FOSE 2009 - The Virtual Reality: Securely Embracing Virtualization

It's become common knowledge that virtualization has plenty of benefits but plenty of drawbacks as well. Virtual machines can contribute to the "greening" of data centers and lower costs on space, power, cooling and provisioning. As virtualization adoption begins to pick up at the agency level, all potential security risks must be scrutinized to ensure the required level of security.

One of FOSE's afternoon sessions today, "The Virtual Reality: Securely Embracing Virtualization," explored the threats that exist when agencies turn to virtualization, and included personal experiences and best practices the panelists. The panel consisted of:
* Bill Bockoven, (moderator), VP- Public Sector, APC by Schneider Electric
* Josh Corman, Principal Security Strategist, IBM Corporation
* Brent Conran, Director of Information, Security, U.S. House of Representatives
* Jack Nichols, Director, Enterprise Operations, U.S. House of Representatives

Bill and Josh started off by discussing how agencies can securely adopt virtualization and what existing threats must be considered prior to any virtualization implementation. They suggest that it is important to cut your teeth on virtualizing a low-risk asset, since the first attempt quite often fails, simply due to unforeseen migration or integration issues. Clustering servers to keep information with similar levels of sensitivity together as well as using provisioning to prevent sprawl are two additional policies to pay attention to during migration.

Josh outlined some common mistakes:
* Elective risk - beware of Type 2 server virtualization for production
* Failure to establish policy - need to create guidelines and organize processes
* Failure to consider compliance - regulation has not caught up to virtualization yet; will you still be PCI compliant?
* Failure to involve security - make sure to build in security at all levels
* Failure to control live migration - can create a domino effect of failures
* Failure to have performance/capacity plan - virtualization is not devoid of bottlenecks, agencies must properly plan for expected capacity
* 'Silver bullet' virtual appliances - Can lead to a false sense of security

Best practices:
* Install security in each guest VM
* Apply defense-in-depth
* Lock-down management
* Segment networks with VLANs
* Use stand-alone security appliances

Limitations:
* New VMs need security provisioning
* Redundant security = more resources
* Management nightmare

And what to expect to see from providers in the next 12-18 months:
* Apply defense-in-depth
* Shrink the management stack
* Install security VM on each machine
* Integrate security VM with VMM

Jack and Brent presented a case study along with first hand accounts of the House of Representatives' move to virtual storage. The primary reason for The House's move was lack of juice, as the House's IT deparment functions out of an older government building and was hitting the ceiling when it came to power - there just wasn't enough. Each office had their own file server kept behind a locked door, for security reasons, creating a highly-distributed storage environment. To further complicate matters, each office was in charge of its own IT tools.

As a solution, Jack and Brent looked to consolidate servers and bring them into a proper data center environment using virtual blade servers, storage area networks, back-up solutions, redundant sites and encryption to solve the power problem, all while maintaining required security levels. This undertaking was also inline with the Green Capital Initiative, a movement to encourage political leaders to find ways to make the capital more environmentally friendly, with a virtualized data center being a prime example of a green IT solution.

Their first attempt to virtualize some of their most mission-critical assets failed miserably. They failed not because of technology, however, but because all levels of employees were not educated on virtualization and how it affected their operations. Senior management needed to be retrained because all processes had changed and what they had done before didn't exist anymore; there was also no longer a system of checks and balances.

After going through the implementation, some security challenges they discovered were:
* Traditional threats are still there (like poorly thought-out patches, IT changes, etc.) but with additional complexity
* Virtual sprawl - what should be virtualized? Microsoft Exchange, firewalls and payroll are bad ideas
* Inter VM server traffic - traffic patterns change so existing security measures don't work correctly anymore
* Access Control - server administrator will have access to everything in the environment creating a potential security threat
* Segregation of data - Plan what you are going to virtualize and how
* Organizational ownership - Who owns what now?

Jack and Brent suggest using third-party tools to monitor and enforce provisioning. This can be a double-edged sword, as it is very important to choose the right tools for what you are monitoring or it can create a sense of false security. Different monitoring tools can watch data that exists in different types of environments (mixed and static), so it is important to understand your needs before implementation.

Overall, they assert that while virtualizing IT operations does add complexity and introduces operational risks, it has plenty of benefits too. It increases time to market, lowers IT's impact on the environment, saves money and centralizes information.

Seed Newsvine

Bookmark this article in your preferred program

Comments

Add Comment

Popular Articles in this cathegory

This article is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.