Virtualization Can Help and Hinder Security Efforts


A little knowledge is a dangerous thing, especially if that knowledge is about virtualization. That's the bottom line of this survey from Clavister, a Swedish firm. The survey, which was conducted by YouGov, says that 38 percent of companies have virtualized, and that more than 40 percent of those left their networks open to attack because they believed that security was built into the product.


The firm, which has a horse in the race because of its security offerings, offers five tips. They counsel organizations to re-define policies accounting for virtualization; use virtual security gateways; protect the virtual administration center; limit the number of administrators with access to virtual administration tools; and evaluate and test virtual security regularly.


Much of what we hear about virtual security is negative: Virtualization is inherently dangerous, and organizations that don't pay attention can pay an extreme price. There is another side to the coin, however. Indeed, this feature at The CPA Technology Advisor says that virtualization can be one of the best things to happen to security. It can be used to test different tweaks to computers, software and configurations without the risk of affecting the existing production environment. Virtualized machines also can make exploratory visits to Web sites. If a piece of malware is picked up, the virtual machine can be deleted and the problem solved.


Hackers and malware distributors have proven that they are an intensely creative bunch. That's a scary thought in any instance, but it is particularly troubling when juxtaposed with everything that is new about virtualization. Put more simply, there seems to be a tremendous chance that enough will fall through the cracks to regularly endanger virtualized systems. While there is little evidence yet that hypervisors have been systematically attacked, the recipe is there: ZDNet Asia says that "VM sprawl" is shorthand for an environment in which a lot is happening of which IT isn't aware. The piece adds that it is easier for security tools to overlook things in these environments. The bottom line is that many of the assumptions that work in traditional networks may not once the environment goes virtual. Virtualization, even though it is becoming far more common, still is a bit mysterious. This interesting post at Get Hold of Yourself describes 10 myths about virtual security. The very fact that there are 10 says a lot about the confusion affecting the sector. The piece begins by pointing out that there is a tendency to think of virtual machines as somehow "less important" than physical machines. Clearly, the blogger is using the phrase to imply that many people feel fewer things can go wrong in virtualized environments. That's not true, he says. Virtual machines are complex. The myths all are worthy of note, from the first (that virtual machines can be deployed and managed in the same way as their physical counterparts) to the last (that once the virtual machine is deployed, IT and security staffers' security work is done).


IBM is taking virtual security very seriously. In September, the company announced the first element of its PHANTOM initiative, which is based on technology included in the purchase of Internet Security Systems (ISS) in 2006. The Proventia network is, according to Big Blue, a virtual intrusion prevention system (VIPS) that is based on the Proventia physical intrusion prevention system (IPS) and runs on VMware. Coming PHANTOM products aimed at virtual security include Provential Enterprise Scanner and Provential Multi-Function appliances, the story says.