Continuing from my last blog where I touched on some of the challenges facing the management of privileged users, it was interesting to hear at one of Gartner's sessions at their European Identity and Access Management Summit earlier this month (something along the lines of) they see Privileged User Management (PUM) as one of the critical building blocks for enabling cloud computing.  I can only agree with this view.  PUM is proving to be essential for securing virtual environments sitting on-premise and managed by loyal employees, let alone cloud instances hosted by 3rd parties and managed by external privileged users (who might be even contracted by the service providers). 

For virtual platforms (as well as internal private clouds), the risk of not managing privileged users is too high to ignore compared to traditional environments.  Without virtualization, each critical server is typically dedicated to providing a single service only (DBMS, application server, business portal, etc).  In contrast, it is both the beauty and the curse of virtualization that we do run several server instances on the same physical machine, which now might host a complete application stack used to support an entire business area - for example, a Customer Relationship Management (CRM) system with all its databases, middleware, and other components.  This provides many benefits that we all know about including improved service quality, operational productivity, and cost and energy savings.  However one of the primary trade-offs is that it's more difficult to manage privileged users.  Consider how easy it is for a virtualization (hypervisor) administrator to - inadvertently or maliciously - cause a serious breach or business disruption (for example, instances of virtual servers are files that can be copied and then easily restarted at a convenient, off-premise location.  This is equivalent to stealing several physical servers from a site, then taking all the time to mine them for goodies).  Also let's not forget the need to ensure separation of duties (SOD) and maintain accountability across these virtual servers.

Many surveys show that most large enterprises have already adopted server virtualization, but what's interesting is that most of these organisations have only virtualized 10-20% of their servers (i.e., in limited and controlled production environments).  A recent Gartner research indicates that by the end of 2009, only 18% of servers that could be virtualized have been virtualised within enterprise data centers, and that this figure is expected to reach over 50% by end of 2012 (i.e., virtualization will become the de facto platform).  The research goes on to suggest that through 2012, 60% of virtualized servers will be less secure than their physical counterparts.  In addition, the research highlights the six most common virtualization security risks and how to combat them.  Two of these risks directly relate to controlling and monitoring privileged users, namely: (i) “Adequate Controls on Administrative Access to the Hypervisor/VMM Layer and to Administrative Tools Are Lacking”, and (ii) “There Is a Potential Loss of SOD for Network and Security Controls.”  In other words, this extensive adoption of virtualization within organizations will clearly introduce a range of new challenges and require more mature security management practices with PUM at the forefront. 

Furthermore, automation is a must to realize the full potential of virtualization – managing privileged users with encrypted spreadsheets and secured envelopes will definitely not cut it anymore.  Actually, in many cases, even typical Privileged User Password Management solutions (i.e., PUPM technologies that primarily offer password vaults to manage shared accounts) will not be enough to manage such sophisticated environments - virtualization needs a comprehensive PUM approach where fine-grained access control (i.e., granularly manage who can do what and in which context) is consistently enforced and closely monitored across all heterogeneous virtual environments. 

One of the other six virtualization security risks listed in the Gartner research is “A Compromise of the Virtualization Layer Could Result in the Compromise of All Hosted Workloads.”  This reminds us to keep in mind that privileged users do not just pose an internal threat.  Traditionally, privileged user accounts are the most targeted by hackers.  As virtualization and cloud continue to grow and privileged users gain even more keys to the kingdom, it will make more economical sense for hackers to increase their focus on these accounts.  Ensuring that the principle of least privilege is applied (through fine-grained access control) will help limit the damage if an account is compromised.

For external/off-premise (private or public) clouds, PUM also becomes an imperative for cloud providers to demonstrate to customers their ability and confidence in applying the principle of least privilege, providing transparency and compliance, and streamlining their operations.

In my next blog series post I'll write about other key technologies for enabling organizations to transition to virtualization and cloud in a secure and pragmatic way.