Virtual data safety

It would be difficult to avoid the wave of virtualisation technology sweeping the industry. The reasons for adopting virtualisation are too compelling - with cost savings at the top of the list.

"In the virtualisation market space, the server virtualisation market is where the fastest adoption is taking place. This includes application servers, file servers, web servers, database and email servers," says Harish Agastya, director of incubation products at Trend Micro.

Think of it this way: You have a data center with a few hundred servers, many of which are set up and tuned to do one job efficiently. It's likely that a few of those servers are lightly loaded - perhaps running at 50 percent capacity or less. With proper virtualisation, one could combine several of those physical machines, transferring workloads to a single piece of hardware. Bingo! You have fewer machines, less cost, less maintenance, less power and environmental conditioning needs, along with less capital expense.

But users may have more security problems. With virtualisation come new challenges. Why? Because the machine is the data. That is, in most virtualisation schemes, the virtual machines and associated storage are abstractions - essentially files (at least - or especially - when "powered down"). The files come to life atop a layer of software, called a hypervisor, hosted in turn by an operating system or server software. With virtualisation, you can move machines or storage "files" across hosts, back them up to tape, or copy them to disaster-recovery sites.

"The challenges that are met by traditional security methods aren't addressed the same - the solutions don't come at the problem from a virtual perspective, they come at it from the perspective of physical servers," says Eric Chiu, president and CEO of HyTrust.

Saving rush
Often, in the rush to take advantage of the cost savings and other benefits of virtual computing, organisations do not pay as much attention to security as they should.

"As companies have virtualised, they may not realise until after the fact that some of the existing technologies they have in place to secure their server environments are now open to a set of security issues that they didn't have to face in the physical world," says Trend Micro's Agastya.

Take, for example, dormant virtual machines (virtual machines that are "off"). In the physical world, a machine that is turned off is about as secure as it can be. But in the virtual world, when a machine is off, it is still accessible - that is, it is still accessible through the underlying host as a file. So any application that has access to the underlying host could access the "off" virtual machine, and be able to write to it, and thereby infect it.

In other words, because the machine is off and cannot run a scan agent, it cannot protect itself. It's a sitting duck for any malicious application that can access the underlying host. Coming versions of VMware and Microsoft products are likely to address these concerns, but in the meantime, organisations with older technologies in place must be wary.

"One of the things to bear in mind is that virtualisation enables you to move machines around, so it's important to keep track of where they are - that is, they may not be where you think they are," says Kevin Skapinetz, technology strategist and researcher at IBM Internet Security Systems. "Virtual machines may move to hosts that are less secure. You have to be sure to have secure boundaries between workloads."

Physical and virtualised security
Still, whether running in physical or virtual environments, there are some things that are the same in terms of security.

"Many of the tools used to secure a virtual environment are common in non-virtual environments," says Mike Schutz, director of product management, Windows Server division at Microsoft. "People still need to deploy and configure security technologies - and misconfiguration often presents key security vulnerabilities. Many of the issues remain the same in virtual or physical worlds."