Virtualisation is not a theoretical risk

Security Zone is a bi-weekly series in Computer Weekly covering all aspects of IT security management. Each article will be written by a member of the International Information Systems Security Certification Consortium (ISC)2.

Virtualisation is a mainstay of the modern IT environment and often provides significant business advantages, particularly with regard to reducing hardware costs, increasing availability of IT systems and the provision of utility computing, writes Lee Newcombe, principal consultant at Capgemini.

Virtualisation technologies have been around for decades, but virtualisation of operating system environments on commodity servers is a relatively recent, and increasingly popular, development.

I felt the need to write this column primarily because I see a number of proposed system implementations that not only use virtualisation for server consolidation, but also rely upon virtualisation to provide separation between guest systems in different security domains.

Advantages of this approach include:

● It is easier to implement a virtual environment than to attempt to provide separation of differing security domains by encryption or the use of separate physical networks.

● It is easier to manage a virtual systems environment than the options described above, thanks to virtual systems management products.

However, several security advisories have been published that describe ways of breaking out of the guest operating system and running code on the host operating system. Once access is achieved to the underlying host, it is pretty much game over as far as the security of the other guest systems on this host.

Breaking out of virtual environments is not merely a theoretical risk, and virtual environments should be designed with this fact in mind. Different security domains should not be located on the same physical host, and the virtualisation software, as well as the guest systems, should be kept patched.

Virtualisation is here to stay. It is suitable for several purposes, ­including server consolidation (where servers all belong to the same security domain), provision of highly flexible development and test environments, and it is a great option for a speedy disaster recovery facility.

Virtualisation can also be useful for malware analysis and the testing of configuration changes, where the option of immediately jumping back to a clean build is a useful time saving device. (Having said that, remember that malware may be coded to behave differently if it recognises that it is running in a virtual environment.)

In summary, as with other technology issues, decisions regarding how to use virtualisation come down to a business risk decision. Do the business benefits of virtualisation outweigh the impact of a compromise? Do the hardware cost savings, increase in flexibility and ease of administration outweigh the potential impact of allowing an attacker to bridge across your security domains?

Read more on IT risk management