Hardware to the rescue?
The industry is also discussing hardware-based options on the horizon that will involve hypervisor protection from Intel or AMD. "If it's in the hardware, you have a thin implementation and it may decrease the surface area for the attack," Lin says.
Symantec's product manager for virtual security solutions, Gary Sabala, says Symantec has a partnership with Intel to provide hypervisor protection based on Intel's chip-based vPro technology. But he acknowledges coming to market with intrusion-prevention software for vPro has been slow. However, Symantec expects to be ready about September when Intel ships its second version of vPro, code-named Weybridge.
Sabala adds that Symantec is also working with VMware to look into finding an alternative to having to load a dozen or more separate virtual machines on a shared physical computer with antivirus software and instead "import the system resources" by creating a virtual appliance.
Mike Ferron-Jones, director of marketing in Intel's digital office platforms division, says the Weybridge version of vPro will use Trusted Extension Technology that will be able to carry out a hash-based software measurement when used in conjunction with the microcontroller Trusted Platform Module 1.2, designed under the aegis of the industry-standards organization Trusted Computing Group.
Ferron-Jones says Intel's focus in developing the Trusted Extension Technology was primarily to prevent rootkits from compromising software-based virtual-machine monitors, such as those from Microsoft, VMware and Parallels.
In the rapidly evolving virtualization arena, industry is grappling with how to ensure security isn't an afterthought.
"We're viewing virtualization as another platform," says Peter Richardson, director of product management in the office of the CTO at CA. "We need to work with the [virtualization software vendors] to develop APIs so we can get a more aggregated view of what's going on in the virtual environment."
Today, says Richardson, CA's Unicenter Advanced Systems Management looks at the hypervisor level and doesn't get the "more granular view" of what virtual machines are doing. He says the industry-standards body OASIS is looking at developing standards for security and management around the virtual environment, but for today, security and management vendors are simply trying to adapt to specific virtualization platforms.
What VMware thinks about security
Enterprises should be able to adapt their security practices pretty naturally to VMware environments, an executive at EMC's virtualization outfit says.
VMware, whose VMotion technology lets managers whisk virtual server images on and off physical hardware at the press of a button, is mindful of the security implications that such flexibility brings, says Patrick Lin, director of product management and data centre platform products.
VMware's products use their own Assured Computing Environment technology to allow IT managers to create a virtual machine that uses encryption or can be preset to stop functioning at certain expiration dates.
But Lin acknowledges the overall security picture is evolving and the industry as a whole is trying to sort out what role security standards can play.
"Are people looking at standards now? Absolutely," he says. VMware, which would like to be a security and management standards contributor, isn't sure which standards body would take this on.
"Maybe it's the Trusted Computing Group or the Distributed Management Task Force," Lin says.