IT Security is Integral to Cloud Policy Planning

IT Security is Integral to Cloud Policy Planning

You’ve seen the movie version: a crack team of hardened (but lovable) thieves exercise their wits and prowess to break into a super-secure facility in order to steal a computer with data that will put away even worse bad guys and save an orphan or two as a bonus.

These movie anti-heroes may be fiction, but the security of such facilities is not. For years, data centers have been constructed to manage and track physical access onto the premises. There is an entire industry around protecting access in the data centers with vendors specializing in hand scanners, man traps, cameras, guards (usually armed), and cages to segregate access.

When I worked on building a data center in a facility on the East Coast, I had to go through three man traps and a cage door that verified my identity with a hand scanner before I was allowed near a machine. Make no mistake, physical security measures within a data center are very much real.

But now, there is a new danger to data center security that, in our own exuberance to embrace the technology, may be leaving those security measures wide open. The technology? Virtualization.

Virtualization is taking off and rightly so: the advantages of running multiple machines within a single physical box are simply too great to ignore. Even at the user level, unused CPU cycles can now be used to host another running application instead of helping discover extraterrestrial life. At the data center level of operation, virtual machines are a vast improvement on operating costs and production output.

But all the vaunted security of a data center can actually be just a theater of security once an intruder gets remote access to your hypervisor or access to the storage array where the virtual images live.

In the past, a physical intruder either had to remove the hardware or be very quick at attempting to access the data in the data center to break into a system. Today, all an intruder has to do is comprise the security of a hypervisor, which often has access to the storage array where the virtual machines are stored.

Copying these files and launching them in the thieves’ environment in their comfort of their own lairs is now child’s play. Criminals can override local security, which is often very weak at the machine’s front end, since they now possess or have a copy of the virtual files that comprise the entirety of the virtual machine (for example, a VMDK file). This is, for all intent and purposes, exactly the same thing as being in front of the physical machine, only better: the hacker now has the added benefit of time to get into the system.

This is a problem not only for data centers. Intellectual property in the form of game software has been the target of hacks on the PS3 and Xbox game consoles, which use secured hypervisors to protect that very same IP. If a hypervisor layer specifically designed to protect data can fail, then what chance does a hypervisor layer in the datacenter have if it isn’t tightly configured?

There are, fortunately, solutions to this potential hole in your security. Third-party products exist that will let you manage authentication at the VM level of the stack. So, if someone gets their hands on a virtual machine (or a copy), they will have much more than just the security on the virtual OS to contend with. The hypervisor layer itself will provide added protection.

The key thing to remember is that information security must be planned for at the beginning of any virtualization and cloud policy. For instance, make sure you account for any VM-only connections that would otherwise be blind to your security policy. Take the physical state of your virtual machine’s security into account as well. Pilfering a data file is a lot easier than lugging a blade server out the door, so you need to maintain physical security more than ever.

By paying attention to the hypervisor layer, you can make sure you don’t make it even easier to crack into your virtual systems.

By Yvo Van Doorn

Yvo Van Doorn is currently a sales engineer at Likewise Software.


Follow Us!


Established in 2009, is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Cloud Infographic – The Future Of Big Data

Cloud Infographic – The Future Of Big Data

The Future Of Big Data Big Data is BIG business and will continue to be one of the more predominant areas of focus in the coming years from small startups to large scale corporations. We’ve already covered on CloudTweaks how Big Data can be utilized in a number of interesting ways from preventing world hunger to helping teams win…

Cloud Infographic – The Future (IoT)

Cloud Infographic – The Future (IoT)

The Future (IoT) By the year 2020, it is being predicted that 40 to 80 billion connected devices will be in use. The Internet of Things or IoT will transform your business and home in many truly unbelievable ways. The types of products and services that we can expect to see in the next decade…

Five Signs The Internet of Things Is About To Explode

Five Signs The Internet of Things Is About To Explode

The Internet of Things Is About To Explode By 2020, Gartner estimates that the Internet of Things (IoT) will generate incremental revenue exceeding $300 billion worldwide. It’s an astoundingly large figure given that the sector barely existed three years ago. We are now rapidly evolving toward a world in which just about everything will become…

Cloud Computing Offers Key Benefits For Small, Medium Businesses

Cloud Computing Offers Key Benefits For Small, Medium Businesses

A growing number of small and medium businesses in the United States rely on as a means of deploying mission-critical software products. Prior to the advent of cloud-based products — software solutions delivered over the Internet – companies were often forced to invest in servers and other products to run software and store data. The…

Forrester Releases Its “15 Emerging Technologies To Watch Before 2020” Report

Forrester Releases Its “15 Emerging Technologies To Watch Before 2020” Report

15 Emerging Technologies To Watch Before 2020 The cloud, big data, the internet of things, and wearable technology have all featured heavily in Forrester’s latest list of fifteen technologies to watch before 2020. It is becoming a reality for businesses that they need to adapt and change to an increasingly technologically-minded customer base. Traditional marketing…



Cloud Logo Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100
Site 24x7

Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.


CloudTweaks Media
Phone: 1 (212) 763-0021

Branded Content Programs