Every company today, large or small, is implementing or planning to implement virtualization, thereby moving from a physical data center to a virtual one. Security of this virtual data center therefore needs careful consideration, among other factors. You might argue that since you've already deployed sufficient security solutions in your physical data center, why do you need virtual machine protection as well? Those who've already done virtualization would further substantiate this by saying that there are hardly any security threats in the virtualization space today, so why worry about it?
Both of the above questions are valid, but given the way security threats have been rising, it would only be a matter of time before we start seeing vulnerabilities in virtualized data centers emerging. Already, you'll find all virtualization players like VMWare, Citrix, Microsoft, etc patching up vulnerabilities in their software.
DCs are the next target
There's a very simple answer to this. Every software today is vulnerable to security threats, so why should it be any different with virtualization, because at the end of the day, that's also a piece of software? If there are no threats today, it doesn't mean it will remain like that. As more companies deploy virtualization in their data centers, hackers will shift their focus and start identifying vulnerabilities in the virtual world. “In a virtualized data center, the VM area is becoming increasingly important. Sooner or later, somebody is going to attack that VM.”, said Amit Nath, in an interaction with us on cloud security. “We've not heard of too many security threats in a virtualized environment, but in the next 6-9 months, you'll see more outbreaks and attacks”, he added.
VDCs don't have perimeter security
Most CIOs might argue that their physical data centers are well protected with all the latest security solutions. To this, Amit adds that “when you deploy virtualization, your perimeter security is gone, because you really have no idea where your various VMs are located.” In a virtualized environment, while you reduce the number of physical servers, you pack lots of virtual machines into single physical boxes. This makes it difficult to track them. Plus, you're likely to create their back-ups, use them for fail-over should the primary VM fail, and also add more as you need to deploy more applications. How do you keep track of so many virtual machines in such a case, as they move seamlessly from one physical server to another?
Tackling VM security
So finally, if security threats to virtualization are likely to happen, what do you do? You obviously need security software that can tackle those threats. Here again, you need to keep a few things in mind. For one, are you going to install a separate anti-malware program on each virtual machine? That would be a tedious job for one, and two, it would consume a lot of resources. “Imagine running an anti-virus scan on all your virtual machines at the same time. It would completely bring down the performance of your systems”, said Amit Nath. What you need therefore is a solution that's not as heavy on system resources. Otherwise, you'll not be able to pack as many VMs as you want into a single physical server. You would therefore need to purchase more hardware servers frequently, thereby reducing the RoI on doing virtualization.