Security Obstacles Remain for Data Center Virtualization

Organizations need to think about virtualization-specific security technology when upgrading their data centers instead of relying on existing measures, such as the trust firewall.

As organizations increasingly use virtualization in their data centers, they are becoming more aware of the need for proper security to defend against threats, according to a new research report.

As organizations make the shift to virtualization and cloud computing, they run the risk of introducing "new obstacles" such as inconsistent network policies and security loopholes, according to a McAfee and Brocade report released May 31. The biggest threats were targeted attacks and security breaches, the respondents said.

About 62 percent of respondents were planning or were in the process of a data center upgrade. Half of the respondents have either implemented or were planning to deploy private clouds within their organizations.

"Companies investing in full scale virtualization are now running into network and security challenges," said Rees Johnson, senior vice president and general manager for network security at McAfee.

Nearly 77 percent of respondents rated threat protection, such as intrusion prevention, as "critical" or "important" in the survey. Approximately 26 percent were the most worried about targeted attacks against their virtualized infrastructure and 24 percent said security breaches were their biggest concern.

In comparison, 32 percent named bandwidth and traffic engineering and 29 percent reported scaling server virtualization.

Virtualization "comes at a cost," and traditional networking architecture is not "best-suited" to handle the demands of a virtual environment, McAfee said. Nearly half are relying on the same security model for virtualization that they used with physical servers, the report found.

"Virtualization, especially in the context of private clouds, introduces unique operational and security challenges," Johnson said.

Application security can fail when applications are "decoupled" from the physical resources they rely on, according to McAfee. About 18 percent of the surveyed professionals had also reached the same conclusion and were exploring other methods.

About 40 percent of the survey participants said virtual machines introduce operational complexity and 25 percent said it was a challenge to secure trust boundaries. Trust boundaries can be as simple as figuring out who has login access to the server box that hosts the application. Someone who has control over a hypervisor has the authority to start, stop and modify all the virtual machines inside.

In a virtualized environment, virtual machines can be moved around to optimize hardware space, network bandwidth and available processing power. While the ability to move virtual machines is an "essential" component of a "flexible" virtual data center, this capability also makes the environment more complex to manage, according to Johnson. The protective measures in place have to be able to adjust when the VMs move across hypervisors.

Additionally, physical firewalls are generally not designed to handle the traffic from a hypervisor running several virtual servers.

While organizations are becoming more comfortable with the idea of virtualization as a cost-effective and efficient way to upgrade the data center, security remains a big concern, and organizations need to invest in technologies that are specifically designed to inspect data flowing in and out of virtual machines, according to Johnson.

The survey included 100 IT professionals and security managers in North American companies with 500 or more employees.