Feeds

The double-edged sword of virtualisation security

Are you feeling security benefits?

  • alert
  • submit to reddit

Security for virtualized datacentres

Lab A quick search will provide ample warnings of the risks of adding virtualisation technology to the business IT mix without due care and consideration to security.

Whether such risks are inherent in the use of virtualisation technology itself, or arise when standard security practices are not extended to include virtual environments doesn’t really matter, because one should not exclude the other anyway.

So there is plenty out there on the risks, which we should ignore at our peril. But what of the benefits? The double-edged sword can apply in a positive sense to the additional layer introduced by the hypervisor: while what security people like to call the attack surface is increased in principle, correctly configured, it is one more thing the bad guys have to get through before they can get to the crunchy bit of data in the middle.

Meanwhile, if attack surface is your thing, the reduced footprint afforded by consolidating multiple virtual machines onto fewer servers does indeed reduce complexity and make things easier to secure in a physical sense. Sure, it might be putting all your eggs in one basket, but at least the basket can be locked away.

Much of security (if not all of security) is about risk management, so it is important we consider benefits beyond the, "is it secure/insecure" debate. Here’s some examples of where virtualisation can help reduce risk levels inherent in IT delivery:

• Operationally, a useful benefit of virtualisation is the improvement in patching capabilities afforded by a virtualised environment. Centralised patching of VMs can, in principle, be executed with less time and effort than in the physical world. It’s not quite *that* simple of course, as you will need to ensure that all VMs are online / active to be patched.

• Moving into the desktop realm – a source of much frustration for IT departments – the ability to centrally manage provisioning and software updates has a role to play in security, for example as a corrupt desktop image can easily be switched out and replaced with a clean one from the master image.

• A degree of protection is also afforded to portable devices. One of the options for protecting company data on ‘work and home’ kit is to separate the two using virtualisation technology. Taking things a step further and encrypting the ‘workVM’ means not only is there a degree of separation, but privacy can also be assured, particularly if the device is lost or damaged. The future will likely see virtual machine encryption playing more of a role, whether within the data centre or on mobile devices. Regulation may simply make this a prerequisite in certain industries.

There is nothing to say that a virtualised environment will be inherently more secure than a non-virtualised environment: from your feedback we’re picking up as many challenges as advantages. It stands to reason however that the benefits touched on here will be gained through a combination of good management, planning and design, and organisations won’t magically become good at this simply because virtualisation technology happens to be in the mix.

As we roll down the virtual road, it will be interesting in the extreme to see whether perceptions and experiences polarize further – from those who have harnessed virtualisation and managed the inherent risks, or those who become overcome by complexity. If you’re seeing clear roads ahead or are already hitting the potholes, we’d appreciate hearing about your experiences. ®

Website security in corporate America

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
'People have forgotten just how late the first iPhone arrived ...'
Plus: 'Google's IDEALISM is an injudicious justification for inappropriate biz practices'
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.