How to Secure Privileged Information within Virtualized Infrastructures

By Robert Grapes  |  Posted 2010-01-18

How to Secure Privileged Information within Virtualized Infrastructures

Driven by the potential cost reductions gained through server consolidation, the virtualization movement has delivered multiple benefits and proven deployments over the past few years. Yet, without proper security planning, virtualization could come at a cost that greatly outweighs the potential savings. As a result, access control-a fundamental component of any security design-has become a top-of-the-line issue for managing virtual infrastructures, especially with privileged accounts that hold business-critical information.

In the past, an organization may have had 500 servers managed by several administrators. Today, that organization may have only half the physical servers, yet thousands of virtual machines with multiple operating systems. Many companies do not initially consider the increased management effort required to maintain these VMs, let alone the new security challenges. Since the VMs of today can operate over multiple systems, platforms and protocols, the security complexities facing virtualized infrastructures can be easily overlooked-and potentially catastrophic.

To protect organizations from access management issues with a virtualized infrastructure, there are six things in particular to consider such as: identifying the accounts, automating system access, allocating shared resources, ensuring on-demand and run-time access, delivering service for privileged access management, and testing for business continuity. Let's examine each of these in detail:

1. Identifying the accounts

To protect business-critical information in virtualized environments, one first needs to understand the two types of privileged accounts. The first type of privileged account is an administrator account; this is used by human administrators to gain access to devices, operating systems and applications for the purposes of maintaining those systems. The second type of privileged account is an embedded account; this is used by programs to connect to devices, operating systems and other programs as required. Understanding these two types of accounts is essential, especially in light of the highly publicized incidents involving "trusted insiders" at very large organizations and public departments-those with the time, knowledge and means to access business-critical information from the organization.

Automating System Access

2. Automating system access

The multiplier effect of operating a virtual environment and maintaining the access controls of administrators and applications ultimately drives this demand for automation. Attempting to maintain these accounts manually is cost-prohibitive, complex to document and audit, subject to human error, and a continuing security risk through knowledge of passwords.

For the purposes of changing passwords and access management, automated security solutions view the physical machines, VMs, applications and their accounts as target systems. An automated, privileged account management system can change access on a scheduled basis or on-demand. Because a VM can be identified across the network in the same manner as a physical machine, it does not make any difference to a password management solution whether the account under management is on a physical or virtual machine.

3. Allocating dynamic resources for access controls

The account provisioning, re-provisioning and de-provisioning of dynamically created VM instances affords the opportunity to automate and control access to proprietary information. Enterprise management consoles exist to simplify and track the VM distribution and deployment. Yet, these management consoles do not integrate with external tools that will modify the base state of the VM snapshot prior to deployment and instantiation in a production environment. Without the capability to manage the accounts within a "cloned" VM, the likelihood of failing audit concerns for the elimination of shared accounts is very real.

Ensuring On-Demand and Run-Time Access

4. Ensuring on-demand and run-time access

In addition to provisioning resources for privileged accounts, system, network and application administrators and developers need access to privileged accounts to connect to systems and to update software, change configurations and manage other accounts or services. This is no different for virtual systems.

Using automated security systems allows organizations to define policies and automate access code dissemination at the point of usage, limiting the exposure of the credentials to mitigate risks and potential breaches. Individuals authenticating to the privileged account management solution can be traced to the account usage on the target system, meeting audit requirements.

While programs and scripts require access to passwords to connect to back-end systems such as databases, file transfer systems and other machines, these passwords are typically hard-coded/embedded within the programs themselves or stored in files or registry settings. Security systems must provide the means to strongly authenticate and authorize the release of critical passwords to unattended programs operating on physical or VMs to minimize the risk of a breach.

5. Delivering service for privileged access management

To complete the picture of a VM environment, it is necessary to deliver the privileged account management services on a virtual platform. As VMs are dynamically provisioned within an enterprise to scale to business demand, the capacity security systems must scale in parallel. To prevent capacity problems, security systems must be able to provision additional virtual services as needed. The virtual enterprise must monitor the performance of each virtual instance of the security systems to trigger automatic provisioning and de-provisioning of services in concert with changes in demand. To maintain performance, automated privileged account management systems must:

- Replicate credentials to and from each virtual instance of the system,

- Load-balance requests for credentials among the virtual servers, and

- Distribute the workload among each virtual node, as required.

Operating these solutions within a virtual environment as a service poses the same security challenges for the authentication system as it does for any of the virtual systems it supports.

Testing for Business Continuity

6. Testing for business continuity

With a dramatically greater number of credentials that need to be managed within a virtual environment, the challenge of promptly recovering from an outage increases significantly. Security solutions must be able to provide credentials for numerous VMs in place at a specific point in time, and synchronize the system to reflect those previous credentials and resume operations.

To protect and manage virtualized information, automated privileged account management solutions can provide specific functionality that helps an enterprise revert credentials back to the value-in effect, at the time of a backup or snapshot.

For example, the enterprise management console for a virtual environment can alert the access manager when to revert a credential to a previous value and update it. Ultimately, this ensures recovery and seamless security going forward.

Final thoughts

Virtual environments have multiple business benefits, but also raise many new security and management challenges. Companies today must consider the dynamic nature of VMs and their potential impact on access credentials when implementing access controls in a virtual environment. However, with some advanced planning, they can avoid new security vulnerabilities and protect their business-critical information in a virtualized environment.

Advances in security technologies can help companies automate many of the activities associated with deploying-and securing-a virtual infrastructure and the applications that operate within it. Organizations need to explore the challenges of VM, device, operating system and application authentication and authorization-particularly when faced with audit or regulatory pressure to maintain access controls for privileged accounts and information. In summary, remember these three points:

1. Automation provides the opportunity to enhance the security posture for an enterprise, rather than degrade it.

2. Operating in a virtual environment should not require an enterprise to ignore critical security practices.

3. Cloning a VM should not mean that all the credentials on that machine are duplicated; doing so increases the risk that a credential could be compromised.

Robert Grapes is Chief Technologist at Cloakware. Robert has more than 17 years of professional experience in the technology sector. Prior to joining Cloakware in 2004, Robert worked at Entrust Technologies as a software toolkit product manager, at Cognos in vertical analyst relations, and at Allen-Bradley as a control systems automation developer. Robert's expertise on enterprise security and Governance, Risk Management and Compliance (GRC) has enabled many government and financial service organizations to meet their audit requirements for PCI-DSS, FISMA, FERC and other regulations. He can be reached at

Rocket Fuel