In April 2004 I wrote my first article on the topic of virtualisation security. I was trying to bring attention to the security aspects of this 'new' technology, which was getting quite a bit of hype at the time. The hope was this time security would not be an afterthought, that we would reverse the equine-escape/egress-closure sequence. The naïveté of youth!
Four and a half years later, virtualisation is almost a mainstream technology. Our virtualisation benchmark in the second half of 2008 showed rapid adoption among all industries. Server virtualisation was in use by 93% of participants. More than 20% have achieved full adoption, which means that virtualisation is their default platform for all new servers and they are converting all existing systems. More importantly, 78% of participants have virtualised production servers facing customers or users.
Surely it seemed that security would be a top issue in architecture, design and technology choice. After all, as with any new technology there are new security issues to contend with. Entire network infrastructures now exist inside the virtualisation layer, connecting servers. New management systems allow near-instant provisioning, migration and de-provisioning of entire fleets of servers.
Server images are floating around on disk and are whizzing around networks. Live migration means that virtual server memory pages are also whizzing around on the network. New architectures, processes and management systems, as well as organisational upheaval, are all creating infinite possibilities for mischief. So we naturally asked (and have been asking every year since 2004) what companies were doing differently for security. Any tools? Any new architectures? Anything?
Once again, the answer surprised us (though perhaps it shouldn't). Only 9.6% of participants are deploying any security tools specially designed to deal with virtualisation. Another 21.2% expect to do so within the next three years. A whopping 69.3%, though, have no plans at all to do anything specifically aimed at securing their virtual environments.
Where the imperatives of security won out, organisations have mostly accepted significantly reduced benefits from virtualisation. They partition resource pools to match network segments, while also forcing traffic among pools to pass through the existing network security infrastructure. They mostly use virtual LANs to achieve this and they get less complete resource utilisation as a result, and less flexibility in matching workloads to resources.
These measures overlook many of the threats that are unique to virtualisation, by trying to shoehorn the existing security models and practices into a vastly different environment. This leaves threats in the virtualisation management (control plane), threats related to dynamic resource management, threats to live migration and many others unaddressed.
There is a real risk that these threats will translate into attacks before companies re-examine their security policies, architectures and implementation. Worse is the missed opportunity: virtualisation principles could revolutionise the way we do security, making our systems both more flexible and more secure. There are many innovative security solutions for virtualisation. There are even more opportunities to inject virtualisation principles into existing products and architectures. What are we waiting for?