Abstraction is a great thing. It's what allows us to build on previously-created tools and not start from scratch every time we perform a task on a computer. Most of us do not realize the many layers of abstraction we're sitting on top of when we do something as simple as reading this blog post. A typical presentation of computing abstraction layers looks something like this:
- Operating System
- Kernel
- Assembler
- Firmware
- Hardware
Each layer provides an interface that makes things easier for users or the layer above it, along with delivering power and speed. Furthermore, the higher an abstraction layer is, the more important security becomes.
Virtualization is no different. Instead of making a change to many servers one-by-one, a virtual administrator can simply make one sweeping change and apply it to several machines at once. Where installing or deleting operating systems on physical machines used to take time, in a virtual environment, both can be accomplished almost instantly. With this kind of power and flexibility, it is no wonder that virtualization has taken off.
In a famous cartoon it was once said: "With great power comes great responsibility." While this might be true, security best-practices and emerging compliance requirements are not satisfied by trusting administrators to be responsible. Tools are required to protect against the damage, whether malicious or accidental, that can be caused by virtualization administrators. Fortunately, new tools are emerging that make virtualization security simple by bringing best-in-class identity and access management tools to virtual environments.
There are generally two types of companies when it comes to virtualization: those that virtualize critical production systems without thinking thoroughly and critically about security and those that are not yet fully virtualizing due to security concerns. With the tools available today, there is no need to be in either camp.