In the past three years, server virtualization has moved from the hype stage to the mainstream, and desktop virtualization is one of today's hottest technology trends. Despite the rapid acceptance of virtualization technology, few companies have seriously considered the impact of deploying this technology on security.
In many cases, virtualization has changed the rules in the field of security, enterprises need for their own security strategy adjusted accordingly. There is a general view that security is not a problem at all; because all virtualization servers reside deep within the corporate network; they are automatically protected by existing security devices. However, compared to the relationship in traditional computing environments, virtual platforms can lead to completely different and more dynamic relationships between IT resources, which affects network security.
If companies already have or plan to use virtualization virtualization, you should consider many factors in terms of security.
The first factor to consider: some research survey, virtualization in the end find out what it means.
As more and more security leaks are exposed, developed a specialized manufacturer of security products, people's understanding of virtualization security is increasingly thorough. However, there is a constant need to meet strict regulatory or compliance guidelines, which means that virtualization security has become a priority for network managers. When
talk about virtualization security, the first important factor to consider is what is the definition of virtual environments in the end, because it will define the types of threats pose to the network. A virtual environment is everything that involves a virtual host directly or indirectly. Components of a virtual environment include, but are not limited to, management tools, backup tools, storage systems, virtual networks, and physical networks. If the virtual environment is not properly defined, it will cause the enterprise to ignore an important security issue and endanger the entire network.
The second factor to consider: Get the IT security team involved at the outset.
move prompted the most common virtualization project was launched due to cost savings, which stems from server consolidation. Servers are usually managed by server administrators; in many large enterprises, server administrators are not members of the IT security team; security teams are involved in the later stages of the project.
This situation will lead to this situation: the transformation of the security system after piling up on the network, security becomes very complex. However, complex solutions and procedures increase the likelihood of configuration errors, and the results actually weaken the security. A recent Gartner report indicates that more than 99% of security breaches are caused by misconfigurations.
Strive for simplicity is one of the most important principles of security, so companies must ensure that security teams are involved in the entire implementation process.
The third factor to consider: physical security devices will let you see the virtual environment.
virtual environment is part of the internal network, it is vulnerable to security threats, so it should be adequate and effective protection as the rest of the internal network that. Traditional physical security devices such as firewalls have a major drawback because they do not understand the internals of the virtual environment. Although physical security devices can see every packet coming in and out of the virtual environment, it is not clear what internal traffic is. In other words, if a virtual machine is infected, the virtual machine is infected to the entire virtual network, but the physical security device is unaware.
whether you what kind of security strategy in physical, virtual environments have the same set of security strategy. If you use an internal firewall mechanism between applications and between network segments and start virtualizing applications and network segments, or even scale down the data center like some hosting companies, then you need to put all Security mechanisms are introduced into new virtualized environments.
The fourth factor to consider: pay attention VLAN tag.
physical security equipment vendors say, if you are using a virtual local area network tag (VLAN tag) technology, will be able to extend the virtual network to the outside of the virtual environment. This is technically true, but it is often an awkward way to gain insight into virtual networks. Managing different virtual LANs is a complex matter that can lead to errors and ultimately to insecure systems.
The fifth factor to consider: virtual environments require virtual solutions.
one step ahead of those companies are the firewall and intrusion prevention system (IPS) directly deployed to the virtual environment. They are using solutions designed to protect virtual networks. In this way, they can directly understand the virtual machine and protect the virtual environment from it. Virtual security devices can be placed anywhere inside the virtual environment; this greater flexibility helps protect the most complex virtual networks.
Conclusion
enterprises in the implementation of virtualization strategy, we need to put safety on the most important position. If organizations can ensure that virtual environments are part of the overall network architecture and enforce consistent security policies across all networks, it is expected to significantly reduce network security threats. Only by paying attention to the factors to be considered above can the company benefit from this innovative technology without facing unnecessary risks.