Security and Virtualization

Virtualization has been a hot topic since last few years and if you have been following the rise of VMWare, with good reason. Virtualization can increase the resource utilization on servers and desktops (although not as common today, this is the next push for major virtualization players). It also helps reduce real estate, power and cooling costs, management overhead and downtime. Undoubtedly, with so many benefits, it is hard to deny the ROI. How does it all affect security? With the current paradigm of security focusing on physical devices, it is interesting to investigate this.

Better Control
In one sense, virtualization makes systems more secure. A virtual server can be easily rolled back to a previously known good state in case of virus and worm attacks. With a physical server it is so harder to do, but with virtual machines, if you have enabled snapshots, it is a piece of cake.

Security Issues Still Remain
Although one has a better control in terms of rollback and installation of OS image, all the security issues still remain. Virtualizing the hardware is not getting rid of other security issues such as system breach, data compromise, network attacks and so on. All the security pieces are still required for the protection of the network and systems in general. One still has to use firewalls, anti virus softwares, Intrusion Prevention/Dectection systems to protect the network.

Cost of Security
Cost of security in a virtualized environment can be significantly reduced by the properly architected network. The security software license costs will still remain the same assuming you are running same number of servers, however overall costs in terms of patching, maintenance, re-imaging the physical machines in case of virus/worm infections can be signifincantly reduced. In server farm environment, affected servers can be simply deleted, and recreated. Even better, a data center can be architected such that virtual servers keep getting re-imaged every few hours/days/weeks. This provides better security protection against all kinds of unknown security attacks which are not yet publicly known but available in the wild for exploits. Because server is constantly being re-imaged, even if it was compromised, after re-installation attacker has lost it. If the underlying exploits are not fixed, system can be again compromised, but in this cat and mouse game of security it gives you a leg up by destroying the bad things which happened.