IT Security is Integral to Cloud Policy Planning

IT Security is Integral to Cloud Policy Planning

You’ve seen the movie version: a crack team of hardened (but lovable) thieves exercise their wits and prowess to break into a super-secure facility in order to steal a computer with data that will put away even worse bad guys and save an orphan or two as a bonus.

These movie anti-heroes may be fiction, but the security of such facilities is not. For years, data centers have been constructed to manage and track physical access onto the premises. There is an entire industry around protecting access in the data centers with vendors specializing in hand scanners, man traps, cameras, guards (usually armed), and cages to segregate access.

When I worked on building a data center in a facility on the East Coast, I had to go through three man traps and a cage door that verified my identity with a hand scanner before I was allowed near a machine. Make no mistake, physical security measures within a data center are very much real.

But now, there is a new danger to data center security that, in our own exuberance to embrace the technology, may be leaving those security measures wide open. The technology? Virtualization.

Virtualization is taking off and rightly so: the advantages of running multiple machines within a single physical box are simply too great to ignore. Even at the user level, unused CPU cycles can now be used to host another running application instead of helping discover extraterrestrial life. At the data center level of operation, virtual machines are a vast improvement on operating costs and production output.

But all the vaunted security of a data center can actually be just a theater of security once an intruder gets remote access to your hypervisor or access to the storage array where the virtual images live.

In the past, a physical intruder either had to remove the hardware or be very quick at attempting to access the data in the data center to break into a system. Today, all an intruder has to do is comprise the security of a hypervisor, which often has access to the storage array where the virtual machines are stored.

Copying these files and launching them in the thieves’ environment in their comfort of their own lairs is now child’s play. Criminals can override local security, which is often very weak at the machine’s front end, since they now possess or have a copy of the virtual files that comprise the entirety of the virtual machine (for example, a VMDK file). This is, for all intent and purposes, exactly the same thing as being in front of the physical machine, only better: the hacker now has the added benefit of time to get into the system.

This is a problem not only for data centers. Intellectual property in the form of game software has been the target of hacks on the PS3 and Xbox game consoles, which use secured hypervisors to protect that very same IP. If a hypervisor layer specifically designed to protect data can fail, then what chance does a hypervisor layer in the datacenter have if it isn’t tightly configured?

There are, fortunately, solutions to this potential hole in your security. Third-party products exist that will let you manage authentication at the VM level of the stack. So, if someone gets their hands on a virtual machine (or a copy), they will have much more than just the security on the virtual OS to contend with. The hypervisor layer itself will provide added protection.

The key thing to remember is that information security must be planned for at the beginning of any virtualization and cloud policy. For instance, make sure you account for any VM-only connections that would otherwise be blind to your security policy. Take the physical state of your virtual machine’s security into account as well. Pilfering a data file is a lot easier than lugging a blade server out the door, so you need to maintain physical security more than ever.

By paying attention to the hypervisor layer, you can make sure you don’t make it even easier to crack into your virtual systems.

By Yvo Van Doorn

Yvo Van Doorn is currently a sales engineer at Likewise Software.

 

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.


CloudTweaks Sponsors - Find out more!


Popular

Top Viral Impact

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth The Internet of Things is the latest term to describe the interconnectivity of all our devices and home appliances. The goal of the internet of things is to create universal applications that are connected to all of the lights, TVs, door locks, air conditioning, and…

2014 Future Of Cloud Computing Survey Results

2014 Future Of Cloud Computing Survey Results

Engine Yard Joins North Bridge Venture Partners, Gigaom Research and Industry Collaborators to Unveil 2014 Future of Cloud Computing Survey Results SAN FRANCISCO, CA–(Marketwired – Jun 25, 2014) – Engine Yard, the leading cloud application management platform, today announced its role as a collaborator in releasing the results of the fourth annual Future of Cloud Computing Survey,…

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future of Work: What Cloud Technology Has Allowed Us to Do Better The cloud has made our working lives easier, with everything from virtually unlimited email storage to access-from-anywhere enterprise resource planning (ERP) systems. It’s no wonder the 2013 cloud computing research IDG survey revealed at least 84 percent of the companies surveyed run at…

Cloud Computing Adoption Continues

Cloud Computing Adoption Continues

Cloud Computing Adoption Continues Nowadays, many companies are changing their overall information technology strategies to embrace cloud computing in order to open up business opportunities.  There are numerous definitions of cloud computing. Simply speaking, the term “cloud computing” comes from network diagrams in which cloud shapes are  used to describe certain types of networks. All…

Cloud Infographic – Cloud Computing And SMEs

Cloud Infographic – Cloud Computing And SMEs

Cloud Infographic – Cloud Computing And SMEs SMEs (Small/Medium Sized Enterprises) make up the bulk of businesses today. Most cloud based applications created today are geared toward the SME market. Accounting, Storage, Backup services are just a few of them. According to the European Commission, cloud based technology could help 80% of organisations reduce costs by…


Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

You can help continue to support our community by social sharing, sponsoring, partnering or contributing to this great educational resource.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021
contact@cloudtweaks.com

Join our newsletter