“Security and virtualisation” as a concept covers a wide variety of implementations, software virtual appliances, virtual machines running on third party virtualisation servers, Software as a Service (SaaS) and the virtual appliances designed to run on blades in chassis-based solutions.
As a result of the breadth of offerings, this technology is being adopted from the small business, taking advantage of SaaS offerings like hosted email security, all the way through to the large enterprise where the not inconsiderable benefits of virtualisation make themselves felt on the corporate balance sheet. The factors to be taken into account when calculating the benefits offered by virtualisation include lower energy costs (and the associated carbon footprint reduction), lower capital expenditure through more cost-effective use of hardware resources and extended life of those investments. The more non-tangible benefits of virtualisation and consolidation are such immeasurables as high availability including the rapid deployment of new capacity where required, lower management costs and improved disaster recovery with virtualisation management tools.
Cloud computing service providers are also leveraging virtualisation technologies, combined with self-service capabilities, to offer cost-effective access to computing resources via the Internet. For cloud computing service providers to gain the most from the efficiencies of virtualisation, virtual machines from multiple organizations need to be co-located on the same physical server. Enterprises are looking to cloud computing to expand their on-premise infrastructure, but cannot compromise security of their applications and data.
Traditional end-point security solutions for virtual machines prove inadequate on a number of levels; most obviously they can place a heavy load on the host operating system, especially when it is time for a regularly scheduled scan to take place. Typical anti-malware solutions are not VI aware so simultaneous full system scans can cause huge performance degradation. In most cases VM security solutions are also unable to scan or update dormant machines, this means that when the machines are brought online, their virus pattern files may well be out of date, and additionally, they already be infected with malware that was not recognised by the pattern files at the time the machine became dormant.
In many cases virtual machines are deployed in high-use environments where patching windows have either been minimised or eliminated, leaving virtual machines vulnerable to attack and compromise from both within and without the host environment.
This movement towards full server virtualisation has been gathering pace for the past couple of years now concurrently with the move towards the cloud and cloud-based services. Enterprise-wide virtualisation of all systems, right out to the end-user desktop will not be far behind as the technology matures and can now run in a secured and manageable environment.
The disclosure this year of a VMware vulnerability, that allowed malware on a compromised virtual machine to execute code on the host (video from Immunity Inc. here) has certainly raised the stakes (and given some malware researchers pause for thought too)!