How Virtualization Creates Cloud-Ready Security Options
October 29th, 2013 By: Bill Kleyman
Many organizations have turned to virtualization technologies to help them become more agile and scalable. Now, it’s time to create cloud-ready security.
As you know, the demands of the market have created a need for companies to provision resources dynamically, without incurring too much additional cost. In using virtualization, IT administrators have more control over their infrastructure, how resources are divided and are able to deliver a better user experience. Over the past few years, virtualization has evolved far beyond the server. Really, virtualization technologies have even evolved far beyond what we remember it all to be.
Now, managers are delivering various workloads down to the end-user regardless of what hardware they are operating or from which location they are trying to consume data. Beyond server virtualization, new technologies are entering the modernized data center. This revolves around new technologies like:
- Security virtualization
- Application virtualization
- Desktop virtualization
- User virtualization
- Storage virtualization
- And many more.
By controlling data, applications, and even desktops at the data center, administrators can deliver a secure look and feel to the end-user. By incorporating flexible virtualization-ready solution – data center administrators suddenly have a lot more tools at their disposal.
In working with virtualization, just like any other technology, security must be a priority. Although this data is always stored at the data center level, it doesn’t mean that accidental or malicious events won’t happen. With that in mind, the centralizing of information on a virtual node allows administrators to develop new types of security methodologies. This means that policies will need to be evolved and new layers of cloud security will need to be adopted.
- Create good policies. More so for the user and not the IT staff, virtualization can be used as a mechanism to deliver BYOD data. Be sure to remind users that although the devices they are using may belong to them, the information they are accessing still belongs to the organization. This means that if a user is accessing a virtual application or virtual desktop remotely, they must be aware of their connection and their surroundings. Computer usage policies can be extended to help support and cover BYOD initiatives. Within those policies, be sure to explain how virtual desktops and applications are used and monitored. Virtualization and the information that it delivers requires IT shops to rethink security and end-user policies. Remember, even though this data doesn’t live at the end-point – new types of security threats are always aiming to take down the hottest new technologies.
- Use next-generations security. Although it’s a bit of a buzz term, the idea behind next-generation security technologies is very real. Beyond just a standard physical firewall, next-gen security looks to introduce newer, advanced, scanning engines, virtualization technologies, and better visibility into the cloud. For example, administrators are able to incorporate mobile and device management solutions which monitor all of the incoming BYOD devices. These devices may be only accessing emails, while some others may need access to applications and desktops. These management platforms can check for OS versions and even see if a device is rooted. Furthermore, next-generation security appliances now offer much more advanced access interrogation policies. An administrator can set a 4 policy entry point. If a device only passes 2 out of the 4 interrogation metrics, it may be given access to only a part of the environment. These metrics can range from having the right AV database to an OS version and patch level – and even the location of the device.
- Control your cloud. A part of securing a virtual infrastructure is being very proactive. To do so, there must be control mechanisms in place for the virtualization infrastructure. Proactive alerts and alarms should be configured for resource utilization, access, and of course workload/hardware notifications. By monitoring an environment, administrators are able to see spikes in data usage (both LAN and WAN), where and what users are accessing, and continuously monitoring the type of data entering and leaving the data center. Virtualization allows for the creation of a logical layer. This layer can be better monitored because policies can be put into place to trigger improved alerts and notifications. By having greater control over your cloud, virtualization helps administrators create a more robust infrastructure based on proactive security best practices.
- Use intelligent AV. Just because a desktop or application is virtual doesn’t mean it’s not susceptible to a malicious attack. Traditional AV engines have always been a bit bulky and resource intensive. New technologies look to skip over the heavy resource utilization and become much more virtualization aware. For example, a virtualization aware AV engine can run at the hypervisor level, scanning all of the traffic which flows into and out of the VM. Trend Micro introduced its Deep Security platform to do just that. It will integrate directly with VMware Tools to facilitate virtualization-ready security at the hypervisor layer. Another great example is 5nine’s security model and how it interacts with Hyper-V. This way, administrators don’t actually have to install AV clients on the workloads. Because of this, the AV process becomes much more streamlined and efficient. Now, we’re introducing new levels of security and efficiency for your virtual platform.
- Lock down apps, desktops, and users. With virtualization, comes the very real need to lock down the environment. The great part here is that there are technologies which are able to help out. In working with virtual desktops and applications, workloads can be locked down based on their location, the type of device requesting access, and user group policy settings. In fact, based on the user or application – entire menu items or sections of an app can be locked down. Depending on your organization and the type of apps/desktops you’re deploying, you may have varying needs to the level of security required. From an end-user’s perspective, creating a secure, yet very functional environment is very important. End-users can be controlled by deploying effective measures of user virtualization. This means that user settings, preferences, network settings, and other personalization options can migrate with the user. Furthermore, these settings can be very granularly controlled. Administrators can lock down everything from, as mentioned earlier, application menu items to the usage of USB keys or ports.
Remember, even though the data is centrally stored, administrators should still take the same active precautions to protect their environment. A good management plan, solid update cycles and regular testing are all good measure to ensure that preventative maintenance is kept up. The cloud isn’t perfect: So, in designing a security strategy, being proactive can save time, money and – very importantly – reduce downtime due to security issues.