Data centers

10:52 AM
Connect Directly
RSS
E-Mail
50%
50%

Virtual Servers Introduce Real Risk

Sixty percent of virtualized servers will be less secure than the physical servers they replace through 2012. So says Neil MacDonald, vice president and fellow at Gartner. Virtual machines by themselves aren't inherently less secure. The problem is how VMs are deployed. MacDonald says the processes and tools used in the deployment of physical servers aren't necessarily being applied to their virtual counterparts. "In no way would I say, 'Don't virtualize.' The cost savings are undeniable. But we

Sixty percent of virtualized servers will be less secure than the physical servers they replace through 2012. So says Neil MacDonald, vice president and fellow at Gartner. Virtual machines by themselves aren't inherently less secure. The problem is how VMs are deployed. MacDonald says the processes and tools used in the deployment of physical servers aren't necessarily being applied to their virtual counterparts. "In no way would I say, 'Don't virtualize.' The cost savings are undeniable. But we need to have an intelligent conversation between the operations side and the security side about what is different between the virtualized and physical environment," says MacDonald. VM insecurity is of growing concern because of the large number of virtual machines predicted to come online. By the end of 2009, only 18 percent of enterprise data center workloads that could potentially be virtualized had been so, according to Gartner. The analyst firm expects the number to grow to more than 50 percent by the end of 2012.

MacDonald outlines three issues that lead to insecure VMs. The first is that IT organizations don't treat the virtualization layer the same way they would an OS environment, where someone is responsible for correct configuration and management. "That means patching in a timely manner, understanding when critical patches are released, establishing configuration guidelines, and making sure they're adhered to over time," he says. "It's basic, but you'd be surprised - people don't think of this layer as an OS and don't extend their processes." This might require investment in tools that work correctly with this layer, he adds.

Second is the loss of visibility on the internal virtual-machine-to-virtual-machine traffic that goes on inside a server - the sort of traffic that administrators would see if it were on a network between servers. "We do not have visibility as it stands - we're blind." Moreover, the legacy management vendors have been slow in rolling out visibility tools or upgrading their toolsets to support the virtual environment, he says.

Third, the staffers who would normally manage a switch and who are familiar with the processes and issues can be cut out of the process when the switch becomes virtual. "Who manages that virtual switch?" he asks. "In many cases, it's the VMware administrator. My argument is, it's a switch, whether it's virtual or physical. The group that's responsible for switches should be responsible," because otherwise there's a loss of the separation of duties that helps provide checks and balances.

The good news is that the market recognizes these issues and is responding. Upstart management and security vendors have launched a raft of products to help IT groups get a handle on VMs, and traditional vendors are adding support for virtual environments. Network Computing's most recent digital issue discusses more than 20 products that IT can bring online immediately to manage VM deployment, configuration, monitoring and security. As operations groups incorporate the virtual layer into their standard processes, MacDonald says that the number of poorly secured virtual servers should drop from 60 to 30 percent by 2015. It's a good step, but that 30 percent figure is still high. "We're seeing progress, but we're not where we should be," he says.

Comment  | 
Print  | 
More Insights
Hot Topics
13
Why Facebook Wedge Is Revolutionary
Tom Hollingsworth 7/16/2014
6
8 Gotchas Of Technology Contracting
Craig Auge, Partner, Vorys,  7/17/2014
4
10 Handy WiFi Troubleshooting Tools
Ericka Chickowski, Contributing Writer, Dark Reading,  7/22/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed