IT Security is Integral to Cloud Policy Planning

IT Security is Integral to Cloud Policy Planning

You’ve seen the movie version: a crack team of hardened (but lovable) thieves exercise their wits and prowess to break into a super-secure facility in order to steal a computer with data that will put away even worse bad guys and save an orphan or two as a bonus.

These movie anti-heroes may be fiction, but the security of such facilities is not. For years, data centers have been constructed to manage and track physical access onto the premises. There is an entire industry around protecting access in the data centers with vendors specializing in hand scanners, man traps, cameras, guards (usually armed), and cages to segregate access.

When I worked on building a data center in a facility on the East Coast, I had to go through three man traps and a cage door that verified my identity with a hand scanner before I was allowed near a machine. Make no mistake, physical security measures within a data center are very much real.

But now, there is a new danger to data center security that, in our own exuberance to embrace the technology, may be leaving those security measures wide open. The technology? Virtualization.

Virtualization is taking off and rightly so: the advantages of running multiple machines within a single physical box are simply too great to ignore. Even at the user level, unused CPU cycles can now be used to host another running application instead of helping discover extraterrestrial life. At the data center level of operation, virtual machines are a vast improvement on operating costs and production output.

But all the vaunted security of a data center can actually be just a theater of security once an intruder gets remote access to your hypervisor or access to the storage array where the virtual images live.

In the past, a physical intruder either had to remove the hardware or be very quick at attempting to access the data in the data center to break into a system. Today, all an intruder has to do is comprise the security of a hypervisor, which often has access to the storage array where the virtual machines are stored.

Copying these files and launching them in the thieves’ environment in their comfort of their own lairs is now child’s play. Criminals can override local security, which is often very weak at the machine’s front end, since they now possess or have a copy of the virtual files that comprise the entirety of the virtual machine (for example, a VMDK file). This is, for all intent and purposes, exactly the same thing as being in front of the physical machine, only better: the hacker now has the added benefit of time to get into the system.

This is a problem not only for data centers. Intellectual property in the form of game software has been the target of hacks on the PS3 and Xbox game consoles, which use secured hypervisors to protect that very same IP. If a hypervisor layer specifically designed to protect data can fail, then what chance does a hypervisor layer in the datacenter have if it isn’t tightly configured?

There are, fortunately, solutions to this potential hole in your security. Third-party products exist that will let you manage authentication at the VM level of the stack. So, if someone gets their hands on a virtual machine (or a copy), they will have much more than just the security on the virtual OS to contend with. The hypervisor layer itself will provide added protection.

The key thing to remember is that information security must be planned for at the beginning of any virtualization and cloud policy. For instance, make sure you account for any VM-only connections that would otherwise be blind to your security policy. Take the physical state of your virtual machine’s security into account as well. Pilfering a data file is a lot easier than lugging a blade server out the door, so you need to maintain physical security more than ever.

By paying attention to the hypervisor layer, you can make sure you don’t make it even easier to crack into your virtual systems.

By Yvo Van Doorn

Yvo Van Doorn is currently a sales engineer at Likewise Software.


Follow Us!


Established in 2009, is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Join Our Newsletter

Receive updates each week on news, tips, events, comics and much more...


Top Viral Impact

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter The city of the future is impeccably documented. Sensors are used to measure air quality, traffic patterns, and crowd movement. Emerging neighborhoods are quickly recognized, public safety threats are found via social networks, and emergencies are dealt with quicklier. Crowdsourcing reduces commuting times, provides people with better transportation

Cloud Infographic: The Education Of Tomorrow

Cloud Infographic: The Education Of Tomorrow

Cloud Infographic: The Education Of Tomorrow  Online Education is a very exciting topic for many as it opens up many new doors and opportunities. We’ve touched on areas such as Massive Open Online Sources (MOOC) which provides tremendous levels of cloud based interconnectivity. We’ve taken a look into higher education,  the increased demand for online courses as well as

Cloud Infographic – The Power Of Cloud Disaster Recovery

Cloud Infographic – The Power Of Cloud Disaster Recovery

Cloud Infographic – The Power Of Cloud Disaster Recovery Preventing a Cloud Disaster is one thing. Recovering from a disaster is a whole other area of concern. Today’s infographic provided by CloudVelox outlines some best practices and safeguards in order to help your business make more informed decisions. About Latest Posts Follow Us!CloudTweaksEstablished in 2009,

Can I Contribute To CloudTweaks?

Yes, much of our focus in 2015 will be on working with other influencers in a collaborative manner. If you're a technology influencer looking to collaborate long term with CloudTweaks – a globally recognized leader in cloud computing information – drop us an email with “tech influencer” in the subject line.

Please review the guidelines before applying.