The problem is that organizations cannot fully protect their data stored in virtualized environments because of a lack of visibility into activities within virtual servers in the data center. They cannot tell who is accessing what information, what applications in the shared virtual environment might access their information, and how their data might be exposed, Smith told Infosecurity.
Security and audit systems are poorly suited for virtual environments because they were not built to operate in the dynamic nature of the virtual data center. In addition, security systems consume an excessive amount of resources on virtual servers, Smith observed.
“There is a rush to virtualization by industry for obvious reasons, but what has been left behind is proper security and audit controls”, he said. A related issue is the inappropriate mixing of trust levels inside a virtual host, he added.
The threats posed in the virtual environment include loss of intellectual property or other sensitive data, attacks between virtual machines, and the drive to deploy without a well thought out security strategy, he noted.
Smith said PacketMotion talked to their customers last year about this issue. “We were astounded….They either realize this is a problem and the infrastructure guys have gotten ahead of the security guys, or they are holding back from going to virtualization because of security concerns.”
Providers of virtualization services have said the security issue is affecting market growth. Smith cited a figure provided by Intel that there is $100 billion in virtualization equipment that has not been deployed in data centers because of security fears.
PacketMotion’s new PacketSentry virtual probe provides visibility, audit and control for virtual servers and virtual data centers required to protect data and intellectual property from sophisticated attacks. The probe consumes approximately half of the virtual server resources of traditional security products, enabling it to be deployed ubiquitously across blades in a server farm. Applications monitored by PacketSentry include databases, fileshares, web applications, and documents.
Gartner analyst Neil MacDonald explained, “When you virtualize the workload and put it inside a physical server along with other workload, what you lose is visibility into the communication taking place between different virtual machines. That traffic is invisible.”
MacDonald told Infosecurity that vendors like PacketMotion are virtualizing their security controls. “This provides visibility into what today is a blind spot.”
If one virtual machine was attacking another, there would be no way to know without this type of monitoring technology, MacDonald explained. In another case, two virtual machines could be talking to each other when they were not supposed to be talking. “In both cases, we don’t have the visibility unless we place a security control in that environment”, he concluded.