Information security in data centers has historically relied on perimeter firewalls, pattern matching “after the fact” with intrusion detection, and at the server level by installing host-based intrusion detection, identity enforcement, antivirus, and other software agents. Internal LANs can be segmented and boundary controls implemented using the same firewall technology.
Virtualization adds a layer of complexity in that applications on the same host can communicate without accessing the physical network and will then circumvent all those embedded traditional firewalls and associated security processes. Server-based security isn’t scalable, doesn’t encompass the range of network-attached devices in the data center, and presents major operational challenges.
As with any new technology (e.g., virtualization) and new adoption concepts (e.g., cloud computing) security planning and execution will lag. Companies need a more comprehensive view of layered security across data center infrastructure. If you have a mixed environment using some stand-alone servers and some virtual instances isolate and segregate what you run on these environments. Running your financial systems on the same LAN segment that hosts your virtualized development instances is just asking for problems.
The National Institute of Standards and Technology (NIST) has issued draft recommendations for securely configuring and using full virtualization technologies. Full virtualization is considered a key technology for cloud computing, but it introduces new issues for IT security.
The proposed security recommendations are contained in the draft document, NIST Special Publication 800-125, Guide to Security for Full Virtualization Technologies.
Let Daniel L. Ruggles and the team at PM Kinetics, LLC help you navigate the complexities of IT Governance, Cloud Computing, Sourcing & Capital Planning, Vendor Management, IT Security, and Infrastructure planning & execution. For more information on our technical consultancy services, contact or call PM Kinetics today at (678) 528-7399.