This blog wraps up our virtualization security Q&A series with Eric Chiu, co-founder and president of HyTrust. In this installment Eric offers a view of the future and some tips for managing the risk that come with virtualization.
Q: What virtualization security trends do you expect will have the biggest impact over the next 2 to 5 years?
A: More and more IT executives are realizing that virtualization can break the separation of duties they had established in the data center. And in many cases, compliance officers are becoming aware that gaps in the virtual environment can undo their existing compliance plan.
There's also the parallel trend of increasing awareness that the vSphere platform's isn't enough to provide sufficient controls and monitoring for higher tier workloads. As the awareness grows, it will become common practice to bake compensating security measures into data center and cloud architectures.
These trends are why most security vendors will try to make their products truly virtualization-optimized over the next couple of years, though I expect it will take some longer than that to get there. CA Technologies is ahead of the game with CA ControlMinder for Virtual Environments (CM VE), which was purpose-built for the governance and compliance needs of Tier 1 virtualized workloads and private clouds.
Q: Tell me more about securing the multi-tenant virtual environments found in private clouds.
A: Virtualization is the foundation of most private and hybrid clouds. All the control and monitoring challenges of the virtualized data center are present in the cloud. The economic benefits of IT-as-a-service are so compelling that a major shift to the cloud is inevitable for most enterprises. But cloud security issues are probably the biggest concern of most CIOs and private cloud architects.
At the top of the list of worries is what VMware calls the "nosy neighbor" problem. Without the right controls and monitoring, one tenant's vSphere admin can get access to other tenants' workloads and perform operations like deleting and cloning VMs or connecting critical VMs to untrusted networks. Also, multi-tenant policy must be enforced for service provider administrators so that they can't incorrectly configure customer environments or access customer data.
Not resolving these concerns is obviously a deal killer for most business units in a private cloud or for customers of cloud service providers. Tied to this, having audit-quality logging per tenant becomes critical to enable compliance and governance of tenant environments.
In the traditional data center, some of these problems were solved by giving each application its own physical server, also known as air gapping. The economics of private clouds clearly remove that option for most tenants, so once again you're going to need virtualization-optimized access controls to implement logical workload isolation - again, something CA ControlMinder for Virtual Environments does very well.
Q: Let's wrap up our discussion with your top recommendations to IT management for managing the risks of virtualization over the next several years.
A: The strategy for success is actually pretty straightforward.
- First, investigate and understand the particular risks the virtual environment poses to your critical apps and data. Give special attention to the monitoring and control challenges associated with privileged users.
- Second, determine how you're going to give your Tier 1 workloads the same level of protection and compliance they had in the traditional data center. Focus on bedrock principles such as policy enforcement, separation of duties, least privilege access, and so on. If you have a corporate IT governance and compliance policy, think about how its requirements map to the virtual environment. Also consider whether the policy needs to be updated to reflect the unique characteristics of virtualization.
- Third, evaluate the adequacy of the vSphere platform's mechanisms for ensuring security and compliance. Consider essentials such as tracking individual users' actions, assigning tightly-defined permissions to the various roles that access the virtual infrastructure, establishing oversight or approval of high impact operations such as powering off or cloning VMs, and automatically compiling all the types of log data you'll need to prove compliance to auditors.
- Finally, explore how you're going to achieve integrated control and monitoring of the traditional data center, the virtual environment, and eventually the cloud. How are you going to integrate identity management and access control? What about security policy management? Or SIEM and log management?