Virtualization has become almost a no-brainer for organizations looking to optimize resources. But as the number of virtual machines increases, so, too, do management and security concerns.
eWEEK Labs Technical Director Cameron Sturdevant recently spoke with Hezi Moore, the founder and chief technology officer of Reflex Security, about the challenges organizations face when building out their virtual environments.
Thinking about the data center, and especially data center security, what are the biggest differences between physical and virtual IT infrastructure?
One of the biggest differences is that the virtualized infrastructure is much more mobilized, more dynamic. Server mobility is a challenge, server sprawl. Another large issue is cross-functional management related to who manages what portion of the network.
If you look at the physical infrastructure, we had groups of IT that managed different portions of the infrastructure, from the networking guy to the security guy to the server guy and even the application guy. And then you had people who managed the data center on a day-by-day basis. To apply a change to the data center, even if it was just a cable change, you had to go to policies and processes that were documented, so IT had a handle on what happened and when it happened-who did it and why.
Today, in a virtual infrastructure, you can move a wire, you can move from one switch to another with just a mouse click, and those changes usually don't get documented. So, it's only [being done] by one guy, the one who manages the infrastructure, the networks, the virtual networks. This is really what we call cross-functional management across the entire infrastructure.
It seems to me that the hypervisor presents a new factor here. First of all, it's a new piece of software between the physical hardware itself and the operating system.
If you look at the hypervisor itself, it's really a very, very short piece of code that's developed and designed with security in mind. So, if you look at the attacks out there that are really trying to penetrate the hypervisor layer, none of them has been able to very successfully cause any damage. Most sneak into the hypervisor and run another machine without the user knowing. But none of these attacks is attacking the hypervisor itself.
So, definitely there is a new piece of code in the data center, the hypervisor, but it's a very secure piece of code, and the hackers are really focusing on ... the tools running on top of the hypervisor that will give them access.