How to Secure Privileged Information within Virtualized Infrastructures

 
 
By Robert Grapes  |  Posted 2010-01-18 Email Print this article Print
 
 
 
 
 
 
 

Ensuring the security of proprietary data within a virtualized environment is more important than ever, yet the standards established to protect companies against damaging threats continue to confound many. Here, Knowledge Center contributor Robert Grapes explains how companies can build privileged access management into the virtualization implementation process to ensure that the benefits of the virtualized environment outweigh the risks.

Driven by the potential cost reductions gained through server consolidation, the virtualization movement has delivered multiple benefits and proven deployments over the past few years. Yet, without proper security planning, virtualization could come at a cost that greatly outweighs the potential savings. As a result, access control-a fundamental component of any security design-has become a top-of-the-line issue for managing virtual infrastructures, especially with privileged accounts that hold business-critical information.

In the past, an organization may have had 500 servers managed by several administrators. Today, that organization may have only half the physical servers, yet thousands of virtual machines with multiple operating systems. Many companies do not initially consider the increased management effort required to maintain these VMs, let alone the new security challenges. Since the VMs of today can operate over multiple systems, platforms and protocols, the security complexities facing virtualized infrastructures can be easily overlooked-and potentially catastrophic.

To protect organizations from access management issues with a virtualized infrastructure, there are six things in particular to consider such as: identifying the accounts, automating system access, allocating shared resources, ensuring on-demand and run-time access, delivering service for privileged access management, and testing for business continuity. Let's examine each of these in detail:

1. Identifying the accounts

To protect business-critical information in virtualized environments, one first needs to understand the two types of privileged accounts. The first type of privileged account is an administrator account; this is used by human administrators to gain access to devices, operating systems and applications for the purposes of maintaining those systems. The second type of privileged account is an embedded account; this is used by programs to connect to devices, operating systems and other programs as required. Understanding these two types of accounts is essential, especially in light of the highly publicized incidents involving "trusted insiders" at very large organizations and public departments-those with the time, knowledge and means to access business-critical information from the organization.




 
 
 
 
Robert Grapes is Chief Technologist at Cloakware. Robert has more than 17 years of professional experience in the technology sector. Prior to joining Cloakware in 2004, Robert worked at Entrust Technologies as a software toolkit product manager, at Cognos in vertical analyst relations, and at Allen-Bradley as a control systems automation developer. Robert's expertise on enterprise security and Governance, Risk Management and Compliance (GRC) has enabled many government and financial service organizations to meet their audit requirements for PCI-DSS, FISMA, FERC and other regulations. He can be reached at robert.grapes@cloakware.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel