The Downside to Virtualization: Security Risks
It’s hard not to love virtualization. The ability to create dozens of virtual servers (or “appliances”) as files within a single physical server can cut power consumption, save space, make IT admins’ jobs easier, and allow them create separate environments for testing new applications at will. No wonder this is one of the fastest growing technologies in businesses large and small.
But everything has its drawbacks, and virtualization is no exception.
“There’s no free lunch,” says Woflgang Kandek, CTO of Qualys, which offers on-demand compliance and vulnerability management. “Security is one of the things you have to worry about more when you use virtual servers.”
Virtualization security risks
Why does virtualization mean paying more attention to security? Here are the reasons, and tips for addressing them:
- You’re adding an operating system. This aspect of virtualization is easy to forget, because most virtual servers act like real servers, running a Microsoft Windows or other platform. But in fact, the virtualization application itself (VMware, Microsoft Hyper-V, Xen, etc.) becomes the operating system on the server where it resides, with the operating systems of the virtual servers running as applications hosted on that system. Like any other operating system, virtualization software needs to be patched and updated regularly, to ward off security threats, in addition to the patch management you still need to maintain whatever operating system the virtual server or servers are running. “So now you have two operating systems to monitor and patch, instead of one,” Kandek says.
- Traditional intrusion detection won’t work on virtual servers. Intrusion detection (and intrusion prevention) generally functions by monitoring network traffic and raising a red flag if there’s a traffic spike or type of traffic not explained by legitimate operations. But because there’s no way to monitor traffic between virtual servers on one physical host, you can’t count on them to alert you to a security breach in a virtual server.
- Malware can spread among virtual servers. With traditional intrusion detection blind to activity between virtual servers, it’s easy for a virus or other malignant software to spread from one virtual server to another. And beyond -- because virtualization is often used in conjunction with clustering that moves data and applications among two or more servers, to provide load-balancing and “failover” in case one server in the cluster encounters a problem. “This is not something any network monitoring system can analyze,” says Amir Ben-Efraim, CEO of Altor Networks, which provides virtual firewalls that protect virtual servers. A virtual firewall can add a layer of protection at the virtual level, to fill the gap left by traditional security methods.
- Confidential data can be compromised. Because there’s no way to monitor traffic flow between virtual servers sharing the same physical server, there’s no way to tell whether confidential or legally protected data (such as medical records or credit card numbers) have been compromised. “I would suggest keeping such data segregated on a separate physical sever,” Kandek says.
- Today’s malware is virtual-aware. Viruses often meet their fate in virtual servers where IT staff test applications and then destroy the server once the malware is detected. People who write viruses are aware of this, and have begun creating special “virtual-aware” viruses that can tell when they’re in a virtual environment. Though they’ve mostly used this knowledge to hide so far, they could easily be adjusted to attack virtual servers’ vulnerabilities instead. According to research by the antivirus company ESET, more than 200,000 virtual-aware malwares were at large in November 2008. What this means is that if you’re running virtual servers, virus protection is especially critical.
- Your outsourcer may not know any of the above. If you’re outsourcing some or all of your IT security, or using hosted servers, make sure your provider is fully aware of the special security issues surrounding virtualization and has appropriate protections in place. “Those extra protections should be part of the outsource agreement,” Kandek says.
Virtualization offers many advantages over working with physical servers. Staying aware of its special security issues can keep those benefits from putting your data at risk.