With virtualisation now becoming an increasingly core part of mission-critical IT, writes David Emm, principal security researcher at Kaspersky Lab, it is growing as a platform for managing customer data, financial transactions, and the applications businesses use every minute of every day. This reliance on the virtualised environment has moved the issue of how to secure it higher up the business agenda, with Kaspersky Lab research suggesting that for 21 per cent of enterprise-level IT managers, it is one of their top three IT security priorities.
It is therefore imperative that virtual environments work as planned and are secure for modern businesses to be successful. All too often businesses apply security measures developed for physical machines, which can leave them exposed to a whole raft of risks. We’d like to highlight a few common misconceptions about virtualisation security, to guide CIOs and their IT managers towards smarter decisions about their IT security policies.
Myth 1: I don’t need additional security. The endpoint security software I use to protect my PCs, mobile devices and servers can protect my virtual environment too.
Reality: This is a very common misconception, and can be the root cause of many challenges that IT departments face while trying to secure their virtual network. Most traditional endpoint security solutions aren’t virtual-aware. So while they may provide the same protection they deliver on physical systems, they do so at the expense of performance.
Myth 2: It may not be perfect, but my existing anti-malware doesn’t interfere with the operations of my virtual environment.
Reality: Traditional endpoint security uses what’s known as an agent-based model where each physical and virtual machine gets a copy of the security program’s agent and this agent communicates with the server while performing its security tasks. This works fine for physical machines, but if you have 100 virtual machines, this means you have 100 instances of this security agents plus 100 instances of its malware signature database running on a single virtual host. This high level of duplication impacts performance, wastes storage capacity and can result in a time-lag between boot-up and protection of the virtual machines.
Myth 3: Virtual environments are inherently more secure than physical environments.
Reality: This is just isn’t true. Virtualisation is designed to allow software, including malware to behave as normally as it would. Malware-writers will target any and all weak points in a business network to accomplish their criminal goals. As virtual networks become hosts for more critical business operations, the bigger the target they’ll become. Virtual machines can be gateways to a server, or the server itself may be a virtual machine. Either way, the cybercriminals want access to the data. If an attacker compromises one virtual machine, it’s possible for them to replicate their code across all virtual machines on the same physical server, further maximising their opportunity to steal important business data.
Myth 4: Using non-persistent virtual machines is an effective way to secure my network.
Reality: In theory this makes sense. However, security firms have begun seeing malware that is designed to survive the “tear-down” of individual virtual machines by spreading across a virtual network, allowing it to return when new virtual machines are created.
Even if the rest of your virtual machines are secure, it’s possible for one virtual machine to “eavesdrop” on the traffic to another, creating a privacy and security risk. Recent research found that more than 65 per cent of businesses worldwide will have some form of server virtualisation within the next 12 months, and these servers need to be “on” all the time for the business to function, so the “tear-down” approach to security isn’t viable in this situation.
Myth 5: If I decide to use a specialised virtual security programme, they’re all more or less the same.
Reality: Most traditional endpoint security measures take an agent-based approach, but a virtualised environment needs flexibility to ensure total protection. There is no one-size-fits-all solution and the right application, or combination of applications, depends entirely on what you’re trying to protect. Specialised software and expertise is required to build and maintain a virtual network. So as virtualised environments become a standard feature of the business environment, it is critical that businesses deploy appropriate solutions that allow growth but maintain security.
