as they do with on-premises firewalls. The virtual firewalls also allow for the segmentation of multiple LANs within a private cloud, he says.
While the tunneling protects data in transit, dinCloud encrypts data at rest at the physical volume layer, Weber says. End-user authentication provides another layer of protection.
Weber, who joined dinCloud in January after running a cloud consulting firm, says security in the virtual cloud rivals what companies can do on-premises. "I've been inside a lot of companies who have struggled with security. Ultimately, they will end up with better security in the cloud than they ever would have implemented for themselves."
Virtualized Security as 'Drop-In Replacement' for Physical Tech
Security consultants suggest the relative ease with which dinCloud handles virtualized network security may prove the rule rather than the exception.
Paul Hill, senior consultant with Sudbury, Mass.-based SystemExperts, says organizations face much the same issues in a virtual setting as they do in a physical one. He says the security controls used in the physical world can work in virtual environment with very little need for adaptation: "It is generally a direct translation."