Securing virtual environments, whether it be at the desktop, server, network, application or storage level, is a crucial component to any virtual strategy. With the security threat landscape constantly evolving, putting all company resources into a centralised virtual environment without a comprehensive security game plan is a gamble no organisation should willingly take.
According to several security experts, the worst data breaches this year will come from within. RSA recently released the findings of a survey it conducted with 417 people, mostly employed in finance and technology. The results found everyday employee behaviour could trigger significant risk to sensitive business information.
“Should a security breach or violation occur, and it’s an internal one, the consequences can be more significant in a virtualised environment than a traditional one,” Frost and Sullivan ICT director, Andrew Milroy, said. “Access control has been a problem for some time, but it’s an obvious thing that has to be looked at again as companies change their architecture.”
When an organisation opts for a virtual environment, their whole architecture changes. For example, organisations might not have their security software set-up in a way to address network traffic changes, Milroy said.
“It’s not that the current security products can’t handle what’s going on,” he said. “It’s more of a cultural change of understanding how to deploy security products more effectively in this kind of architecture.
“There’s usually a lag for security to catch up with changes in the way people are using computing resources, but a lot of security firms are on to this.”
One of the biggest problems now facing organisations implementing server virtualisation across the datacentre is virtual server sprawl. IBM Australia development labs security specialist, Neil Readshaw, said this affected all aspects of management and security including basic tasks like patch management.
“You’ve got to remember that some of these virtual environments aren’t running all the time. They are dormant until work increases to the point where they need to be brought online or provisioned near real-time in response to some high work loads in the environment,” he said.
“The virtualisation layer that sits between the physical machines and these virtual environments, the hypervisor, is a new component in the environment from an attack and vulnerability point of view. It’s another component that needs to be secured within itself.”
Access control – who gets to see what and where the information is being sent – is another bane of many security managers. RSA Security country manager, Mark Pullen, recommended more scrutiny be given to managing user access privileges.