Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

3/16/2010
05:01 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Gartner Says 60 Percent of Virtualized Servers Will Be Less Secure Than the Physical Servers They Replace Through 2012

Gartner has identified the six most common virtualization security risks together with advice on how each issue might be addressed

STAMFORD, Conn., March 15, 2010 — Through 2012, 60 percent of virtualized servers will be less secure than the physical servers they replace, according to Gartner, Inc. Although Gartner expects this figure to fall to 30 percent by the end of 2015, analysts warned that many virtualization deployment projects are being undertaken without involving the information security team in the initial architecture and planning stages.

"Virtualization is not inherently insecure," said Neil MacDonald, vice president and Gartner fellow. "However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."

Gartner research indicates that at the end of 2009, only 18 percent of enterprise data center workloads that could be virtualized had been virtualized; the number is expected to grow to more than 50 percent by the close of 2012. As more workloads are virtualized, as workloads of different trust levels are combined and as virtualized workloads become more mobile, the security issues associated with virtualization become more critical to address.

Gartner has identified the six most common virtualization security risks together with advice on how each issue might be addressed:

Risk: Information Security Isn't Initially Involved in the Virtualization Projects

Survey data from Gartner conferences in late 2009 indicates that about 40 percent of virtualization deployment projects were undertaken without involving the information security team in the initial architecture and planning stages. Typically, the operations teams will argue that nothing has really changed — they already have skills and processes to secure workloads, operating systems (OSs) and the hardware underneath. While true, this argument ignores the new layer of software in the form of a hypervisor and virtual machine monitor (VMM) that is introduced when workloads are virtualized.

Gartner said that security professionals need to realize that risk that isn't acknowledged and communicated cannot be managed. They should start by looking at extending their security processes, rather than buying more security, to address security in virtualized data centers.

Risk: A Compromise of the Virtualization Layer Could Result in the Compromise of All Hosted Workloads

The virtualization layer represents another important IT platform in the infrastructure, and like any software written by human beings, this layer will inevitably contain embedded and yet-to-be-discovered vulnerabilities that may be exploitable. Given the privileged level that the hypervisor/VMM holds in the stack, hackers have already begun targeting this layer to potentially compromise all the workloads hosted above it. From an IT security and management perspective, this layer must be patched, and configuration guidelines must be established.

Gartner recommends that organizations treat this layer as the most critical x86 platform in the enterprise data center and keep it as thin as possible, while hardening the configuration to unauthorized changes. Virtualization vendors should be required to support measurement of the hypervisor/VMM layer on boot-up to ensure it has not been compromised. Above all, organizations should not rely on host-based security controls to detect a compromise or protect anything running below it.

Risk: The Lack of Visibility and Controls on Internal Virtual Networks Created for VM-to-VM Communications Blinds Existing Security Policy Enforcement Mechanisms

For efficiency in communications between virtual machines (VMs), most virtualization platforms include the ability to create software-based virtual networks and switches inside of the physical host to enable VMs to communicate directly. This traffic will not be visible to network-based security protection devices, such as network-based intrusion prevention systems.

Gartner recommends that at a minimum, organizations require the same type of monitoring they place on physical networks, so that they don't lose visibility and control when workloads and networks are virtualized. To reduce the chance of misconfiguration and mismanagement, they should favor security vendors that span physical and virtual environments with a consistent policy management and enforcement framework.

Risk: Workloads of Different Trust Levels Are Consolidated Onto a Single Physical Server Without Sufficient Separation

As organizations move beyond the "low-hanging fruit" of workloads to be virtualized, more critical systems and sensitive workloads are being targeted for virtualization. This is not necessarily an issue, but it can become an issue when these workloads are combined with other workloads from different trust zones on the same physical server without adequate separation.

At a minimum, enterprises should require the same type of separation required in physical networks today for workloads of different trust levels within the enterprise data center. They should treat hosted virtual desktop workloads as untrusted, and strongly isolate them from the rest of the physical data center. Enterprises are advised to evaluate the need for point solutions that are able to associate security policy to virtual machines' identities and that prevent the mixing of workloads from different trust levels on the same server.

Risk: Adequate Controls on Administrative Access to the Hypervisor/VMM Layer and to Administrative Tools Are Lacking

Because of the critical support the hypervisor/VMM layer provides, administrative access to this layer must be tightly controlled, but this is complicated by the fact that most virtualization platforms provide multiple paths of administration for this layer.

Gartner recommends restricting access to the virtualization layer as with any sensitive OS and favoring virtualization platforms that support role-based access control of administrative responsibilities to further refine who can do what within the virtual environment. Where regulatory and/or compliance requirements dictate, organizations should evaluate the need for third-party tools to provide tight administrative control.

Risk: There Is a Potential Loss of Separation of Duties for Network and Security Controls

When physical servers are collapsed into a single machine, it increases the risk that both system administrators and users will inadvertently gain access to data that exceeds their normal privilege levels. Another area of concern is which group configures and supports the internal virtual switch.

Gartner recommends that the same team responsible for the configuration of network topology (including virtual LANs) in the physical environment should be responsible for this in virtual environments. They should favor virtualization platform architectures that support replaceable switch code, so that the same console and policies span physical and virtual configurations.

Additional information is available in the report "Addressing the Most Common Security Risks in Data Center Virtualization Projects" which is available on the Gartner Web site at http://www.gartner.com/resId=1288115.

About Gartner's Security Summits 2010

Gartner's Security Summits are the premier conferences and meeting places for IT and business executives responsible for creating, implementing and managing a proactive and comprehensive IT strategy for information security, risk management, compliance and business continuity management. Analysts will provide insight and a vision of how things will evolve over the long term and provide road maps on how enterprises and solution providers will proceed at the Gartner Security & Risk Management Summit, June 21-23 in Washington D.C. and at the Gartner Information Security Summit, September 22-23 in London.

Members of the media can register for the Summit in Washington D.C. by contacting Christy Pettey, Gartner PR, at [email protected] For further information on the Security & Risk Management Summit, please visit www.gartner.com/us/itsecurity.

Members of the media can register for the Summit in London by contacting Laurence Goasduff, Gartner PR, on +44 (0)1784 267195 or at [email protected] For further information on the London Summit, please visit http://www.gartner.com/it/page.jsp?id=1219313.

Additional information from the event will be shared onTwitter at http://twitter.com/Gartner_inc and using #GartnerSecurity.

Contacts: http://na1.www.gartner.com/images/trans_pixel.gif;pv236d52dce6ee4457

Christy Pettey Gartner +1 408 468 8312 [email protected]

Ben Tudor Gartner Tel (Media Hotline): +44 (0)1784 267738 Tel: +44 (0)1784 267298 [email protected]

About Gartner: Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the indispensable partner to 60,000 clients in 10,000 distinct organizations. Through the resources of Gartner Research, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, U.S.A., and has 4,000 associates, including 1,200 research analysts and consultants in 80 countries. For more information, visit www.gartner.com.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20203
PUBLISHED: 2021-02-25
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS s...
CVE-2021-3406
PUBLISHED: 2021-02-25
A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.
CVE-2021-20327
PUBLISHED: 2021-02-25
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node....
CVE-2021-20328
PUBLISHED: 2021-02-25
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in inte...
CVE-2020-27543
PUBLISHED: 2021-02-25
The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.