Virtualisation is now commonplace within most IT environments. Security professionals must consider new strategies and technologies in order to apply the most appropriate security controls in such virtualised environments. We should not simply be replicating the familiar deployment models from the physical world in the virtual world.
Traditional n-tier architectures which separate out the presentation, application and data tiers via physical firewalls are not as effective in the virtual world where you may find two or more of these tiers hosted on the same physical hardware.
There are some straightforward considerations that influence security design in virtualised environments:
(i) Consider your compliance requirements. Are there any requirements that enforce a degree of physical separation? Such requirements may necessitate multiple virtualised environments with physical firewall (or air-gapped) separation.
(ii) Identify the resources that your service requires in order to function – think in terms of network access, compute resource and storage rather than servers and network segments.
(iii) Identify the different types of users that require access to your service, e.g. external users, internal users or trusted partners.
(iv) Group the identified resources into zones (security domains) based on the characteristics of the data, user communities and access requirements.
(v) Conduct a risk assessment. Identify the risks that you are looking to manage per zone.
(vi) Base your security controls around these zones; control and monitor the activities within each zone and, more importantly, control and monitor the interactions across each zone.
It is this final area that often raises concerns. In a virtualised server environment you are limited to the firewalling and monitoring tools that the virtualised management infrastructure can support unless you can afford the expense of physical firewalls and multiple virtualised server farms. Furthermore, the hypervisor itself represents a single point of separation failure that is not present in the physical world, albeit one that may have undergone formal security evaluation.
Security professionals need to be pragmatic, adapting to the capabilities of virtualised environments e.g. inter-VM introspection, virtualised firewalls, virtual networking, virtualised storage etc. Making the best use of these new capabilities, rather than seeking to simply “lift and shift” designs from the physical world to the virtual world, is critical to the successful realisation of the benefits offered by virtualisation.
Lee Newcombe is an active member of (ISC)2 and managing consultant at Capgemini.
Read more about securing virtual environments:
This was first published in August 2012