A lot of attention has been given to making sure virtual machines (VMs) are updated, manageable and protected. Now, with the introduction of virtual infrastructure and physical hardware pooling, a whole new set of challenges awaits us, many of which are only just becoming apparent. Security zoning is essential in the design of any system and, while often overlooked, it has long been a proven strategy. So how can something such as virtualisation affect how we zone our systems?
Security zoning is based on the core concepts of classification and compartmentalisation. Both data and systems are classified into groups of differing sensitivity. Classified data is stored separately from general data. Critical and high-security systems are segmented from public systems. Accounts used to access high-security systems are never used on low-security systems. The required level of security determines the amount of compartmentalisation. The purpose is to prevent less secure or low-priority systems and data from compromising more sensitive systems and data.
Virtualisation design will often focus on maximising the rate of consolidation to produce greater savings and lower running costs. When this is combined with the ability to pool physical hosts and storage devices, we begin to create security concerns. Now the domain controller is running on the same host as the print server and is stored on the same storage as the public web server. Suddenly all the security zones and segments become virtualised as well. Communication between VMs becomes largely invisible to traditional security systems, running outside the virtual environment, and a compromised host affects all of its VMs regardless of virtual segmentation.
Physical access to hosts in a large environment based on secure racks becomes harder to regulate, as it is not apparent whether a particular server is hosting sensitive systems at any particular time. There is also the question of management. What point is there to virtual network segmentation and zoning when a handful of management workstations and user accounts are used to access them all?
In order to provide higher levels of security we must look beyond consolidation to preserve our security zones. In lower-security environments, implementing virtual security and UTM appliances between our virtual network segments and machines will provide much-needed security and management of communications between VMs. In higher-security environments it is necessary to augment this further by providing separate hardware pools for each zone, to prevent VMs of different sensitivity from co-existing on the same host or storage device.
Researchers have already highlighted some of the potential risks involved in large-scale hardware pooling with the internal mapping and prediction of VM placements within a high-profile public cloud. How do we, for example, manage the zoning of our systems from not just each other but also the systems of other entities hosted in a third party cloud? Clearly this is one of the biggest barriers to wider adoption of cloud-based systems and is a question to which cloud vendors have yet to provide a satisfactory answer.
The key point to remember is that no system or platform is inherently secure, and virtualisation is no exception. Virtualisation provides us with a powerful platform on which to base our systems, but if we wish to secure them there is more to consider than rack space and cooling costs.