People, process limitations hamper x86 virtualization
IBM security expert says x86 virtualization is risky for mission-critical applications because of the security risks it introduces
Follow @infoworldX86 virtualization is often a risky proposition for highly regulated, mission-critical applications, because people and processes are not ready for virtualization and the security risks it introduces, IBM security expert Joshua Corman argued at Interop Las Vegas this week.
In addition to security threats to the hypervisor and the virtual machines it controls, virtualization makes it difficult to meet strict regulatory requirements such as the Payment Card Industry Data Security Standard (PCI DSS), Corman told attendees in a session on virtualization.
[ InfoWorld's David Marshall recently addressed the top security concerns in a virtualization environment. | Related: "VMware's take on security expands with vShield Zones." | Track the latest trends in virtualization in InfoWorld's Virtualization Report blog and newsletter. ]
For enterprises that are just getting started with virtualization, it's best to start out with minor systems, and work your way up to mission-critical applications, Corman said.
Virtualization brings new attack surfaces, operational and availability risks, and increased complexity with features like live migration, he said.
That's probably not the message virtualization vendors like VMware want to hear. VMware is tackling security with VMsafe, a set of APIs that will give partners more direct control over the hypervisor, letting them build more effective security products.
Corman credited VMware with limiting the hypervisor's attack surface by stripping out millions of lines of code, leaving the hypervisor as a 32MB software package with 200,000 lines of code. "One of the design principles of the hypervisor is to be incredibly lean and mean, to do the bare minimum possible," Corman said.
But this also means that the hypervisor's job description does not include performing encryption, he said. This leaves open the possibility of man-in-the-middle attacks such as Xensploit, which intercepts unencrypted data when virtual machines are migrated between physical servers.
Live migration features that move virtual machines from one physical server to another open up new attack possibilities, Corman said. Is your virtual machine moving to a less secure server? That's one of the questions datacenter managers must ask.
PCI DSS adds confusion to the process. The regulation says each server should only have one primary function, Corman said. That could be taken to mean that servers shouldn't be virtualized at all, or that applications shouldn't be mixed with databases. In general, Corman argued that regulation distracts IT from actual risk.
"We've become so burdened with compliance and regulatory controls that we've given up risk management," he said. "Way too often, people have a perfectly PCI-compliant datacenter, they virtualize it and then they fail."
