Virtualisation offers a lot of advantages but security must already be built in

• Article 25 of 33
• SC Magazine, February 2011
• View the original article online

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages

Trend Micro's Deep Security product for VMware works with VMsafe and EPSEC to provide intrusion detection and prevention, firewall, integrity monitoring, log inspection and anti-malware capabilities in a single product for virtual machines. "Deep Security is agentless anti-malware," says Trend Micro's senior security advisor, Rik Ferguson. "We can keep going in through the hypervisor to achieve everything and keep the load light."

Log inspection is especially important since forensics can also prove difficult with virtualisation, not just in the case of a breach, but also for compliance."If a transactional server disappears, how do you prove it?" asks Adrian Davis, research analyst at the ISF. "You need to prove whatever happened has been destroyed and you need to prove that what happened actually happened."

Similarly, the ease with which VMs can be deployed is also a potential problem. If a development team wants to create a new virtual server, it need do little more than copy and paste an existing virtual machine's image, then run it. It is easy to forget that such a virtual machine exists and it can be left running, leaving security flaws without patch management.

Ipswitch's WhatsUp Gold system monitors networks for VMs. "There can be hundreds of VMs and people have forgotten what they were used for," says Marina Gil-Santamaria, director of product management at Ipswitch's network management division.

One of desktop virtualisation's biggest advantages for security is potentially also one of its biggest disadvantages: its near hardware-independence. With the virtual desktop hosted on a server, integration with USB devices on the end machine, for example, becomes harder. That makes certain equipment, such as biometric readers and smartcard readers, harder to integrate into authentication policies, even if they are available.

However, various companies, such as Imprivata with its OneSign range, offer specific technologies designed to integrate strong authentication with virtual desktop technology.

Finally, there is the age-old risk of the malicious admin, able to hack virtual machines because of his or her near-unrestricted access to the servers and the hypervisor. Wood, Sidaway and Davis all recommend separating duties, so that admins with the access to the hypervisor do not have access to the virtual machines and vice versa. Seaver says that access to the virtual machine environment must be monitored and logged to detect insider threats - and because some attacks may only be visible through anomalies in CPU usage and network traffic patterns. Employees are easier to handle, he says. Desktop virtualisation allows desktop management to be far easier, with different users getting different desktops according to their job roles, their current location, how they logged on, what device they used to log on and even more complex criteria.

In the long term, the advantages of virtualisation are such that server virtualisation, at least, will be something every organisation implements. "Organisations can't afford to have rack on rack of servers doing nothing," says Davis. Virtual machine penetration increased 50 per cent last year, according to Gartner, which also believes that nearly 30 per cent of all workloads running on x86 servers are now running on virtual machines.

Sidaway argues that advances in network and broadband speeds and the power of mobile devices mean that desktop virtualisation will be something that every organisation will be able to at least consider.

"Soon, you won't need to store files on local drives at all, but that will require a robust trust model," he says. More and more, the OS will be there just to launch a browser, with everything else being run in the cloud.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages