Virtualisation is not a theoretical risk
Lee Newcombe, Technical Architect, Capgemini writes about virtualisation being a mainstay of the modern IT environment.
17 December 2007
Publication
Virtualisation is not a theoretical risk
Virtualisation is a mainstay of the modern IT environment and often provides significant business advantages, particularly with regard to reducing hardware costs, increasing availability of IT systems and the provision of utility computing, writes Lee Newcombe, principal consultant at Capgemini.
Virtualisation technologies have been around for decades, but virtualisation of operating system environments on commodity servers is a relatively recent, and increasingly popular, development.
I felt the need to write this column primarily because I see a number of proposed system implementations that not only use virtualisation for server consolidation, but also rely upon virtualisation to provide separation between guest systems in different security domains.
Advantages of this approach include:
- It is easier to implement a virtual environment than to attempt to provide seperation of differing security domains by encryption or the use of seperate physical networks.
- It is easier to manage a virtual systems environment than the options described above, thanks to virtual systems management products.
However, several security advisories have been published that describe ways of breaking out of the guest
operating system and running code on the host operating system. Once access is
achieved to the underlying host, it is pretty much game over as far as the security
of the other guest systems on this host.
Breaking out of virtual environments is not merely a theoretical risk, and virtual
environments should be designed with this fact in mind. Different security domains
should not be located on the same physical host, and the virtualisation software,
as well as the guest systems, should be kept patched.
Virtualisation is here to stay. It is suitable for several purposes, including server consolidation (where servers all belong to the same security domain), provision of highly flexible development and test environments, and it is a great option for a speedy disaster recovery facility.
Virtualisation can also be useful for malware analysis and the testing of configuration changes, where the option of immediately jumping back to a clean build is a useful time saving device. (Having said that, remember that malware may be coded to behave differently if it recognises that it is running in a virtual environment.)
In summary, as with other technology issues, decisions regarding how to use virtualisation come down to a business risk decision. Do the business benefits of virtualisation outweigh the impact of a compromise? Do the hardware cost savings, increase in flexibility and ease of administration outweigh the potential impact of allowing an attacker to bridge across your security domains?
To read this article and other articles related to virtualisation in Computer Weekly, click here.
To learn more about our services in Technology Services, click here.
