In April 2004 I wrote my first article on the topic of virtualization security. I was trying to bring attention to the security aspects of this "new" technology that was getting quite a bit of hype at the time. The hope was that this time security would not be an afterthought, that we would reverse the equine-escape/egress-closure sequence. The naïvete of youth!
Four and a half years later, virtualization is almost a mainstream technology. Our virtualization benchmark in the second half of 2008 showed rapid adoption among all industries. Server virtualization was in use by 93 percent of participants. More than 20 percent have achieved full adoption, which means that virtualization is their default platform for all new servers and they are converting all existing systems. More importantly, 78 percent of participants have virtualized production servers facing customers or users.
Surely it seemed that security would be a top issue in architecture, design and technology choice. After all, as with any new technology there are new security issues to contend with. Entire network infrastructures now exist inside the virtualization layer, connecting servers. New management systems allow near-instant provisioning, migration and de-provisioning of entire fleets of servers.
Server images are floating around on disk and are whizzing around networks. Live migration means that virtual server memory pages are also whizzing around on the network. New architectures, processes and management systems, as well as organizational upheaval, are all creating infinite possibilities for mischief. So we naturally asked (and have been asking every year since 2004) what companies were doing differently for security. Any tools? Any new architectures? Anything?
Once again, the answer surprised us (though perhaps it shouldn't). Only 9.6 percent of participants are deploying any security tools specially designed to deal with virtualization. Another 21.2 percent expect to do so within the next three years. A whopping 69.3 percent, though, have no plans at all to do anything specifically aimed at securing their virtual environments.
Where the imperatives of security won out, organizations have mostly accepted significantly reduced benefits from virtualization. They partition resource pools to match network segments, and force traffic among pools to pass through the existing network security infrastructure. They mostly use virtual LANs to achieve this, and they get less complete resource utilization as a result, and less flexibility in matching workloads to resources.
These measures overlook many of the threats that are unique to virtualization by trying to shoehorn the existing security models and practices into a vastly different environment. This leaves threats in the virtualization management (control plane), threats related to dynamic resource management, threats to live migration and many others unaddressed.
There is a great risk that these threats will translate into attacks before companies re-examine their security policies, architectures and implementation. Worse is the missed opportunity: virtualization principles could revolutionize the way we do security, making our systems both more flexible and more secure. There are many very innovative security solutions for virtualization. There are even more opportunities to inject virtualization principles into existing products and architectures. What are we waiting for?