While the virtues (and pitfalls) of the cloud have been exhaustively documented, the fact remains that it's highly likely that the servers that house your applications and data are virtualized, whether those servers live in your data center, or especially if they live in a service provider's public cloud.
Server virtualization allows you to float multiple 'virtual machines' on top of a physical server, using a hypervisor to manage them. The obvious benefits are better hardware utilization, faster scalability and the ability to move VMs around to get optimal processing power. However, this same structure creates some very real security concerns.
Hypervisor vulnerabilities: Hypervisors are unique to virtualization, and there are many different kinds, each with different functionality. If not properly configured, a hypervisor can easily become an attack point. And if someone is able to access the hypervisor, they potentially gain access to many VMs.
Suspended VMs and snapshots: One of the great things about VMs is that they can be spun up or paused with a few mouse clicks. But dormant, dust-gathering VMs can't receive software updates or security patches, creating a potential problem if they are brought online again. Further, when you suspend a VM or take a snapshot, a unique (and easily searchable) file is created that captures the entire VM state, including its memory -- which can also contain sensitive or regulated data.
One server, many functions: In large compute environments, VMs are often assigned to a pool of hypervisors, which allows for load balancing but can make it difficult to keep track of which VM belongs to which hypervisor. In a private cloud, data from a confidential finance application might end up on the same hypervisor as something from sales. In a public cloud, it's possible your data could actually be sitting on the same server as that of your competitors.
Insiders are now outsiders: In any virtualized environment, the administrators who control the infrastructure have a great deal of access. Even though most companies vet their employees carefully, insiders can still do a lot of damage. Now, consider a public cloud, where you don't have any control at all over who they hire to tend your data. I certainly don't want to point fingers, but these folks may care less about your company's success than they do about gleaning some lucrative trade secrets.
This is by no means an exhaustive list, but it does highlight why security technologies must be created to address these unique vulnerabilities...
So what are the options to inject security in a virtualized server infrastructure?
Dave Shackleford, a well-known expert on cloud and virtualization security, recently published his book "Virtualization Security. Protecting Virtualized Environments” (on which I served as trusty technical editor). He highlights the following areas of concern:
Securing the hypervisor
Make sure that patches are applied to protect against the latest vulnerabilities and that certificates are up to date. Default settings for hypervisors should be carefully inspected, as they are not always the most secure options. Finally, monitor critical configuration files regularly.
Securing the virtualized network
The virtual network is the backbone of a secure, virtualized infrastructure. Clearly understanding the differences and security implications between virtual and physical networks is one of the more complex areas of virtualization.
Securing the virtual machine
Virtual machines are still built with operating systems and applications; therefore, all the security mechanisms you employ in physical systems apply in the virtualized world. We read about additional threats such as cross VM attacks, code injection attacks (after all, VMs are just sets of files so they are easy to manipulate on disk) and information leakage attacks, which are particularly problematic in cloud environments. The most important element securing virtual machines is securing the data -- through the hypervisor and through to the storage layer where data from different VMs is co-mingled in the same disks. If your systems are governed by regulations such as PCI-DSS, make sure you're following the recommended guidelines.
Logging and auditing
Logging is vital, not just for compliance reasons, but so you can optimize for performance, understand the actions of others and be able to identify security incidents, policy violations, fraudulent activities and operational problems. Logging becomes more challenging in a public cloud environment, where you have less control over the network. Look for more innovative CSPs who may give you greater visibility or reporting.
Change and configuration management
It can be challenging to introduce virtualized infrastructure into existing change and configuration management programs. Organizations need to evaluate the security issues that result from requested and planned systems changes. This includes request and approval, planning and testing, scheduling and communication, implementation and documenting the process, and following up afterwards.
Disaster recovery and business continuity
The hypervisor vendors offer new tools that aid in disaster recovery and high availability. Since VMs are just sets of files, building availability and disaster recovery solutions has never been easier. However, understanding the security implications around shared storage, new backup methodologies and replication capabilities is a vital part of your virtualization security best practices. You must understand how hypervisor clustering operates with shared storage, the multi-tenancy aspects that come with sharing, and how availability and fault tolerance operate across multiple virtualized infrastructures to achieve solid disaster recovery.
So -- now you know a bit more about virtual machine security. Do you have other concerns about the cloud - public or private? Do tell!