All Your Servers Are Belong To Us
BY ADAM POWERS
From IT consumerisation to user mobility, corporate network and security teams have had their fair share of challenges to deal with over the past few years. These trends have created what is often referred to as the ‘vanishing perimeter’. reducing the efficiency of traditional defences, such as proxy servers, firewalls and IDS/IPS.
The ‘next big thing’ that IT teams will need to face from a network performance and security perspective is virtualization. If it has not happened already, enterprise IT teams of all sizes across various industries will soon be asked to move their infrastructure to the cloud.
According to some analysts, by 2013, the cloud market will be at $150 billion, and 60 percent of server workloads will be virtualized, one-fifth of all businesses will own absolutely no IT assets by next year.
The myriad benefits of virtualization have made it all but irresistible to IT executives. These include: lower hardware maintenance and energy costs
recovered data center floor space; higher availability; better utilisation of resources
reduced disaster recovery costs; faster and more efficient technology deployments
increased flexibility for development and testing environments.
Virtualization also makes it easy to move applications from one server to another to accommodate increased or decreased load.
However, moving technology to the cloud also results in a whole new set of security and network management challenges. First of all, since virtualization is a fairly new phenomenon, most IT professionals still have a lot to learn about the best practices and pitfalls associated with running a business in a virtual environment. Due to the complexity of the virtualized infrastructure, IT administrators may be happy enough with just getting technologies to work properly, and may opt to leave them alone once deployed instead of introducing security technologies that may interrupt their functionality.
Unfortunately, many traditional security technologies do interrupt the functionality of virtual technologies and do not provide adequate protection for virtual environments.
The virtual world often does not benefit from many of the tried and true security best practices used in the traditional data centre. Many security technologies involve too much overhead and impact to virtual servers to feasibly deploy.
Virtualization diminishes network visibility, as virtual-machine-to-virtual-machine (VM2VM) communications cannot be monitored by traditional network and security devices. Without visibility into virtual environments, companies open themselves up to a plethora of risks including cyber attacks, data loss, compliance and privacy issues and drops in productivity.
Without knowing what is happening on the virtual network, organisations are unable to detect when employees are accessing applications or visiting web sites that might lead to a security compromise or a drain on network performance. This lack of oversight complicates problem identification and resolution, could potentially erase cost savings associated with virtual environments in the first place.
To maintain a high-performance, secure infrastructure, organisations must manage and protect their virtual environments the same way as their physical networks. IT teams should be able to take actions such as the following at any given time:
– identify when a virtual server is behaving in a manner inconsistent with its normal pattern of behavior.
– determine services consumed or served by each virtual machine (VM)
– track and identify network events that trigger VMotion (the migration of virtual machines from one physical server to another)
– baseline the virtual network to better understand traffic patterns and anomalous traffi
– discover misconfigured firewalls
There are technologies that can assist with these issues. Some of these measure flow data from existing routers and switches to provide in-depth visibility into what is going on across an organisation’s entire network, down to the exact user and application.
Another security concern with virtualisation is that in the virtual environment, resources are shared between both critical and non-critical applications. Therefore, if one VM is compromised, the perpetrator could potentially also gain access to other, more critical virtual machine resources.
Maintaining complete visibility into all virtual machine assets is key to monitoring and validating interactions occurring across the virtual backplane.
Virtualization has also quickly led to another issue referred to as ‘VM sprawl’ In a physical environment, servers take up rack-space and power, and thus it is easy to notice when data centre resources become out of control. However, in a virtualized data center, servers are hidden from view and the administrator does not get the same sense of urgency to curb their growth. Cable management, power and rack space availability are less of an issue. The fact of the matter is that it’s easier to set up a new virtual server than to take one down. Old VMs eventually fall out of patch levels and day-to-day management. As old virtual servers and applications are forgotten, organizations increase the attack surface for their data center.
Top 5 best practises
Here are some best practices for addressing these issues and getting the most out of your virtualized infrastructure:
1. Do not embark on any virtualization projects without incorporating security and training from the start. Prior planning will help alleviate issues with learning curves and the lack of motivation to secure virtual machines once they have already been deployed.
2. When selecting security vendors for your virtual deployments, be sure to ask what types of special functionality they have incorporated into their products for virtual environments. If the answer is “none” or “we’re researching that,” then move on. Also be sure to ask what type of impact their technology will have on the performance of your virtual servers.
3 .Investigate technologies such as flow-based monitoring that will help you regain the network visibility lost when virtualizing infrastructure. These solutions can detect and address a multitude of network and security issues including configuration problems, inefficiencies in resource allocation, and security and policy violations.
4. Segment your virtual assets using technologies such as VLANs and trunking to ensure that virtual machines of a sensitive or high-risk nature are not able to communicate with other VMs. Also be sure to limit user access to only those resources absolutely required to perform a job function. Additionally, technologies such as the Cisco Virtual Security Gateway are making the creation and protection of trust zones within virtual infrastructure far less complex, enabling organizations to more easily enhance virtual security as well as comply with industry regulations such as PCI.
5. To avoid VM sprawl and resulting security compromises, schedule regular reviews of existing VMs to make sure that they are all still being used. It is also prudent to assign one owner to each VM, who can always report on its status. Forgotten servers and applications are dangerous.
Virtualization is too beneficial to ignore, but it can also be a detriment to an organization if not properly deployed and managed. The security implications described above should be fully understood and addressed before moving your critical assets to the cloud. However, if handled with care, the sky is the limit for private cloud computing.
Adam Powers is Chief Technology Officer for Lancope