Some enterprises overlook the need to protect their virtualized environments, thinking they're inherently more secure than traditional IT environments. Others use the same tools they use to protect their existing physical infrastructure to secure their virtual infrastructure. Both are treading on thin ice, according the Cloud Security Alliance.
"The bottom line, though, is that the new environment is more complex and requires a new approach to security," the CSA said in its new report, "Best Practices for Mitigating Risks in Virtualized Environments."
In the report, the industry group lists 11 virtualization risks and provides advice on how to address them. The report notes that the guidelines address server virtualization security, not network, desktop, or storage virtualization. The CSA plans to address other virtualization technologies in future reports, including one on NFV and another on storage virtualization, Kapil Raina, co-chair of the CSA Virtualization Working Group and head of product marketing at cloud security company Elastica, said in an interview.
The 11 risks cited in the paper are the most common relative to compute virtualization, regardless of vendor or architecture, he said. They fall into three general buckets: architectural, hypervisor software, and configuration:
- VM sprawl
- Sensitive data within a VM
- Security of offline & dormant VMs
- Security of pre-configured (golden image) VM/active VMs
- Lack of visibility and control over virtual networks
- Resource exhaustion
- Hypervisor security
- Unauthorized access to hypervisor
- Account or service hijacking through the self-service portal
- Workloads of different trust levels located on the same server
- Risk due to cloud service provider APIs
While the list isn't ranked in terms of risk severity, Raina said VM sprawl is particularly prevalent. It's so easy to create virtual machines and push them out, but various configurations and frequency of updates makes VM management complex, he said.
"With VM sprawl, you duplicate machines, then forget about them or they're isolated on the network. Once you bring them up, they may be several weeks or six months behind in terms of patching and security. That creates a vulnerability," he said.
"We find that to be a process deficiency in many organizations. For us in the practitioner world, the weakest link is how hackers get in, and unfortunately this is one area that thieves take advantage of," Raina added.
To mitigate the risk of VM sprawl, the CSA recommends organizations consider a range of tactics, including implementing policies and processes to control VM lifecycle management, controlling the creation and use of VM images with a formal change management process, and setting aside a small number of solid, updated images of a guest operating system to use for fast recovery.
The CSA report notes that some organizations are complacent about virtualization security because there haven't been any known successful attacks on hypervisors except for theoretical ones that require access to the hypervisor source code. Still, maintaining hypervisor security is paramount.
"If you can manipulate the hypervisor, then you don't have to attack each VM and go through the infrastructure and security of each VM," Raina said.
"Although it's consolidating [systems] and making life easier for many people and the economics are there, virtualization also allows hackers to use fewer points of entry," he added.