Virtualization and Security??
I’ve talked a lot about Virtualization, I’ve talked about security, but do these topics converge? Absolutely! I found a good (and short) article that talks about the rise of Virtual Servers and the need to continue to pay attention to their security. Check out Virtualization could double in 2010, but what about security?
Despite the increasing use of virtualization, users were not confident about whether they had complete control of the security of their virtual systems. Security, compliance and operational issues were the top three concerns
“users were not confident about whether they had complete control of their security of their virtual systems”? Are you telling me that people are deploying solutions without having a good understanding of their security risks? And the article goes on to say:
Less than a third (28%) of respondents said they were “strongly confident” in the security of their physical servers, and even fewer (20%) were strongly confident about their virtualized environment.
I agree that security cannot prevent the business from running the business, but I do feel that we need to find a better compromise than 28%. How do we address this need? There are a lot of Intrusion Detection Systems (IDS) on the market that help. They will tell you if someone is attempting to compromise your infrastructure. When we deploy our servers, we’re confident that we’re deploying servers that are configured properly and secure, Right? So what happens?
Change happens. We don’t live in a static world, we must adapt to the constant change, but we must also ensure that we are consistent with our change. One of the tools Microsoft has released is called Desired Configuration Management (DCM) and it is part of the System Center Configuration Manager (SCCM), what we used to know as SMS. DCM does a good job of checking a server, or set of servers, for variations from the original configuration. DCM does one better though, as our environment changes, we can update DCM with the new desired configuration so that DCM can ensure our servers are changing only as we expect them to. If a set of servers or applications need to be reconfigured, that’s ok, reconfigure them and then tell DCM what the new desired state is. DCM can audit these servers again to ensure that they are consistent with your new desired configuration. Of course DCM (and SCCM) will then be able to alert you if there is any drift from the desired configuration.
As we’ve seen over and over; Security is a moving target and we need to keep track of what’s going on in our environment. Adding virtualization to our environment is a great tool to improve the business, but let’s make sure that we’re continuing to introduce these changes in a very secure fashion.
Until next time!
Rob